Re: [secdir] Secdir review of draft-housley-ltans-oids-00

[Jeffrey Hutzelman <jhutz@cmu.edu>]

On Sat, 2013-07-13 at 00:40 +0300, Tero Kivinen wrote:


> One odd thing is that all registries are marked as "Expert Review or
> IESG Approval", but which one of those is used? Is this supposed to
> mean that if IESG appoints a designed expert for these, then he does
> checks the updates, but if not, then IESG approval is needed? Or is it
> mean to say that even when there is designated expert, the IESG and
> ignore him and do the approval themselves (in which case I Would ask
> what is the point of having the designated expert)?


It means that either the "Expert Review" or "IESG Approval" methods can
be used.  Over the years, we've seen a number of cases where it turns
out to be desirable to assign a number under circumstances not foreseen
by the authors of the document that originally set up a registry, and
under which none of the policies attached to that registry can be
applied.  As defined in RFC5226, the "IESG Approval" policy is intended
to be an escape valve that allows the IESG to handle these exceptions,
rather than failing an allocation due to a policy bug when it clearly
should have been accepted.  Of course, in such a case one can always
publish an IETF consensus document to change the policy, but often that
introduces an unacceptable level of delay.

As Russ notes, when the defined policy is "Expert Review", the IESG can
likely handle exceptions by designating an expert, so perhaps the escape
valve is not necessary.  However, I don't think it's harmful.


However, I do note that this document uses the "Expert Review" policy
several times, but fails to specify the required level of documentation
or the review criteria to be used by the Designated Expert.  Without
this information, I don't think it's possible to make any meaningful
comment on the IANA registration policies.

-- Jeff