Re: [secdir] secdir review of draft-melnikov-imap-keywords-06

Samuel Weiler <weiler@watson.org> Sat, 28 November 2009 21:14 UTC

Return-Path: <weiler@watson.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 72A743A6851; Sat, 28 Nov 2009 13:14:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iEPs+6K0XVRo; Sat, 28 Nov 2009 13:13:59 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by core3.amsl.com (Postfix) with ESMTP id 3D52B3A68AF; Sat, 28 Nov 2009 13:13:59 -0800 (PST)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.3/8.14.3) with ESMTP id nASLDpX2008902; Sat, 28 Nov 2009 16:13:51 -0500 (EST) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.3/8.14.3/Submit) with ESMTP id nASLDp3H008899; Sat, 28 Nov 2009 16:13:51 -0500 (EST) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Sat, 28 Nov 2009 16:13:51 -0500
From: Samuel Weiler <weiler@watson.org>
To: Alexey Melnikov <alexey.melnikov@isode.com>
In-Reply-To: <4B03AD81.9090103@isode.com>
Message-ID: <alpine.BSF.2.00.0911281604410.72535@fledge.watson.org>
References: <alpine.BSF.2.00.0911091524400.76090@fledge.watson.org> <4B03AD81.9090103@isode.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Sat, 28 Nov 2009 16:13:51 -0500 (EST)
Cc: ietf@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-melnikov-imap-keywords-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Nov 2009 21:14:00 -0000

On Wed, 18 Nov 2009, Alexey Melnikov wrote:

> Further registrations will be done by the designated expert. I am 
> concerned that if I put all of them in the document, then the 
> document will never finish.

Sympathies.

>> And for the common-use:
>>
>>    Registration of an IMAP keyword intended for common use (whether or
>>    not they use the "$" prefix) requires Expert Review [RFC5226].  IESG
>>    appoints one or more Expert Reviewer, one of which is designated as
>>    the primary Expert Reviewer.  IMAP keywords intended for common use
>>    SHOULD be standardized in IETF Consensus [RFC5226] documents. ...
>>    In cases when an IMAP
>>    Keyword being registered is already deployed, Expert Reviewers
>>    should favour registering it over requiring perfect documentation.
>> 
>> Would it be better to say: "requires either IETF Consensus or Expert 
>> Review"?
>
> Not everybody is subscribed to ietf or ietf-announce mailing lists, so I 
> would like for all common use registrations to go through the expert.

I don't like the logic (while not everybody is subscribed to the 
lists, your expert surely could be, and it's easy from an AD to punt 
the doc to the expert).

That said, since you want everything to go through the expert, to 
avoid confusion, I suggest removing the citation to the inapplicable 
5226 metric: "IETF Consensus [RFC5226]".

>> (For example: do the registrations made in this doc have to go through 
>> Expert Review?
>
> No, because they are a part of the document that creates the registry ;-).
>
>> Isn't it enough to have them in a consensus doc?")  And how do you expect 
>> the expert to encourage/enforce the SHOULD, given the "favour registering 
>> it over requiring perfect documentation" guideline?  Again, the current 
>> text isn't as clear as I'd like.
>
> This is intentional. This is a judgment call by the expert.

This sounds inconsistent.  I'm hearing "it's within the scope of the 
expert's judgement to require an IETF Consensus doc" and "In cases 
when an IMAP Keyword being registered is already deployed, Expert 
Reviewers should favour registering it over requiring perfect 
documentation."  If I were an implementer who got told "you need a 
consensus doc", I'd be more than a little tempted to go ahead and 
deploy, then reapply for the registration.

-- Sam