Re: [lamps] WG Last Call: draft-ietf-lamps-x509-policy-graph-01

[Russ Housley <housley@vigilsec.com>]

Mike:

> On 12/8/2023 2:56 PM, Russ Housley wrote:
>> Mike:
>> 
>> I understand the issue you are raising, and I understand that there comes a point where too many OLD/NEW updates can lead to an incomprehensible document.  I do not think that we have reached that point.
>> 
>> Recall that the IESG agreed to publish draft-ietf-lamps-cmp-updates only if the LAMPS WG worked on a bis document for RFC 4211.  The IESG judged that the number of updates had reached that point.  I doubt that they will do the same here, but they could.  Or, the next update could be the one that gets there.
> 
> I didn't actually notice that one at the time - now RFC 9480. But what a mess.   I see that there is a RFC4210bis  document in progress (https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc4210bis/) and not one for 4211 - is that the one you meant?  I also see that the 4210bis document is missing an Obsoletes RFC9480 tag, except it can't have one because RFC9480 updates multiple documents... I'm not seeing this as a shining example of what to do....  the only saving grace is that the referenced document here  is only cutting and pasting  a single upstream document.

Yes, I meant RFC 4210.

RFC 4210 is updated by RFC 6712, RFC 9480, and RFC9481.  rfc4210bis should obsolete RFC 4210 and RFC 9480.


>> I have included the following in the Shepherd Writeup:
>> 
>> ~~~
>> 3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
>>    so, please summarize the areas of conflict in separate email messages to the
>>    responsible Area Director. (It should be in a separate email because this
>>    questionnaire is publicly available.)
>> 
>>    No one has threatened an appeal; however, one concern was raised during
>>    WG Last Call that should be highlighted.  As written, this document is not
>>    stand alone.  It makes changes to the certification path validation algorithm
>>    in RFC 5280.  There is a concern that future updates to RFC 5280 will conflict
>>    with these updates.  The peron raising these concerns would prefer an update
>>    to RFC 5280 that completely replaces Section 6.  The person that raised this
>>    concern was able to convince one other LAMPS WG participant, but the LAMPS WG
>>    Chairs determined that they were in the rough.
>> ~~~
>> 
>> Russ
> 
> Change peron -> person.  Add after "stand alone" -> "and is written as a set of editing instructions to be made against Section 6 of RFC5280"

I made these edits.

> You may find it useful to point to the discussion for 9480/4210 as additional context in the shepherd writeup.

I know that this is fresh in the mind of the Security AD.

Russ