Re: [TLS] Request to register value in TLS extension registry

[Benjamin Kaduk <bkaduk@akamai.com>]

On Wed, Oct 03, 2018 at 06:17:09AM +0000, Peter Gutmann wrote:
> [CC'd back to the TLS list because this affects other TLS work as well]

(I responded privately to Peter about this already.)

> Benjamin Kaduk <bkaduk@akamai.com> writes:
> 
> >Having looked a bit harder, it seems that perhaps I need to point out that,
> >if you want IANA to allocate a value, you need to *ask IANA for it*.  The
> >tls-reg-review@ietf.org list is not a supported IANA entrypoint;
> 
> That's not what the RFC appears to say:
> 
>    Specification Required [RFC8126] registry requests are registered
>    after a three-week review period on the <tls-reg-review@ietf.org>
>    mailing list, on the advice of one or more designated experts.
> 
>    [...]
> 
>    Registration requests sent to the mailing list for review SHOULD use
>    an appropriate subject (e.g., "Request to register value in TLS bar
>    registry").
> 
> This is exactly what I did, I sent a registration request to the list for
> review.

I'll note that there is a different interpretation of the text of the RFC,
namely that it is guidance to IANA, not guidance to those requesting codepoints.
(In particular, the IANA Considerations section says that the whole document
is IANA considerations.)

IANA is the authoritative source for both the numbers in the registries
and what the registration procedure is for getting new allocations; they have
full-time professional staff to answer questions and an SLA.  If you're
uncertain of the process, asking them seems like a great plan, rather than
assuming you will guess correctly.

Interestingly, https://datatracker.ietf.org/list/nonwg only has three other
foo-reg-review lists, one of which has something funky happening with the
MHonArc archivs.  The other two have some pretty sparse traffic, but all
successful requests do seem to end with someone actively sending mail to IANA.
That is, IANA is not monitoring the list so as to take action.
I suppose if you want to count on the kindness and organizational skills of
the volunteer experts and have them remember to tell IANA about the end of a
review period, you could do that ... or you could tell IANA yourself and
be sure that they know.

I'll also give some general background that the whole reason we have
designated experts is to provide the technical advice that IANA does not have
in-house, as needed by certain registration policies.  For Standards-Action,
the technical expertise is wholly delegated to the IETF; for RFC-Required, the
IETF/IAB/ISE.  FCFS requires no expertise at all, but Specification-Required
and Expert-Review need the experts, to provide guidance to IANA on technical
questions.  Nonetheless, it's still IANA making the registration, just acting on
the advice of the experts.  My advice remains: talk to the professionals
first.


>    Within the review period, the designated experts will either approve
>    or deny the registration request, communicating this decision to the
>    review list and IANA.
> 
> This never happened.

I don't think you actually had enough public data when you sent this to be
confident it was true.  After all, the experts could have sent the decision to
IANA and IANA dropped it on the floor.

> Did anyone actually test RFC 8447 before it was published?  You send a request
> to a mailing list that doesn't seem to work, to be reviewed by a secret panel
> (well, we know that Rich Salz is one member :-), with no public discussion or
> list archives you can examine to see what happened, and in my case no response
> to the registration request submitted as per the RFC.

Sean has already clarified much of this.  But I'm curious; if you think you
have followed the proper procedure, why did you not act on the escalation
procedure I pointed out to you previously, rather than continuing to complain
on the TLS WG list?

-Ben