Re: [yam] Status: draft-ietf-yam-rfc1652bis-pre-evaluation-00
Ned Freed <ned.freed@mrochek.com> Mon, 02 November 2009 22:24 UTC
Return-Path: <ned.freed@mrochek.com>
X-Original-To: yam@core3.amsl.com
Delivered-To: yam@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F37E63A6831 for <yam@core3.amsl.com>; Mon, 2 Nov 2009 14:24:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.555
X-Spam-Level:
X-Spam-Status: No, score=-2.555 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DATE_IN_PAST_03_06=0.044]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oc9zST+-k8Nc for <yam@core3.amsl.com>; Mon, 2 Nov 2009 14:24:07 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by core3.amsl.com (Postfix) with ESMTP id BA7533A67A8 for <yam@ietf.org>; Mon, 2 Nov 2009 14:24:07 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01NFMC5C89C0003ADO@mauve.mrochek.com> for yam@ietf.org; Mon, 2 Nov 2009 14:24:09 -0800 (PST)
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01NFFBGQQ84W0000BI@mauve.mrochek.com>; Mon, 02 Nov 2009 14:22:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=mauve; t=1257200570; bh=6rPkcit6sYAGRMlAq6H9V76WTh1NxCqbgYe7VNDISQA=; h=Date:From:Subject:In-reply-to:To:Cc:Message-id:MIME-version: Content-type:References; b=LPm7rWtQywr62KDe6cU+yYkjvmg8GDRJvv1/pJliPoQOkJn12XFPTloqUejaSwJGw MPMtDFy4ihX92Nzedkp4uW8GjVhexgW+6gc+9sqPITbtHSueUiqkX4kQaCkbZcqh15 OJbKRSFXDrMWGYmqid1r0fKNLUQescBjhGy+OQF4=
Date: Mon, 02 Nov 2009 10:45:12 -0800
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Sat, 31 Oct 2009 12:36:42 -0700" <6.2.5.6.2.20091031115845.03fdeaa8@elandnews.com>
To: S Moonesamy <sm+ietf@elandsys.com>
Message-id: <01NFMC338P960000BI@mauve.mrochek.com>
MIME-version: 1.0
Content-type: TEXT/PLAIN; Format="flowed"
Content-transfer-encoding: 7bit
References: <6.2.5.6.2.20091031115845.03fdeaa8@elandnews.com>
Cc: yam@ietf.org
Subject: Re: [yam] Status: draft-ietf-yam-rfc1652bis-pre-evaluation-00
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2009 22:24:09 -0000
> The IESG has completed its evaluation of > draft-ietf-yam-rfc1652bis-pre-evaluation-00. There is an outstanding > issue about Security Considerations. I posted a message about that > at http://www.ietf.org/mail-archive/web/yam/current/msg00132.html The reqson I haven't bothered to answer is AFAICT there's really nothing to say. Lisa's DISCUSS states: One of the big questions discussed about whether older email standards could go to Full Standard was whether the security provisions were sufficient -- whether authentication and privacy met our modern requirements, or if not, whether Full Standard was acceptable anyway because of historical considerations. If that is in fact going to be an issue, then this pre-eval document doesn't address that or or make the IESG think about that. Future pre-eval documents, if we stick with this WG model, could reasonably compare the standard's security to modern requirements. This DISCUSS position is so that we can talk about these issues on the call. if there's anything in there about the security considerations in RFC 1652 needing to change, or for the discussion of such changes in this pre-evaluation meta-document, I for one sure don't see where they are identified in this DISCUSS. It is of course self-evidenct that RFC 1652 doesn't raise as many (or any) security issues as other specifications YAM is chartered to work on will. But this is hardly RFC 1652's fault - in fact I thought it was supposed to be sort of a Good Thing when documents don't have many (or any) security concerns. And when specifications that do have security concerns are processed, it will be up to the WG to propose and the IESG to review whatever changes are deemed appropriate to address those concerns. I would hope that this is all blindingly obvious. And if you want to have a discussion of how old specifications that have inadequate security considerations will be updated, fine, but let's not pretend that having this discussion in the context of 1652bis is going to produce meaningful results. Indeed, it seems to me that this DISCUSS is, properly spealing, a DISCUSS about the overall YAM process that the IESG needs to decide for itself. But as a topic for a WG response pertaining to the document at hand, it is entirely inappropriate and wrongminded. > I received some feedback from the Alexey. I edited the information for > this status update. With all due respect, I think we're WAY past the point where this degree of indirection is anything but a hindrance to forward progress. The IESG needs to state, clearly and directly to this WG, what their concerns are. > The IESG is fine with all the changes except for the > downreferences. The format is generally Ok, several ADs commented > that the pre-evaluation document was useful. Well, if that's the case in general, then this effort is effectively over, and we might as well disband this group right now and save ourselves a lot of pother. Because if downrefs aren't going to be allowed, we're screwed because references to things like TLS are never going to make it to standard in the necessary time frame. If this is a more selective thing (and I see no evidence that it is or isn't - the IESG evaluation record is singularly unhelpful on figuring out exactly what this downref problem is), then the IESG needs to explain the actual policy behindd their selective allowance of downrefs. > The following paragraphs are about the process. The general view was > that the IESG cannot really judge the process by doing a simple > document. And I think the appropriate response to that is, "So what?" We appear to be so wrapped up in nailing down every last detail of the process for every conceivable document we might consider that we're losing sight of the actual goal here, which is to address the minimal set of *technical* issues needed to get the various core email specifications to Standard. > It doesn't make sense to approve extensions first, then > run into the possibility of not approving changes to the document > being extended. The WG should move the main documents first instead > of the dependent documents. And again, if that's supposed to be generally applicable rule, this effort is effectively over. > The IESG would like to ask the YAM WG to evaluate a core document > such as RFC 5321 or RFC 5322. It is viewed that the evaluation of > these documents is more likely to highlight issues that might be > relevant to all the other documents. OK, so let me play process weenie for a minute, and point out that while this might arguably make sense as a better way to vet the YAM process, this makes no sense at all in the context of 1652bis. For starters, the reference to RFC 822 in RFC 1652 is for ABNF and nothing else, so it upgrades cleanly to RFC 5234 - already a Standard, no downref needed. There's no need to reference RFC 5322 for this purpose at all. I'll also take this opportunity to point out that this is actually an error in draft-ietf-yam-rfc1652bis-pre-evaluation-00, which states that what needs to be done is update the reference to RFC 5322. So it seems that while frothing about process generalities, nobody bothered to, you know, actually look at the *technical* details of the current proposal. As for the reference to RFC 821, the purpose of it is to get at the definition of what's allowed in a message. I don't think a credible argument can be made that the definition of the overall syntax of a basic message (i.e., 998 chearacter or less CRLF delimited lines of 7bit ASCII), is ever going to change. Pigs will travel at lightspeed first. Finally there's the reference to RFC 1651. The plan is to replace this with a reference to RFC 5321, which is a fine plan, but if that's a downref issue then a reference to RFC 1651 - a Full Standard - could simply be retained. Moreover, if you're going to worry about downrefs in the context of RFC 1652, the thing to be looking at isn't SMTP or core message format stuff, but MIME. An argument that a downref to MIME could be problematic could be made a lot more easily. Mind you. I still don't think rises to the necessary level to prohibit the downref, but it's a vastly more credible arugment than one involving 5321/5322. So does this mean we also need to advance MIME to Standard first? > The next step the AD recommends is to review RFC 5321 and come back > to 8BITMIME once the pre-evaluation of RFC 5321 is complete. > Please comment on the above. Well, you asked. My comment is that I think this feedback has the direct effect of hanging this entire effort on the slenderest of threads, and the indirect effect of locking in the present reality that our real process operates in two steps, not three, irrepective of what our process documents say. Ned
- [yam] Status: draft-ietf-yam-rfc1652bis-pre-evalu… S Moonesamy
- [yam] Status: draft-ietf-yam-rfc1652bis-pre-evalu… S Moonesamy
- [yam] Status: draft-ietf-yam-rfc1652bis-pre-evalu… S Moonesamy
- Re: [yam] Status: draft-ietf-yam-rfc1652bis-pre-e… Barry Leiba
- Re: [yam] Status: draft-ietf-yam-rfc1652bis-pre-e… Ned Freed
- Re: [yam] Status: draft-ietf-yam-rfc1652bis-pre-e… S Moonesamy
- Re: [yam] Status: draft-ietf-yam-rfc1652bis-pre-e… Alexey Melnikov
- Re: [yam] Status: draft-ietf-yam-rfc1652bis-pre-e… Alexey Melnikov
- [yam] Issue #4 (was: Status: draft-ietf-yam-rfc16… SM
- Re: [yam] Issue #4 Alexey Melnikov
- Re: [yam] Issue #4 SM
- Re: [yam] Issue #4 S Moonesamy
- Re: [yam] Issue #4 Ned Freed
- Re: [yam] Issue #4 Ned Freed
- Re: [yam] Issue #4 S Moonesamy
- Re: [yam] Issue #4 SM