-----Original Message-----
From: Alfred HÎnes [mailto:ah(_at_)tr-sys(_dot_)de]
Sent: Thursday, April 24, 2008 1:39 PM
To: turners(_at_)ieca(_dot_)com
Cc: DBrown(_at_)certicom(_dot_)com; ietf-smime(_at_)imc(_dot_)org
Subject: Re: draft-ietf-smime-rfc3278-update-02
<snip>
All,
Does anybody think it would be clearer to resubmit this to be a bis
draft (i.e., obsolete 3278) instead of an update draft?
Originally, the draft just updated the ECDSA 224-512 and SHA2
algorithms, but now it updates most of the sections in RFC3278.
I think it might be clearer to just obsolete RFC3278.
spt
When it comes to security, unnecessary complexity is evil.
And complexity sometimes starts with the specification(s).
In this case, the current draft already is an excellent
example of how documents updating earlier specifications
should be written to avoid any ambiguity related to what in
detail is updated in which manner.
Nevertheless, I strongly support the idea to merge the still
valid parts of RFC 3278 with this draft, to obtain a single
concise replacement document. There are lots of examples
where RFCs have been superseded by newer ones for much less
substantial updates.
I haven't heard an objection to this so I'm going to submit a new -00 ID
that is going to obsolete 3278 as opposed to update it. The current ID will
die on the vine.
A unified new document would also allow to update all the Refs
in 3278 (including RFC-to-be 5280), split these into Normative
and Informative, and adapt the boilerplate matter to the new
ISOC/IETF position on IPR stuff.
But when this step is undertaken, the next question immediately
arises: Why not also going from Informational to Standards Track?
Since there's IPR with ECC all the IETF IDs/RFCs that deal with ECC are
Informational.
spt