[Top] [All Lists]

Re: Second Last Call: rfc3852 (Cryptographic Message Syntax (CMS)) to Draft Standard

2009-04-27 15:22:38

The goal of this particular exercise is to advance RFC 3852 *without* revision, so I called out the normative references as specified in the document: RFCs 3280 and 3281. It is true that RFC 3280 has been obsoleted by RFC 5280, and that draft-ietf-pkix-3281update is intended to update 3281. (Both documents cycled/are cycling at Proposed, so they would still be downrefs even if we submitted a 3852bis to address the references.) And, yes this makes it more confusing to determine whether a downref is appropriate.

I would personally factor the clarifications in RFC 5280 in my evaluation of the downrefs, since I would use it as the basis for any new implementation of 3852, but would not consider 3281update since it is still a working document and subject to change.

To me, the question for the community is whether RFC 3852 achieves the expected characteristics of a Draft Standard (as described in 2026) in spite of these downrefs:
A Draft Standard must be well-understood and known to be quite stable, both in its semantics and as a basis for developing an implementation.

I believe the implementation report adequately demonstrates RFC 3852 *in its totality* is well-understood and provides a stable basis for developing interoperable implementations. To my mind, this makes advancement appropriate in spite of the two downrefs.



On Apr 27, 2009, at 12:15 PM, Alexey Melnikov wrote:

The IESG wrote:

The IESG has received a request from the smime WG (smime) to consider the following document:

- 'Cryptographic Message Syntax (CMS) '
RFC 3852 as a Draft Standard

No technical issues were raised during the first Last Call. However, the Last Call failed to highlight two normative references to standards track
documents of lower maturity:  RFCs 3280 and 3281.

Speaking as a member of the IETF community I find the question confusing, considering that both documents were obsoleted (or just about to be obsoleted in case of RFC 3281). Shouldn't this be RFC 5280 and draft-ietf-pkix-3281update-04.txt?

This abbreviated Last Call is focused solely on whether downrefs to these
Proposed Standards are appropriate in the context of RFC 3852.

Ietf mailing list

Ietf mailing list