ietf
[Top] [All Lists]

Re: Last Call: Registry Registrar Protocol (RRP) Version 1.1.0 to Informational

2000-01-04 15:20:02


Patrik Fältström wrote:

So, you are talking about (like we did in the RAB) the quality of the
protocol, while I now as AD and member of the IESG is asking whether this
document is correctly describing what is in use.

I ask you Ed, and all others, to please differentiate between those two
issues, and come with comments on the correctness of the document. Comments
on the protocol can be sent directly to NSI.

IMO you  are following a very slippery slope here.  You seem
now to be moving into "explanation mode" in order to say that 
the  protocol's effectiveness is not important, just its perfunctory 
functions.

In other words, you as AD and member of the IESG are saying
that protocols are to be published as RFCs even if knowingly
technically wrong, inefficient, outdated and insecure -- provided
they are "in use".

Well, I may be a little less pragmatic than you and I question exactly
the correctness of the document, as well as its effectiveness.

And, since our names are still in NSI's page for the Registry Advisory
Board (RAB) and we were involved with it, I also think that the IETF
should know that the SRP being proposed by NSI as an RFC and
being followed through IETF under yours (a former member of the
RAB) apparent approval is not what the RAB discussed and
formally requested to change as documented in the RAB minutes locked
under NDA. The RAB in Ammendment 11 has thus become a mock review 
process locked under NDA, even though the RAB was officially called by 
the USG to "review, participate, and advise in testing of the technology
aspects of the Shared  Registration System, and to suggest improvements
to Network Solutions to better meet the mandates of Amendment 11."

The least I suggest is to make the RAB Metting Minutes, together with
its Action Plan, public -- before furthering this RFC in the IETF. Why
should other people need to reinvent the same comments again?  The hope
that some will not be reinvented is IMO ill-founded as security
experience shows all the time -- obscurity is not a basis for
security.

Now, of course, if NSI wants to keep the protocol private then I
have no further comments.

Cheers,

Ed Gerck



<Prev in Thread] Current Thread [Next in Thread>