ietf
[Top] [All Lists]

Re: Last Call: <draft-jabley-dnsext-eui48-eui64-rrtypes-03.txt> (Resource Records for EUI-48 and EUI-64 Addresses in the DNS) to Proposed Standard

2013-05-28 02:38:28
Hi Donald,
At 21:09 27-05-2013, Donald Eastlake wrote:
While the RFC should not be materially misleading, I don't think there
is a requirement for Informational RFCs to guarantee any particular
level or security or privacy.

Yes. In my opinion a best effort is preferable or else the Security Considerations section in RFCs is useless.

In theory the IETF does not publish RFCs to suit the regulations of one country (see use-case in draft-jabley-dnsext-eui48-eui64-rrtypes-04). In practice, the IETF has published a RFC to suit the requirements (it was a voluntary measure instead of a formal requirement) of one country.

draft-jabley-dnsext-eui48-eui64-rrtypes-04 is an odd case. My guess is that the requirements were set because of a problem of monopoly. I have not looked into whether the transfer of data violates the expectations of the user. I understand that the draft is about standardizing [1] a data format and not the transfer of data. Section 8 of the draft says everything correctly except that it doesn't provide adequate security guidance.

I believe that Joe tried to do the "right thing". I am not comfortable objecting to publication as I don't know the "path forward". I personally would not support publication. That can easily be overcome and I won't do anything about it.

Regards,
-sm

1. I did read Section 2 carefully.
<Prev in Thread] Current Thread [Next in Thread>