Hi all,
Viktor has worked with a bunch of the folks who've
commented on this and produced a version -03. [1]
(Thanks to all for getting that done quickly btw!)
Please comment on that in the next week especially
if these changes change your opinion/position on the
draft. (But *do* say why:-)
If these changes don't change your opinion/position
then there's no need to re-iterate comments made
earlier.
Thanks,
S.
[1] https://tools.ietf.org/html/draft-dukhovni-opportunistic-security-03
On 08/08/14 15:32, Stephen Farrell wrote:
Hiya,
The LC for this formally ended on the 5th. Here's my
summary of where we are.
I think there are open issues still to address, but
that could (all going well) be addressed very soon
after which we should move ahead.
Those are:
- We should establish the audience for this. I think
that may be behind some of the harder to handle
objections seen. That could result in a major change,
for now, I assume below that it won't - if it did,
then a new plan would be needed.
- Many folks want better definition text at the start
of section 3 of the draft. They're right I reckon.
- Viktor needs to finish processing detailed Steve Kent
comments and other bits and pieces, as per list mails,
and give folks a chance to review those.
- Views differ on use of 2119 language (what's new there:-),
most likely leave that as-is and IESG can argue if
needed.
My conclusion - once the above is done, which is quite
do-able but not yet done, and folks have had a chance to
look at that for a few days without yelling that its gone
backwards, this should be fine to put into IESG eval,
without another 4 week IETF LC - I do think there's
consensus on the concept if we get the text right and the
IESG can evaluate if we have succeeded in that. (That
being modulo the audience discussion not resulting in
a major change.)
So I'll kick the thread on the audience to the top in
a bit and will work with Viktor and Paul (Shepherd)
and some of the folks who've commented to get text for
a -03 version out for folks to look at. All going well
a week or so later I'll put this into IESG eval.
So you can think of this as extending the IETF LC out
to the publication date of -03 plus one week if you
like. Do yell if you think that needs to go out to
IETF announce formally. (I don't think it does but
its easy so we can if need be.)
Cheers,
S.
PS: My notes from the LC thread are below fwiw. And I've
a few comments of my own (minus hat) on the -02 that I'll
send separately as well.
Searched for subject containing opportunistic on
ietf(_at_)ietf(_dot_)org via [1] at about 2014-08-08T11:00:00Z. 190
messages matched.
[1]
https://mailarchive.ietf.org/arch/search/?email_list=ietf&q=opportunistic
These are my notes on those messages, comparing against -02
of the draft (so mostly not mentioning stuff Viktor alredy
fixed)
- First batch were purely process things, no LC issues
resulting, so I'll ignore those.
- Nico W (07-08, and later)
- add "floor"
- add examples
- SM (07-08) made a bunch of comments, including:
- 2119 keywords inappropriate
- "An opportunistic security protocol MUST" he noted
that OS is not a protocol but a philoposophy (or
maybe better: protocol design pattern)
- he's ok with publishing
- Randy B. (07-09) is ok
- Eliot L (07-09):
- don't define just wrt encryption (done)
- abstract edit - partly done
- make it a BCP (no, SF replied to that)
- Sam H. (07-09) likes it wants to keep 2119 terms
- Martin T (07-11) genart review
- definition to start of section 3
- state issue in sec cons. (presumably the false
sense of security shibboleth)
- ditch 2119
- Rene S. (07-11):
- say more about enforcement being better than OS
- Dave C. (07-25):
- don't use OS term
- do provide a definition (some back and forth with
Steve K around 07-30 had suggestions)
- Ian G (response from VK, 07-27), presumably Ian G on saag: - define
a term for what went before, suggestions
included: complete-security, all-or-nothing
- Tim B (07-28) its ok, publish ASAP
- Henry H. (07-31): best is ill-defined, happy with that
- Tom P: (07-31) - switch para order in section 3
- includes suggested text
- Dave C. (08-04) - who are the target audience?
- security/protocol designers or more broad? (the
former IMO)
- various discussion, with a VK proposal for text
on 08/06 (15:44 UTC)
- proposed new term - no significant backing visible
- Scott K. (08-04) leave it as is
- Steve K. (08-05):
- define OS!
- quite a number of detailed comments responded to by
VK, best to get re-review of new text as some but
not all changes seem agreed
- Rene S. (O8-06):
- fix PFS definition (isn't there one in 4949?)
- same point about no false sense of sec, but
with a possible sec consideration bit of text