Folks,
A new version of the draft was issued today.
And the Sponsoring AD promptly decided that there is IETF consensus on
the draft, scheduling it for the next IESG telechat. The Sponsoring AD
has deemed all changes since the -02 version is minor.
This is spite of the fact that /nearly every word/ of the newest draft
is new.
Yes, really:
https://www.ietf.org/rfcdiff?url1=draft-dukhovni-opportunistic-security-03&difftype=--hwdiff&submit=Go!&url2=draft-dukhovni-opportunistic-security-04
I did another detailed review of the draft:
http://www.ietf.org/mail-archive/web/saag/current/msg05531.html
including:
Summary:
The paper defines and explains flexible approach to the use of
encryption on the Internet. It assigns the term 'opportunistic
security' to this term.
The latest draft has extensive changes from the previous version.
Although many of the changes are quite helpful, the document still
suffers from confusing or unexplained terminology and some unfortunately
initial organization.
A number of points from previous reviews have not been addressed.
The paper continues to freely make strong assertions, without
providing any substantiation or even, in some cases, explanation. At a
minimum, every term that is used, every assertion that is made and
anything else that derives from Internet experience should be documented.
Concerns with the term "opportunistic security" persist. It is both
vague and overblown, given the specific technical point it is meant to
address. That concern is about encryption and the term should make that
clear.
The paper still needs extensive revision before it should be
considered for publication.
Blanket dismissal of substantive concerns is not the usual approach to
work in the IETF.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net