ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-ietf-tsvwg-port-use-06.txt> (Recommendations for Transport Port Number Uses) to Best Current Practice

2015-01-16 13:27:47
from [Joe Touch] [Permanent Link] 
Hi, Alexey,

On 1/16/2015 11:16 AM, Alexey Melnikov wrote:

Hi Joe,


...

My concerns is that BCP are commonly used by ADs to enforce compliance.
So I am wondering why this document is not just Informational?


AFAIR, the WG wanted it to be BCP to be a stronger recommendation to
protocol designers than would be an Informational doc.

However, the way expert review and the appeals process already allows
ADs to either use BCPs or override them anyway, so I don't see this as
unduly constraining them. Besides, all sorts of docs - including
standards-track - are contradictory, so there's no one way to ensure
they're all followed.

...

In 7.4:

...

Inserting "solely" before "by a browser" would address my concern.

Would "primarily" also work? It's hard to argue "solely" even for
conventional web access.


Yes, "primarily" is actually better.


OK. Will do.


In 7.4:

    Note however that a new service might not be eligible for IANA
    assignment of both an insecure and a secure variant of the same
    service, and similarly IANA might be skeptical of an assignment for

I don't think use of wording like "IANA might be skeptical" is correct
here, because IANA doesn't define policy on this. IETF does. So let's
call things with right names and don't misuse "IANA" here.


The document isn't written by IANA. We recommend to IANA, and IANA makes
a decision that the IESG can override. I don't think it's outside the
scope of the doc to indicate this context.


Actually I disagree. IANA is just following procedure prescribed by
IETF. Experts are not really acting as advisors (although in practice
there is always a dialogue, which is as it should be).


IANA doesn't have to agree with expert reviewer recommendations. There
isn't anything binding that, though - as you note - there's a dialogue
and it's not an issue in practice.


Would it be preferable to say that "applications asking for both...
might not be approved when..."?


Yes.


OK - will do.


    an insecure port number for a secure service. In both cases,
    security of the service is compromised by adding the insecure port
    number assignment.

Similarly (in the same section): "IANA currently permits ..."

Same solution here?


Sure.


OK - will do.

Joe
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-ietf-tsvwg-port-use-06.txt> (Recommendations for Transport Port Number Uses) to Best Current Practice, Alexey Melnikov
Next by Date:  Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Brian Smith
Previous by Thread:  Re: Last Call: <draft-ietf-tsvwg-port-use-06.txt> (Recommendations for Transport Port Number Uses) to Best Current Practice, Alexey Melnikov
Next by Thread:  Re: [tsvwg] Last Call: <draft-ietf-tsvwg-port-use-06.txt> (Recommendations for Transport Port Number Uses) to Best Current Practice, gorry
Indexes:  [Date] [Thread] [Top] [All Lists]