My concerns is that BCP are commonly used by ADs to enforce compliance.
So I am wondering why this document is not just Informational?
AFAIR, the WG wanted it to be BCP to be a stronger recommendation to
protocol designers than would be an Informational doc.
Yes the document was marked BCP on 2011-01-26 after WG discussion and
advice from our ADs, but this was not based on offering advice to IANA (as
in RFC 6335), but rather guidance to protocol and applications designers
needing to use transport ports.
I concur with Gorry's summary, and believe that BCP status is appropriate.
I suggest teeing this concern (whether BCP vs. Informational is the right
status for this sort of guidance document) up to the IESG for a decision.
In its ordinary English (dictionary) meaning, "best current practice"
certainly applies to this draft. OTOH, the IETF notion of BCP has a
rather specific meaning and some definite implications in practice. FWIW,
Alexey is not the only person who's made note of that concern wrt this draft.
In my view, the IESG owns the decision (and decision criteria) on what
should vs. should not be a BCP. I think we should expand the draft writeup
to note this concern (BCP vs. Informational status) as one that needs IESG
attention and ask our ADs to ensure that it does get suitable IESG attention.
Much as I prefer to resolve open issues before IESG Evaluation, in this case,
I think the IESG needs to make a decision, and it is within reason for us to
ask them to do so ;-).
Thanks,
--David (as Gorry's tsvwg WG co-chair)
-----Original Message-----
From: tsvwg [mailto:tsvwg-bounces(_at_)ietf(_dot_)org] On Behalf Of
gorry(_at_)erg(_dot_)abdn(_dot_)ac(_dot_)uk
Sent: Saturday, January 17, 2015 11:51 AM
To: Joe Touch
Cc: Alexey Melnikov; ietf(_at_)ietf(_dot_)org; tsvwg(_at_)ietf(_dot_)org
Subject: Re: [tsvwg] Last Call: <draft-ietf-tsvwg-port-use-06.txt>
(Recommendations for Transport Port Number Uses) to Best Current Practice
HI,
I added a little history in-line to help inform comments on the intended
status.
Hi, Alexey,
On 1/16/2015 11:16 AM, Alexey Melnikov wrote:
Hi Joe,
...
My concerns is that BCP are commonly used by ADs to enforce compliance.
So I am wondering why this document is not just Informational?
AFAIR, the WG wanted it to be BCP to be a stronger recommendation to
protocol designers than would be an Informational doc.
Yes the document was marked BCP on 2011-01-26 after WG discussion and
advice from our ADs, but this was not based on offering advice to IANA (as
in RFC 6335), but rather guidance to protocol and applications designers
needing to use transport ports
Gorry
However, the way expert review and the appeals process already allows
ADs to either use BCPs or override them anyway, so I don't see this as
unduly constraining them. Besides, all sorts of docs - including
standards-track - are contradictory, so there's no one way to ensure
they're all followed.
...
In 7.4:
...
Inserting "solely" before "by a browser" would address my concern.
Would "primarily" also work? It's hard to argue "solely" even for
conventional web access.
Yes, "primarily" is actually better.
OK. Will do.
In 7.4:
Note however that a new service might not be eligible for IANA
assignment of both an insecure and a secure variant of the same
service, and similarly IANA might be skeptical of an assignment
for
I don't think use of wording like "IANA might be skeptical" is correct
here, because IANA doesn't define policy on this. IETF does. So let's
call things with right names and don't misuse "IANA" here.
The document isn't written by IANA. We recommend to IANA, and IANA
makes
a decision that the IESG can override. I don't think it's outside the
scope of the doc to indicate this context.
Actually I disagree. IANA is just following procedure prescribed by
IETF. Experts are not really acting as advisors (although in practice
there is always a dialogue, which is as it should be).
IANA doesn't have to agree with expert reviewer recommendations. There
isn't anything binding that, though - as you note - there's a dialogue
and it's not an issue in practice.
Would it be preferable to say that "applications asking for both...
might not be approved when..."?
Yes.
OK - will do.
an insecure port number for a secure service. In both cases,
security of the service is compromised by adding the insecure port
number assignment.
Similarly (in the same section): "IANA currently permits ..."
Same solution here?
Sure.
OK - will do.
Joe