On Wed, Feb 25, 2015 at 10:18:17PM -0500, Sam Hartman wrote:
"John" == John C Klensin <john-ietf(_at_)jck(_dot_)com> writes:
John> I think the rest is a bit of a judgment call. While I'd be
John> happy to see a comprehensive document that would address all
John> of those issues, I would also like to get a good description
John> of the RRTYPE published somewhere soon, ideally a couple of
John> years ago. It seems to me that making a complete analysis of
John> security alternatives, or a complete analysis of the URI
John> situation as it relates to this RRTYPE, much less both are
John> likely to be a _lot_ of effort and that, if we want to get the
John> document published, what should be done should probably be
John> confined to explicitly noting the issues, e.g., that any
John> indirection through the DNS raises security issues that need
John> careful understanding and for which there is no magic bullet.
I'm happy with an informational document that does the above and claims
only to describe the existing RR type.
I'm not happy with a standards-track document that fails to cover the
security issues in significantly better detail.
An Informational RFC that merely describes the RR type as it is already
registered with the IANA would add little value unless it came with a
warning about the unexplored security space.
We do need a Standards-Track RFC for this RR because uses of it are
starting to pop-up that really could use more information about how to
use URI RRs securely.
Also, I don't see why we're even talking about publishing as FYI before
the shepherding AD and I-D authors decide how to continue. ISTM that
the right thing to do here is to give the authors a chance to choose
whether to address the comments made here fully, or fall back on the
simpler FYI approach. It's not like there's any urgency to publish an
FYI here...
Nico
--