On 11/08/2015 05:34, Roy T. Fielding wrote:
On Aug 10, 2015, at 10:23 AM, Paul Hoffman
<paul(_dot_)hoffman(_at_)vpnc(_dot_)org> wrote:
On 10 Aug 2015, at 10:13, The IESG wrote:
The IESG has received a request from an individual participant to make
the following status changes:
- RFC1984 from Informational to Best Current Practice
(IAB and IESG Statement on Cryptographic Technology and the Internet)
The supporting document for this request can be found here:
https://datatracker.ietf.org/doc/status-change-rfc1984-to-best-current-practice/
Yes, please. What was discussed in 1996 really is a best practice today, and
it has certainly been made the current practice.
--Paul Hoffman
Umm, the document is specifically worded as a position statement from the
IAB and IESG. There is no "current practice" described by it. Rather, it is
an
argument against key escrow and limited key sizes; a sort of anti-pattern for
an old practice.
I'd rather it be left as an informational document, as it was approved,
When RFC 1984 was published, the way BCP was defined by RFC 1818 made it
impossible
to classify it as BCP. RFC 2026 expanded the definition of BCP considerably
and specifically mentioned "the results of community deliberations" and
"common guidelines for policies" and is explicit that a BCP can be a vehicle
for IAB and IESG statements subjected to community consensus. So we are a
few years late, but this action seems well within the rules.
and
a new BCP be produced that explains current best practices regarding minimum
key sizes, currently-safe algorithms, etc. Something that isn't tied to a
specific protocol (unlike TLS 1.3).
That sounds like a fine thing to do, but it's orthogonal to underlining
that the principles in RFC 1984 apply even more strongly today.
Brian