ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

2015-09-23 15:03:33
from [Melinda Shore] [Permanent Link] 
I think I'd understand the objections and agree with many of
the concerns being expressed if this were a standards-track
document, but it's not.  It specifies a record type for
experimental purposes, to increase the likelihood that people
playing around with implementation implement the same things.
It's somewhere between annoying and frustrating that an
experimental document is being held to the same level of
baked-ness that we expect of an internet standard.

2026 says:
   The "Experimental" designation typically denotes a specification that
   is part of some research or development effort.  Such a specification
   is published for the general information of the Internet technical
   community and as an archival record of the work, subject only to
   editorial considerations and to verification that there has been
   adequate coordination with the standards process (see below).  An
   Experimental specification may be the output of an organized Internet
   research effort (e.g., a Research Group of the IRTF), an IETF Working
   Group, or it may be an individual contribution.

And it seems that the review being received here goes *well*
beyond what's described.  We know that there are problems with
trust models being used in existing protocols, and we know
that the problem of the left-hand side of email addresses
can be extremely difficult.  I would suggest that shutting
this publication down will tend to move us further away from
solving them, not closer.

This document represents working group consensus about an
experiment they'd like to see happen.  Given that there is
general agreement within the community most directly concerned,
it seems to me that the questions should be: 1) is this
sufficiently well-specified to be able to produce interoperable
implementations, and 2) does this break anything currently in
use?

We have seen no shortage of experimental specifications that never
were widely deployed (or deployed at all), and I'm really not sure
I understand the resistance to seeing this published as an
experimental RFC.  Certainly most of the objections I've been
seeing are demanding rigor that we really should not be
expecting from an experimental document, and they are inconsistent
with our own well-documented criteria for experimental RFCs.

Melinda
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Sam Hartman
Next by Date:  Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, George Michaelson
Previous by Thread:  Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, John R Levine
Next by Thread:  Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]