Security considerations breakdown and names of the specs (was: Re: Security Considerations: bad split)

John C Klensin klensin at jck.com
Sun Dec 7 17:54:49 CET 2008



--On Sunday, 07 December, 2008 16:29 +0900 Martin Duerst
<duerst at it.aoyama.ac.jp> wrote:

> +1 on all points.
> 
> [and if there are a few more +1 on the second point, then
> the facts for the third point change, and my +1 for the
> third point won't stay anymore]

For whatever it is worth...

* The organization of the Security Considerations section(s), as
distinct from what is in them, is ultimately an IETF stylistic
matter, not a substantive one.  I am not convinced that one
organzational style or another is significantly harmful.  I just
believe that spending a lot of time debating the issue and
reorganizing text so that it can be reorganized again _is_
harmful to getting things finished.   

I have been unable to deduce a consistent IETF style from the
recent standards-track specifications published as sets of
document that I've examined.    Some split things up, others
combine them.

Rather than run the (quite precedented) risk of the WG spending
a lot of time debating this, reaching a conclusion that falls
well short of clear consensus, sending the documents to the
IESG, and having them decide they want something completely
different, I have written to the Security ADs querying them
about their preferences, advice, or instructions.  If we get
that advice, I expect to follow it unless Vint concludes that
there is WG consensus for going to battle on this subject (I
would personally infer that anyone advocating such a battle is
simply trying to delay the WG's work, but that would be just my
opinion).

* As editor, I am strongly opposed to changing the names of
specs (specifically the "IDNA2008" references) at this time.
There are two reasons for this.  One is that, regardless of what
goes on in the WG, the work is widely known outside as
"IDNA2008".  Changing the name will create confusion as to
whether we have taken a different substantive direction and will
require work on explanations that we have not.  The other,
probably more important, reason is that it is a waste of time.
These are the type of changes normally made by the RFC Editor,
and will become much simpler at the point of editing for RFC
publication because all of the internal inter-document
references will disappear and be replaced by RFC numbers.  When
we get closer to that point, we can also have a discussion, not
about "IDNA2008"->"IDNA2009" but about whether the new version
should be "IDNA2", "IDNAng", or some such thing (or just
"IDNA"): the long-term perceptual disadvantage of using
something that looks like a date is that it immediately raises
the questions of when the next version is going to come along,
whether "IDNA2008" is obsolete in 2010, and so on.

If we continue to waste time at the current rate, we may need a
discussion about IDNA2010.   I really wish we could concentrate
on substance and get finished instead.

just my opinion.

   john



More information about the Idna-update mailing list