For all of the obvious reasons, I think reclassifying these
documents to historic is a good idea. _However_ if we are
really trying to say "don't use these, they are obsolete and
unsafe" rather than just "no current specification refers to
them but do what you like", I believe that it would be better to
publish a short RFC explaining the issues with them rather than
simply making a datatracker note that points to a "supporting
document", particularly one that doesn't actually say much of
anything.
That should be especially easy because
draft-ietf-tls-oldversions-deprecate-09 already obsoletes 5469,
so why not simply add a sentence there, update the Last Call to
identify the move as "to Historic" as well as "Obsoleted", and
move on.
Being clear about this seems especially important because RFC
5246, published a five months before 5469, says
"Removed IDEA and DES cipher suites. They are now
deprecated and will be documented in a separate
document."
but gives no explanation. RFC 5469 is presumably the document
being promised, but there is no information in the RFC index
(or, AFAICT, other obvious RFC metadate) binding them together.
Under normal circumstances (which these obviously were not) it
would have been appropriate to publish 5469 as Historic since
the relevant protocols were already deprecated but, presumably
does not indicate that it updates 5246 (to provide the promised
information) because it was published as Informational rather
than Standards Track or BCP.
So, a further suggestion is that
draft-ietf-tls-oldversions-deprecate-09 be further modified to
update 5246 (assuming we are not ready to obsolete it), stating
simply that 5469 is the document describing the IDEA and DES and
the reasons for removing them called for by 5246.
The most common complaint I hear from outside the IETF community
about how we make and document standards is that it is nearly
impossible to ascertain what is and is not relevant to a given
specification and/or current. Why document an action that might
help clarify such situations by moving a document to Historic in
a way that might make the situation worse and leave loose ends
dangling?
john
On Nov 9, 2020, at 5:33 PM, The IESG <iesg-secretary@xxxxxxxx>
wrote:
>
> The IESG has received a request from an individual
> participant to make the following status changes:
>
> - RFC5469 from Informational to Historic
> (DES and IDEA Cipher Suites for Transport Layer Security
> (TLS))
>
> The supporting document for this request can be found here:
>
> https://datatracker.ietf.org/doc/status-change-tls-des-idea-c
> iphers-to-historic/
>
> The IESG plans to make a decision in the next few weeks, and
> solicits final comments on this action. Please send
> substantive comments to the last-call@xxxxxxxx mailing lists
> by 2020-12-07. Exceptionally, comments may be sent to
> iesg@xxxxxxxx instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
>
> The affected document can be obtained via
> https://datatracker.ietf.org/doc/rfc5469/
>
> IESG discussion of this request can be tracked via
> https://datatracker.ietf.org/doc/status-change-tls-des-idea-c
> iphers-to-historic/ballot/
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
