Re: Call for Community Feedback: Guidance on Reporting Protocol Vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




  Hi Roman,

On 11/4/20 9:31 AM, Roman Danyliw wrote:
Hi Dan!

-----Original Message-----
From: Roman Danyliw
Sent: Monday, October 26, 2020 7:51 PM
To: 'Dan Harkins' <dharkins@xxxxxxxxxx>; ietf@xxxxxxxx
Subject: RE: Call for Community Feedback: Guidance on Reporting Protocol
Vulnerabilities

Hi Dan!

Thank you for the feedback!

-----Original Message-----
From: ietf <ietf-bounces@xxxxxxxx> On Behalf Of Dan Harkins
Sent: Monday, October 26, 2020 12:52 AM
To: ietf@xxxxxxxx
Subject: Re: Call for Community Feedback: Guidance on Reporting
Protocol Vulnerabilities


    Howdy,

    Not all RFCs are the product of a working group so I think the
section dealing with "Expectations from the IETF" should address what
the IETF feels it should do wrt to RFCs published by the IETF that
were not products of a working group. The existing text seems to only
address issues with RFCs that were the produce of a (possibly closed)
working group. This probably has an influence on Figure 1 too-- to be
specific, before the decision of "4" there should be a decision on the
question of whether this is about an RFC that the IETF feels it needs to
address.

Good point.  Let me figure out how to best finesse the existence of AD
sponsored documents, without adding too much (more) complexity.

Regardless of the editorial approach, let me know if the possible end states
aren't "errata" (8) or "using the general alias" (10), perhaps with a trip through
"is there an active working group on the topic" (3).
Please see the revised text to address a workflow for individual submission:

https://github.com/ietf/vul-reporting-guidance/commit/9698c728b900307f74a2649720755b35c6b0523b

Let me know if this doesn't address your feedback.

  Yes, this does address my comment and I would be happy with this. That said, I think it might be possible to slightly improve things if there was the possibility of a WG looking at fixing an RFC that had been an individual draft. I'm thinking of something like an EAP method that an individual submission. If we can't find the
author or the author doesn't care it might make sense to ask EMU if this is
something they might want to look at fixing. In figure 1 I'm thinking of maybe a decision box above 7 that could get the flow into 6 and not terminate a 7 if
there's a WG willing to deal with the issue.

  But as I said, I'm happy with what you have so if you want to ignore my additional
comment I would be fine with that.

  regards,

  Dan.

--
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux