Hi, Russ,
Thanks a lot for your feedback! In-line....
On 9/12/20 18:09, Russ Housley wrote:
I have to comments.
1) I do not see this document as a BCP. Despite the inclusion of the boilerplate, there is not a single MUST in the document. I have no objection to an Informational RFC.
FWIW, version -04 had the following text:
---- cut here ----
5. Security and Privacy Requirements for Identifiers
Protocol specifications that specify transient numeric identifiers
MUST:
---- cut here ----
This was changed in response to feedback we got. But we could add some
text in that line, whether "MUST" or "SHOULD"
I believe it would be a shame for us to be unable to do a BCP on the
topic, given the bad track the IETF has had with respect to transient
identifiers, and given that, for multiple reasons, this effort has taken
about 5 years so far....
2) The document is really about transient identifiers. It does not only apply to ones that are numeric.
That's probably the case. However, the ones we assessed are all numeric
identifiers. And those are the ones that we have analyzed in the
companion document draft-irtf-pearg-numeric-ids-generation
Just curious: what are the non-numeric transient identifiers you had in
mind?
Thanks!
Regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
