Hi, Russ,
On 9/12/20 18:24, Russ Housley wrote:
[....]
On Wed, Dec 09, 2020 at 04:09:07PM -0500, Russ Housley wrote:
I have to comments.
1) I do not see this document as a BCP. Despite the inclusion of the boilerplate, there is not a single MUST in the document. I have no objection to an Informational RFC.
The assumption/expectation was that this would become part of BCP 72 along
with RFC 3552. Do you think it should be a standalone document, or can you
propose normative language that would make it more appropriate as a BCP?
I'd advise an Informational document.
FWIW, our intent is to have a BCP document that is part of (i.e.,
updates) BCP72. Given that flawed transient identifiers have plagued
most IETF protocols we can think of, we believe the topic deserves a BCP.
I think an additional section with normative text would be needed or additional normative paragraphs after each of the problem descriptions would be needed.
Could you please elaborate?
What we mean is that specs should spell out the interoperability
requirements, perform a security and privacy assessment of the
identifiers, and suggest an algorithm for them.
That's essentially the three requirements.
Thanks!
Regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
