Re: [Last-Call] Secdir last call review of draft-ietf-ecrit-location-profile-registry-policy-01

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Randall,

 

No, I don’t have any more comments. Replies are good.

 

Linda

 

From: Randall Gellens <rg+ietf@xxxxxxxxxxxxxxxxx>
Sent: Friday, March 19, 2021 12:56 PM
To: Linda Dunbar <linda.dunbar@xxxxxxxxxxxxx>
Cc: secdir@xxxxxxxx; draft-ietf-ecrit-location-profile-registry-policy.all@xxxxxxxx; ecrit@xxxxxxxx; last-call@xxxxxxxx; Murray S. Kucherawy <superuser@xxxxxxxxx>; Benjamin Kaduk <kaduk@xxxxxxx>
Subject: Re: Secdir last call review of draft-ietf-ecrit-location-profile-registry-policy-01

 

Hi Linda,

Thank you for reviewing the document. After the discussion, do you still have any questions or do you feel there is any ambiguity that needs to be resolved?

--Randall

On 16 Mar 2021, at 9:34, Linda Dunbar via Datatracker wrote:

Reviewer: Linda Dunbar
Review result: Not Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last call comments.

This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure. It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

Best Regards,
Linda Dunbar

On 16 Mar 2021, at 9:34, Linda Dunbar via Datatracker wrote:

Reviewer: Linda Dunbar
Review result: Not Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last call comments.

This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure. It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

Best Regards,
Linda Dunbar


Ecrit mailing list
Ecrit@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ecrit

On 16 Mar 2021, at 9:34, Linda Dunbar via Datatracker wrote:

Reviewer: Linda Dunbar
Review result: Not Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last call comments.

This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure. It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

Best Regards,
Linda Dunbar

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

On 16 Mar 2021, at 9:45, Murray S. Kucherawy wrote:

Hi Linda, thanks for your review.  Comments below.

 

On Tue, Mar 16, 2021 at 9:34 AM Linda Dunbar via Datatracker <noreply@xxxxxxxx> wrote:

This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure.  It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

 

Specification Required is defined in RFC 8162.  The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification.  The DE will have discretion to determine whether an application should be accepted.  The document contains no guidance about particular SDOs, so the DE is left to decide whether to factor the source into the approval or rejection of the request.

 

So any SDO can make a request to update the registry.  The DE makes the call about "legitimate".

 

-MSK

On 16 Mar 2021, at 9:45, Murray S. Kucherawy wrote:

Hi Linda, thanks for your review.  Comments below.

 

On Tue, Mar 16, 2021 at 9:34 AM Linda Dunbar via Datatracker <noreply@xxxxxxxx> wrote:

This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure.  It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

 

Specification Required is defined in RFC 8162.  The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification.  The DE will have discretion to determine whether an application should be accepted.  The document contains no guidance about particular SDOs, so the DE is left to decide whether to factor the source into the approval or rejection of the request.

 

So any SDO can make a request to update the registry.  The DE makes the call about "legitimate".

 

-MSK


Ecrit mailing list
Ecrit@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ecrit

On 16 Mar 2021, at 9:45, Murray S. Kucherawy wrote:

Hi Linda, thanks for your review.  Comments below.

 

On Tue, Mar 16, 2021 at 9:34 AM Linda Dunbar via Datatracker <noreply@xxxxxxxx> wrote:

This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure.  It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

 

Specification Required is defined in RFC 8162.  The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification.  The DE will have discretion to determine whether an application should be accepted.  The document contains no guidance about particular SDOs, so the DE is left to decide whether to factor the source into the approval or rejection of the request.

 

So any SDO can make a request to update the registry.  The DE makes the call about "legitimate".

 

-MSK

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

On 16 Mar 2021, at 10:12, Linda Dunbar wrote:

Murray,

 

Then why need this document?

Isn’t it already the practice that “The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification”?

 

Linda

 

From: Murray S. Kucherawy <superuser@xxxxxxxxx>
Sent: Tuesday, March 16, 2021 11:46 AM
To: Linda Dunbar <linda.dunbar@xxxxxxxxxxxxx>
Cc: secdir@xxxxxxxx; draft-ietf-ecrit-location-profile-registry-policy.all@xxxxxxxx; ecrit@xxxxxxxx; last-call@xxxxxxxx
Subject: Re: Secdir last call review of draft-ietf-ecrit-location-profile-registry-policy-01

 

Hi Linda, thanks for your review.  Comments below.

 

On Tue, Mar 16, 2021 at 9:34 AM Linda Dunbar via Datatracker <noreply@xxxxxxxx> wrote:

This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure.  It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

 

Specification Required is defined in RFC 8162.  The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification.  The DE will have discretion to determine whether an application should be accepted.  The document contains no guidance about particular SDOs, so the DE is left to decide whether to factor the source into the approval or rejection of the request.

 

So any SDO can make a request to update the registry.  The DE makes the call about "legitimate".

 

-MSK

On 16 Mar 2021, at 10:12, Linda Dunbar wrote:

Murray,

 

Then why need this document?

Isn’t it already the practice that “The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification”?

 

Linda

 

From: Murray S. Kucherawy <superuser@xxxxxxxxx>
Sent: Tuesday, March 16, 2021 11:46 AM
To: Linda Dunbar <linda.dunbar@xxxxxxxxxxxxx>
Cc: secdir@xxxxxxxx; draft-ietf-ecrit-location-profile-registry-policy.all@xxxxxxxx; ecrit@xxxxxxxx; last-call@xxxxxxxx
Subject: Re: Secdir last call review of draft-ietf-ecrit-location-profile-registry-policy-01

 

Hi Linda, thanks for your review.  Comments below.

 

On Tue, Mar 16, 2021 at 9:34 AM Linda Dunbar via Datatracker <noreply@xxxxxxxx> wrote:

This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure.  It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

 

Specification Required is defined in RFC 8162.  The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification.  The DE will have discretion to determine whether an application should be accepted.  The document contains no guidance about particular SDOs, so the DE is left to decide whether to factor the source into the approval or rejection of the request.

 

So any SDO can make a request to update the registry.  The DE makes the call about "legitimate".

 

-MSK


Ecrit mailing list
Ecrit@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ecrit

On 16 Mar 2021, at 10:12, Linda Dunbar wrote:

Murray,

 

Then why need this document?

Isn’t it already the practice that “The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification”?

 

Linda

 

From: Murray S. Kucherawy <superuser@xxxxxxxxx>
Sent: Tuesday, March 16, 2021 11:46 AM
To: Linda Dunbar <linda.dunbar@xxxxxxxxxxxxx>
Cc: secdir@xxxxxxxx; draft-ietf-ecrit-location-profile-registry-policy.all@xxxxxxxx; ecrit@xxxxxxxx; last-call@xxxxxxxx
Subject: Re: Secdir last call review of draft-ietf-ecrit-location-profile-registry-policy-01

 

Hi Linda, thanks for your review.  Comments below.

 

On Tue, Mar 16, 2021 at 9:34 AM Linda Dunbar via Datatracker <noreply@xxxxxxxx> wrote:

This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure.  It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

 

Specification Required is defined in RFC 8162.  The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification.  The DE will have discretion to determine whether an application should be accepted.  The document contains no guidance about particular SDOs, so the DE is left to decide whether to factor the source into the approval or rejection of the request.

 

So any SDO can make a request to update the registry.  The DE makes the call about "legitimate".

 

-MSK

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

On 16 Mar 2021, at 10:39, Benjamin Kaduk wrote:

Hi Linda,

The current registration procedure (visible at
https://www.iana.org/assignments/lost-location-profiles/lost-location-profiles.xhtml)
of Standards Action only requires a standards-track RFC to get an
allocation; there is no designated expert involved in that procedure.
RFC 8126 again remains a good reference for these registration policies.

Thanks,

Ben

On Tue, Mar 16, 2021 at 05:12:52PM +0000, Linda Dunbar wrote:

Murray,

Then why need this document?
Isn’t it already the practice that “The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification”?

Linda

From: Murray S. Kucherawy superuser@xxxxxxxxx
Sent: Tuesday, March 16, 2021 11:46 AM
To: Linda Dunbar linda.dunbar@xxxxxxxxxxxxx
Cc: secdir@xxxxxxxx; draft-ietf-ecrit-location-profile-registry-policy.all@xxxxxxxx; ecrit@xxxxxxxx; last-call@xxxxxxxx
Subject: Re: Secdir last call review of draft-ietf-ecrit-location-profile-registry-policy-01

Hi Linda, thanks for your review. Comments below.

On Tue, Mar 16, 2021 at 9:34 AM Linda Dunbar via Datatracker <noreply@xxxxxxxx<mailto:noreply@xxxxxxxx>> wrote:
This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure. It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

Specification Required is defined in RFC 8162. The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification. The DE will have discretion to determine whether an application should be accepted. The document contains no guidance about particular SDOs, so the DE is left to decide whether to factor the source into the approval or rejection of the request.

So any SDO can make a request to update the registry. The DE makes the call about "legitimate".

-MSK

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

On 16 Mar 2021, at 10:39, Benjamin Kaduk wrote:

Hi Linda,

The current registration procedure (visible at
https://www.iana.org/assignments/lost-location-profiles/lost-location-profiles.xhtml)
of Standards Action only requires a standards-track RFC to get an
allocation; there is no designated expert involved in that procedure.
RFC 8126 again remains a good reference for these registration policies.

Thanks,

Ben

On Tue, Mar 16, 2021 at 05:12:52PM +0000, Linda Dunbar wrote:

Murray,

Then why need this document?
Isn’t it already the practice that “The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification”?

Linda

From: Murray S. Kucherawy superuser@xxxxxxxxx
Sent: Tuesday, March 16, 2021 11:46 AM
To: Linda Dunbar linda.dunbar@xxxxxxxxxxxxx
Cc: secdir@xxxxxxxx; draft-ietf-ecrit-location-profile-registry-policy.all@xxxxxxxx; ecrit@xxxxxxxx; last-call@xxxxxxxx
Subject: Re: Secdir last call review of draft-ietf-ecrit-location-profile-registry-policy-01

Hi Linda, thanks for your review. Comments below.

On Tue, Mar 16, 2021 at 9:34 AM Linda Dunbar via Datatracker <noreply@xxxxxxxx<mailto:noreply@xxxxxxxx>> wrote:
This document doesn't seem to be complete. The document claims that it changes
the policy of the Location-to-Service Translation (LoST) Location Profile
registry from Standards Action to Specification Required, but it doesn't
specify what is the new procedure. It says allowing other SDOs to change or
add values. But which SDOs are allowed? Are there any procedures to identify
which SDOs are legitimate? can any organizations, say XYZ, change, add or
delete the values?

Specification Required is defined in RFC 8162. The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification. The DE will have discretion to determine whether an application should be accepted. The document contains no guidance about particular SDOs, so the DE is left to decide whether to factor the source into the approval or rejection of the request.

So any SDO can make a request to update the registry. The DE makes the call about "legitimate".

-MSK

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

On 16 Mar 2021, at 10:40, Murray S. Kucherawy wrote:

On Tue, Mar 16, 2021 at 10:12 AM Linda Dunbar <linda.dunbar@xxxxxxxxxxxxx> wrote:

Then why need this document?

Isn’t it already the practice that “The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification”?

 

No, the current rules for that registry are specified by Standards Action (Section 4.9 of RFC 8126), which requires a standards track RFC.  There's no designated expert in that model.  The working group wants to change the policy to the less restrictive model that allows for specifications published outside of the IETF to qualify, subject to expert review.

 

-MSK

On 16 Mar 2021, at 10:40, Murray S. Kucherawy wrote:

On Tue, Mar 16, 2021 at 10:12 AM Linda Dunbar <linda.dunbar@xxxxxxxxxxxxx> wrote:

Then why need this document?

Isn’t it already the practice that “The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification”?

 

No, the current rules for that registry are specified by Standards Action (Section 4.9 of RFC 8126), which requires a standards track RFC.  There's no designated expert in that model.  The working group wants to change the policy to the less restrictive model that allows for specifications published outside of the IETF to qualify, subject to expert review.

 

-MSK


Ecrit mailing list
Ecrit@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ecrit

On 16 Mar 2021, at 10:40, Murray S. Kucherawy wrote:

On Tue, Mar 16, 2021 at 10:12 AM Linda Dunbar <linda.dunbar@xxxxxxxxxxxxx> wrote:

Then why need this document?

Isn’t it already the practice that “The IESG will be tasked with appointing a designated expert (DE) to review registration requests against the published specification”?

 

No, the current rules for that registry are specified by Standards Action (Section 4.9 of RFC 8126), which requires a standards track RFC.  There's no designated expert in that model.  The working group wants to change the policy to the less restrictive model that allows for specifications published outside of the IETF to qualify, subject to expert review.

 

-MSK

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

On 16 Mar 2021, at 14:01, Randall Gellens wrote:

I just want to add that the document currently does contain some guidance. Section 4 (IANA Considerations) contains:

The reviewer should verify that:
o the proposed new value is specified by the IETF, NENA, or a
similar SDO in which location profiles are in scope;

--Randall

On 16 Mar 2021, at 14:01, Randall Gellens wrote:

I just want to add that the document currently does contain some guidance. Section 4 (IANA Considerations) contains:

The reviewer should verify that:
o the proposed new value is specified by the IETF, NENA, or a
similar SDO in which location profiles are in scope;

--Randall

On 16 Mar 2021, at 14:01, Randall Gellens wrote:

I just want to add that the document currently does contain some guidance. Section 4 (IANA Considerations) contains:

The reviewer should verify that:
o the proposed new value is specified by the IETF, NENA, or a
similar SDO in which location profiles are in scope;

--Randall

On 16 Mar 2021, at 14:01, Randall Gellens wrote:

I just want to add that the document currently does contain some guidance. Section 4 (IANA Considerations) contains:

The reviewer should verify that:
o the proposed new value is specified by the IETF, NENA, or a
similar SDO in which location profiles are in scope;

--Randall


Ecrit mailing list
Ecrit@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ecrit

On 16 Mar 2021, at 14:01, Randall Gellens wrote:

I just want to add that the document currently does contain some guidance. Section 4 (IANA Considerations) contains:

The reviewer should verify that:
o the proposed new value is specified by the IETF, NENA, or a
similar SDO in which location profiles are in scope;

--Randall

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux