well the RFC Editor does have errata pages now. this might be
a good use for them, until such time as corrective RFCs can
be written and published.
I suggest that, from a process standpoint, if we start deprecating
standards-track documents/ recommendations by errata page, we will
be in big trouble... or will need a process and bureaucracy
equivalent to the IESG for errata page approvals.
I would stop short of deprecating standards via the errata pages. At
most they should say that the applicability of the standard is being
reconsidered.
However if we find that there are newly discovered risks with using a
particular security technology, it does seem prudent to associate
that information with the relevant RFCs, and this would be a resource
that authors of new documents could consult when deciding which
technologies to use.
Keith
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf