Hi Samuel,
Thank you for the review.
Samuel Weiler wrote:
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
From a security perspective, I have no issues with this document. It
creates a new registry and defines two sets of assignment metrics, one
for "common use" keywords, and one for vendor-specific keywords.
It also registers four keywords. (I'm wondering if it shouldn't be
registering more.)
Further registrations will be done by the designated expert. I am
concerned that if I put all of them in the document, then the document
will never finish.
I'm finding the IANA assignment metrics to be a little more ambiguous
that I'd like.
Starting with the vendor-specific text:
Registration of vendor specific IMAP keywords is done on First Come
First Serve [RFC5226] basis and doesn't require the Expert Review.
However such review is still encouraged. Should the review be
requested, ...
Who requests the review?
The registrant or IANA?
Good question. I was thinking about the registrant. But IANA requesting
review would be a good idea as well.
Does IANA need to encourage the review? Perhaps it would be better to
have all requests (including vendor-specific) be sent to the mailing
list, with IANA assignment of the vendor-specific ones being automatic
following a (short) delay for comment and optional revision.
Ok, I've implemented this procedure in my copy.
And for the common-use:
Registration of an IMAP keyword intended for common use (whether or
not they use the "$" prefix) requires Expert Review [RFC5226]. IESG
appoints one or more Expert Reviewer, one of which is designated as
the primary Expert Reviewer. IMAP keywords intended for common use
SHOULD be standardized in IETF Consensus [RFC5226] documents. ...
In cases when an IMAP
Keyword being registered is already deployed, Expert Reviewers
should favour registering it over requiring perfect documentation.
Would it be better to say: "requires either IETF Consensus or Expert
Review"?
Not everybody is subscribed to ietf or ietf-announce mailing lists, so I
would like for all common use registrations to go through the expert.
(For example: do the registrations made in this doc have to go through
Expert Review?
No, because they are a part of the document that creates the registry ;-).
Isn't it enough to have them in a consensus doc?") And how do you
expect the expert to encourage/enforce the SHOULD, given the "favour
registering it over requiring perfect documentation" guideline?
Again, the current text isn't as clear as I'd like.
This is intentional. This is a judgment call by the expert.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf