Julian Reschke <julian.reschke@xxxxxx> writes: > On 22.04.2010 07:59, Yoav Nir wrote: >>> When RFC-5746 was recently published, the URL from an extremely useful >>> informative reference apparently got stripped by the RFC Editor: >>> >>> draft -03: >>> >>> [Ray09] Ray, M., "Authentication Gap in TLS Renegotiation", >>> November 2009,<http://extendedsubset.com/?p=8>. >>> >>> [SSLv3] Freier, A., Karlton, P., and P. Kocher, "The SSL Protocol >>> Version 3.0", November 1996,<http://www.mozilla.org/ >>> projects/security/pki/nss/ssl/draft302.txt>. >>> >>> RFC-5746: >>> >>> [Ray09] Ray, M., "Authentication Gap in TLS Renegotiation", >>> November 2009,<http://extendedsubset.com/?p=8>. >>> >>> [SSLv3] Freier, A., Karlton, P., and P. Kocher, "The SSL Protocol >>> Version 3.0", Work in Progress, November 1996. >> >> Nice, so they took out the link to a draft that has been there forever, but left a link to somebody's blog (even if that someone is the document author) > > Well, this was approved by the authors during AUTH48, no? It is easy to fail to catch a change like that, even if you are an author. The RFC Editor modified SASL GS2 (still in RFC Editor's queue) in a similar way: they replaced a reference to an old I-D with the final RFC, but the reference to that particular old I-D was intentional. How about a "IETF48" review period? The to-be-published RFC is published again as a new I-D and the entire community can do final review of the changes introduced during the RFC editing process. Right now, the I-D approved by the community and the IESG can be considerably different from what is published as an RFC. There is a risk that errors are introduced. For example, compare SCRAM and GS2 changes: http://tools.ietf.org/rfcdiff?url2=http://www.rfc-editor.org/authors/rfc5802.txt&url1=draft-ietf-sasl-scram-11 http://tools.ietf.org/rfcdiff?url2=http://www.rfc-editor.org/authors/rfc5801.txt&url1=draft-ietf-sasl-gs2-20 There is a bunch of quite technical changes in there that we really want to get right, and the review of these modifications have been limited. /Simon _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf