Hi all, Viktor has worked with a bunch of the folks who've commented on this and produced a version -03. [1] (Thanks to all for getting that done quickly btw!) Please comment on that in the next week especially if these changes change your opinion/position on the draft. (But *do* say why:-) If these changes don't change your opinion/position then there's no need to re-iterate comments made earlier. Thanks, S. [1] https://tools.ietf.org/html/draft-dukhovni-opportunistic-security-03 On 08/08/14 15:32, Stephen Farrell wrote: > > Hiya, > > The LC for this formally ended on the 5th. Here's my > summary of where we are. > > I think there are open issues still to address, but > that could (all going well) be addressed very soon > after which we should move ahead. > > Those are: > > - We should establish the audience for this. I think > that may be behind some of the harder to handle > objections seen. That could result in a major change, > for now, I assume below that it won't - if it did, > then a new plan would be needed. > > - Many folks want better definition text at the start > of section 3 of the draft. They're right I reckon. > > - Viktor needs to finish processing detailed Steve Kent > comments and other bits and pieces, as per list mails, > and give folks a chance to review those. > > - Views differ on use of 2119 language (what's new there:-), > most likely leave that as-is and IESG can argue if > needed. > > My conclusion - once the above is done, which is quite > do-able but not yet done, and folks have had a chance to > look at that for a few days without yelling that its gone > backwards, this should be fine to put into IESG eval, > without another 4 week IETF LC - I do think there's > consensus on the concept if we get the text right and the > IESG can evaluate if we have succeeded in that. (That > being modulo the audience discussion not resulting in > a major change.) > > So I'll kick the thread on the audience to the top in > a bit and will work with Viktor and Paul (Shepherd) > and some of the folks who've commented to get text for > a -03 version out for folks to look at. All going well > a week or so later I'll put this into IESG eval. > > So you can think of this as extending the IETF LC out > to the publication date of -03 plus one week if you > like. Do yell if you think that needs to go out to > IETF announce formally. (I don't think it does but > its easy so we can if need be.) > > Cheers, > S. > > PS: My notes from the LC thread are below fwiw. And I've > a few comments of my own (minus hat) on the -02 that I'll > send separately as well. > > Searched for subject containing opportunistic on > ietf@xxxxxxxx via [1] at about 2014-08-08T11:00:00Z. 190 > messages matched. > > [1] > https://mailarchive.ietf.org/arch/search/?email_list=ietf&q=opportunistic > > These are my notes on those messages, comparing against -02 > of the draft (so mostly not mentioning stuff Viktor alredy > fixed) > > - First batch were purely process things, no LC issues > resulting, so I'll ignore those. > > - Nico W (07-08, and later) > - add "floor" > - add examples > > - SM (07-08) made a bunch of comments, including: > - 2119 keywords inappropriate > - "An opportunistic security protocol MUST" he noted > that OS is not a protocol but a philoposophy (or > maybe better: protocol design pattern) > - he's ok with publishing > > - Randy B. (07-09) is ok > > - Eliot L (07-09): > - don't define just wrt encryption (done) > - abstract edit - partly done > - make it a BCP (no, SF replied to that) > > - Sam H. (07-09) likes it wants to keep 2119 terms > > - Martin T (07-11) genart review > - definition to start of section 3 > - state issue in sec cons. (presumably the false > sense of security shibboleth) > - ditch 2119 > > - Rene S. (07-11): > - say more about enforcement being better than OS > > - Dave C. (07-25): > - don't use OS term > - do provide a definition (some back and forth with > Steve K around 07-30 had suggestions) > > - Ian G (response from VK, 07-27), presumably Ian G on saag: - define > a term for what went before, suggestions > included: complete-security, all-or-nothing > > - Tim B (07-28) its ok, publish ASAP > > - Henry H. (07-31): best is ill-defined, happy with that > > - Tom P: (07-31) - switch para order in section 3 > - includes suggested text > > - Dave C. (08-04) - who are the target audience? > - security/protocol designers or more broad? (the > former IMO) > - various discussion, with a VK proposal for text > on 08/06 (15:44 UTC) > - proposed new term - no significant backing visible > > - Scott K. (08-04) leave it as is > > - Steve K. (08-05): > - define OS! > - quite a number of detailed comments responded to by > VK, best to get re-review of new text as some but > not all changes seem agreed > > - Rene S. (O8-06): > - fix PFS definition (isn't there one in 4949?) > - same point about no false sense of sec, but > with a possible sec consideration bit of text > > > > >