On Wed, Feb 25, 2015 at 10:18:17PM -0500, Sam Hartman wrote: > >>>>> "John" == John C Klensin <john-ietf@xxxxxxx> writes: > > John> I think the rest is a bit of a judgment call. While I'd be > John> happy to see a comprehensive document that would address all > John> of those issues, I would also like to get a good description > John> of the RRTYPE published somewhere soon, ideally a couple of > John> years ago. It seems to me that making a complete analysis of > John> security alternatives, or a complete analysis of the URI > John> situation as it relates to this RRTYPE, much less both are > John> likely to be a _lot_ of effort and that, if we want to get the > John> document published, what should be done should probably be > John> confined to explicitly noting the issues, e.g., that any > John> indirection through the DNS raises security issues that need > John> careful understanding and for which there is no magic bullet. > > I'm happy with an informational document that does the above and claims > only to describe the existing RR type. > I'm not happy with a standards-track document that fails to cover the > security issues in significantly better detail. An Informational RFC that merely describes the RR type as it is already registered with the IANA would add little value unless it came with a warning about the unexplored security space. We do need a Standards-Track RFC for this RR because uses of it are starting to pop-up that really could use more information about how to use URI RRs securely. Also, I don't see why we're even talking about publishing as FYI before the shepherding AD and I-D authors decide how to continue. ISTM that the right thing to do here is to give the authors a chance to choose whether to address the comments made here fully, or fall back on the simpler FYI approach. It's not like there's any urgency to publish an FYI here... Nico --