--On Tuesday, September 12, 2017 09:51 -0400 Kathleen Moriarty
<kathleen.moriarty.ietf@xxxxxxxxx> wrote:
>...
> Russ already named the PKCS documents. OVAL from DHS was
> another somewhat recent one that transferred change control.
> This document does need revision and has been picked up by the
> SACM working group. It's been implemented by about 50 vendors,
> but at this phase it in't lifecycle, it needs some fixing.
To be a little more specific, how would you categorize something
like DMARC which came to IETF already deployed, with some
cautions about making any significant changes, but with the
expectation that the IETF would clean up the mess (of course,
others, especially those involved before it was brought to the
IETF, might characterize things differently than I do).
> Making sure we don't create too many hurdles is important.
Indeed. IMO, the biggest danger in discussions like this is
that we will end up creating procedures and rules that make
doing the right thing for a particular case very painful and/or
time-consuming.
best,
john