Hi Dave, On Tue, Sep 12, 2017 at 12:15 PM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote: > Kathleen, > > On 9/12/2017 8:51 AM, Kathleen Moriarty wrote: >> >> Having been through this process several times, a few as an >> author/contributor, and one as an AD, it is very helpful to have the >> guidelines that are in place already > > > Going back to my original posting: > > What guidelines do you believe exist and where are they documented? >From my experience, BCP 78 & 78 are the usual references offered as a starting point for legal representatives to review. Then if anything is a little different, the trust is asked for advice and sometimes it goes to legal for discussion and clarification. > > How is someone supposed to find those guidelines? They ask a chair or AD seems to be the usual path. These are things people usually want to talk about and don't happen too often, so the conversation is worth the effort. > > How does someone see the history of agreements that were formulated, as > further guidance about what the IETF arranges? There are many with differing outcomes, so this may not be helpful, IMO. We need some flexibility, well, because lawyers. > > >> We've accepted documents that have and have >> not transferred change control (as has been stated already) and being >> able to work through the options has led to successful contributions. >> >> Russ already named the PKCS documents. OVAL from DHS was another >> somewhat recent one that transferred change control. This document >> does need revision and has been picked up by the SACM working group. >> It's been implemented by about 50 vendors, but at this phase it in't >> lifecycle, it needs some fixing. > > > This is confusing, in several ways. First, historically the IETF always > insisted on taking change control before agreeing to work on/standardize a > specification. The only constraint on this, historically, was on the > original round of work, but with no constraints on later work. So this > sounds like an extremely basic policy got changed somewhere along the way. That's not true. The PKCS series was published without handing over change control until very recently. See https://tools.ietf.org/html/rfc3447 as an example. > > It also suggests that the IETF has sometimes become a subcontractor for some > other group (that retains change control.) Or a publisher of well-known and deployed standards. Yes, that has happened and worked out just fine as RSA had the motivation to amend the documents as needed and contribute the updates. Times have changed and they decided to hand over change control on the remaining documents. There may be other examples, I am just well versed in this set of examples. > > Perhaps you are drawing a distinction between 'bug fixing' versus > 'changing', but again, historically that has only been a constraint on the > first round of effort, not later IETF work on the specification. See above. Best, Kathleen > > Please clarify. > > d/ > > > Apparently > > > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net -- Best regards, Kathleen