On Fri, Sep 28, 2018 at 03:30:54PM -0400, Russ Housley wrote: > > > > On Sep 28, 2018, at 3:23 PM, Paul Wouters <paul@xxxxxxxxx> wrote: > > > > > > I just noticed this draft: > > > > Commercial National Security Algorithm (CNSA) Suite Profile of Certificate Management over CMS > > > > https://tools.ietf.org/html/draft-jenkins-cnsa-cmc-profile-00 > > > > We had a discussion in the past where it seems a bunch of people thought > > that publushing RFC's with specific nation states profiles was no longer > > deemed neccessary or wise. It looks like this publication should be a > > FIPS document, not an RFC. > > > > This was for instance, discussed here: > > > > https://mailarchive.ietf.org/arch/msg/ietf/Gfo9si95rem3UtzGlEn9-AK22ro > > > > Some of the text is also very wrong, such as: > > > > NSA is publishing a set of RFCs, including this one, to provide > > updated guidance concerning the use of certain commonly available > > commercial algorithms in IETF protocols. > > > > The IETF publishes RFCs, not the NSA. It is another sign that this is > > the wrong venue for publishing what they want to publish. > > Paul: > > That thread came to the conclusion that the IETF should not process profiles for any nations states. In my opinion, there is value in making it easy for implementers to find such profiles. So, if the Independent Stream Editor is willing to process such profiles, they can be published as RFCs, which would not consume any resources from the IETF leadership. With apologies for nitpicking, phrased this way as an absolute it is false -- the IESG would still do a conflict review of the ISE document(s). -Ben
