I will move this reference to normative, I was confused. Thanks, Chris. Benjamin Kaduk <kaduk@xxxxxxx> writes:
Going up to a more general topic (and ignoring the particulars here): On Wed, Mar 06, 2019 at 05:50:00PM -0500, Christian Hopps wrote:Thanks for the review! Comments inline. > On Mar 5, 2019, at 7:26 PM, Datatracker on behalf of Elwyn Davies <ietf-secretariat-reply@xxxxxxxx> wrote: > > > Minor issues: > Abstract/s1: I would judge that RFC 8407 ought to be normative since it is > updated. RFC8407 is a BCP not a Standard though so I don't think it's appropriate to make it normative.I'm confused by this statement. BCPs are considered to be standards-track, and a reference from a PS document to a BCP is not considered a downref. Is the objection that "best current practices" are just that (practices) and not part of a mandatory protocol specification? We do have BCP 195 (RFC 7525), "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)", which are indeed recommendations and best practices for use of TLS in general, and as such can apply to anything using TLS, even existing deployed systems and protocols. But we can also have new protocols that say "it is mandatory to comply with the behavior described in RFC 7525", and to me that is a normative part of the spec. So I'd like a better understanding of your stance here. Thanks, Ben
Attachment:
signature.asc
Description: PGP signature
