[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BGP vs. 2385 draft

To: Steve Bellovin <smb@research.att.com>, iesg@ietf.org
Subject: Re: BGP vs. 2385 draft
From: Harald Tveit Alvestrand <harald@alvestrand.no>
Date: Mon, 07 Apr 2003 11:03:35 +0200
In-reply-to: <20030404194106.4B0AE7B4D@berkshire.research.att.com>
References: <20030404194106.4B0AE7B4D@berkshire.research.att.com>

--On fredag, april 04, 2003 14:41:06 -0500 Steve Bellovin <smb@research.att.com> wrote:

I've put a draft of the BGP vs. 2385 I-D at
http://psg.com/~smb/draft-bellovin-tcpmd5app-00.txt


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Being formalistic:

Abstract

  The IETF Standards Process requires that all normative references for
  a document be at the same or higher level of standardization.  The
  IESG is empowered to grant a waiver of this requirement.  This
  document explains why the IESG has chosen to do so with regard to RFC
  2385, "Protection of BGP Sessions via the TCP MD5 Signature Option",
  to permit promotion of BGP to Draft Standard.

The sentence "The IESG is empowered to grant" should probably be stated as:

RFC 2026 section 9.1 allows the IESG to grant a variance to the standard practices of the IETF.

I *think* the document covers all of:

In exercising
this discretion, the IESG shall at least consider (a) the technical
merit of the specification, (b) the possibility of achieving the
goals of the Internet Standards Process without granting a variance,
(c) alternatives to the granting of a variance, (d) the collateral
and precedential effects of granting a variance, and (e) the IESG's
ability to craft a variance that is as narrow as possible. In
determining whether to approve a variance, the IESG has discretion to
limit the scope of the variance to particular parts of this document
and to impose such additional restrictions or limitations as it
determines appropriate to protect the interests of the Internet
community.

The proposed variance must detail the problem perceived, explain the
precise provision of this document which is causing the need for a
variance, and the results of the IESG's considerations including
consideration of points (a) through (d) in the previous paragraph.
The proposed variance shall be issued as an Internet Draft. The IESG
shall then issue an extended Last-Call, of no less than 4 weeks, to
allow for community comment upon the proposal.

Under "precedential effects", you might add the comment that some other mechanisms (such as LDP) also use TCP-MD5, and that they will use this variance as an argument not to adopt higher-quality security measures, but since the deployment scenario here is even less threatening, that's OK.

I'd also like to use "variance" in the title rather than "waiver", since that's the term that 2026 uses for this type of process modification.

The contents seem fine!

Harald

References:
- BGP vs. 2385 draft
  - From: Steve Bellovin <smb@research.att.com>

Prev by Date: RE: Last Call: Textual Conventions for IPv6 Flow Label to Proposed Standard
Next by Date: Changing procedure for milestone reminders
Previous by thread: BGP vs. 2385 draft
Next by thread: RE: BGP vs. 2385 draft
Index(es):
- Date
- Thread