-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Joel Halpern wrote:
> I was talking about a reference to a document in a version
> repository (a github repository).  The comment had nothing to do
> with the corporation "github".  The issue is that the content of
> the reference is not stable.  As Tor evolves, the content of that
> document changes.  For many purposes, that is a good thing.  For
> informative references, this is also fine.  For normative
> references, that is references which must be understood to fully
> understand the document, they must reference stable content.  (URIs
> are allowed if there is reasonable expectation that the content is
> stable.)

If the problem is solely the stability of the reference, then here's
an idea I don't think has been floated yet: include the Git revision
in the normative reference. It's functionally identical to e.g.
including a DOI - as long as you have a copy of the repository that is
newer than the date of the referencing RFC, then you can obtain a
stable copy of the documents at that time. That is IMHO a far easier
reference to look up than many non-RFC normative references, because
the git repository is distributed far and wide, and any mirror/copy of
it can provide an authentic stable copy of the documents. This is
because the Git revision is essentially a hash of the entire
repository and its history at that point in time, and can be
considered a unique identifier (at least until an SHA-1 preimage is
found, but even that would only allow a malicious adversary to fake
their own copy of the repository, not alter anyone else's).

str4d
> 
> Which means that the real question is whether the references need
> to be understood to understand the registration.   This judgment
> belongs to the IESG, not to me.  I reviewed based on my
> understanding.  If the assignment to Tor of .onion is for any use
> that Tor chooses, then indeed the references are informative.  If
> the assignment is for use for some specific problem and behavior,
> then the references are normative.  The wording of the draft led me
> to believe it was the latter.   In either case, the draft should be
> clear about what it is doing.
> 
> Yours, Joel
> 
> -----Original Message----- From: Alec Muffett [mailto:[email protected]]
>  Sent: Thursday, September 03, 2015 11:32 AM To: Joe Abley Cc:
> hellekin; [email protected]; Brian Haberman;
> [email protected]; [email protected];
> [email protected]; [email protected];
> [email protected]; Jari Arkko; The IESG;
> Joel Halpern Subject: Re: [DNSOP] Jari Arkko's No Record on
> draft-ietf-dnsop-onion-tld-00: (with COMMENT)
> 
> Hi Joe!
> 
> 
>> On Sep 3, 2015, at 4:02 PM, Joe Abley <[email protected]>
>> wrote: Pretty sure Joel was just referring to where the current
>> documentation is stored, not poking sticks at corporations.
> 
> Just in order to fight potential confusion at any point where it
> might flare up, lest other folk jump into this discussion and try
> running with it:
> 
> * The Tor specifications and code are on a Git repository owned by
> the Tor project, not at Github.  A simple DNS lookup will confirm
> this:
> 
> $ dig gitweb.torproject.org ; <<>> DiG 9.8.3-P1 <<>>
> gitweb.torproject.org […] ;; ANSWER SECTION: gitweb.torproject.org.
> 3600  IN      CNAME   vineale.torproject.org. vineale.torproject.org. 3600
> IN    A       154.35.132.68
> 
> - so, any arguments which involve Github (Incorporated) are poorly
> grounded.
> 
> Continuing:
> 
> 
>> There's nothing in 6761 section 5 that demands a reference to a
>> stable specification. The fact that there's any reference at all
>> is a courtesy.
> 
> 
> Per my previous e-mail, I would be happy to pluck out
> specifications, especially if they are blocking progress, because I
> see their inclusion as irrelevant to the matter of registering the
> special use domain name.
> 
> -a
> 
> 
> 
> — Alec Muffett Security Infrastructure Facebook Engineering London
> 
> 
> _______________________________________________ DNSOP mailing list 
> [email protected] https://www.ietf.org/mailman/listinfo/dnsop
> 
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJV6OwOAAoJEBO17ljAn7PgWJsP/3gcWIUMKPayC43SmnRqjZ54
Q8H+h/Ma5a5KGdbdZd/DVW2FELLW3CS7mccbymEfoxfiDY09+FqjU/vsxSV5Ucub
XnUJUjmEP89FWUBL8VTUl6bXOpijtUq1Luw9hbE7eKsGqjHTFhESf1/H1NQsqLW7
7Z6q13yMgPx6X41+ls2i8yrf7hZth/aRo8e+GByecGkYC8Eti2FbX7ye8jWemWno
2F+pDzfUVWoVnAwpmL+UzEzfWKHxI6p1W9xC6K0/iy+qXmqN63crTMtMLFojDVoK
lUhjeQGw8l9SqBHTL+KmROZVK/0MdHPeHum+PRfgZA39XSkORdjnfwvGxsjryocH
m1EysD/YuPdBdZMoe4m5UUafVifvfhdaWKxZ6rkKRnG5DoU309VxtpTCdsjW8X7s
1OSU8NPctAKYs7VGk8uk6k0G46DProPp2TV5PPFb63Zgq2ywHdlbkaJ8XHED8tlY
x5xQ5wiekvYH7gHDoSU8k8+3l8N21KG9CwJ42ICOgE2SYB5uhkL7NCXJ0iAZKwNw
B6h6bnAKjveezkf+D6yEtlKQ7fl8ber7x4tXAAm85XIPK0A23LBTQfu73vZ+aIXX
sUUc//ijtg+tS4Rckx1Qx/NeZzkwCj+SZmKKQp+1ptFNc0lVLnsFIvT8z6lSBUmJ
QZGsJ+XN5V3uBEBdJBAT
=LdeE
-----END PGP SIGNATURE-----

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to