On Mon, Feb 26, 2018 at 11:47 PM, Jim Schaad <i...@augustcellars.com> wrote:
> > > > > *From:* Dan Romascanu [mailto:droma...@gmail.com] > *Sent:* Monday, February 26, 2018 1:19 PM > *To:* Jim Schaad <i...@augustcellars.com> > *Cc:* gen-art <gen-art@ietf.org>; a...@ietf.org; ietf <i...@ietf.org>; > draft-ietf-ace-cbor-web-token....@ietf.org > *Subject:* Re: Genart telechat review of draft-ietf-ace-cbor-web-token-12 > > > > Hi Jim, > > Thank you for your answer and for addressing my comments. > > On item #2: > > > > On Mon, Feb 26, 2018 at 10:12 PM, Jim Schaad <i...@augustcellars.com> > wrote: > > > > > -----Original Message----- > > From: Dan Romascanu [mailto:droma...@gmail.com] > > > > > > ... > > > > > 2. I am a little confused by the definition of policies in Section 9.1: > > > > Depending upon the values being requested, registration requests are > > evaluated on a Standards Track Required, Specification Required, > > Expert Review, or Private Use basis [RFC8126] after a three-week > > review period on the cwt-reg-rev...@ietf.org mailing list, on the > > advice of one or more Designated Experts. > > > > How does this work? The request is forwarded to the designated expert, > > he/she make a recommendation concerning the policy on the mail list, and > > depending on the feedback received a policy is selected? Who establishes > > consensus? > > > > Frankly, I wonder if this can work at all. Are there other examples of > four > > different policies for the same registry, applied on a case-to-case > basis? > > This is the same approach that is being used for the COSE registries. As > an example, you can look at https://www.iana.org/ > assignments/cose/cose.xhtml#algorithms. > > Part of the issue about this is that the JOSE/JWT registries do have the > same different policies, but that differences are hidden from the IANA > registry. Since they allow for a URI to be used as the identifier of a > field, only the plain text versions are registered. Thus I can use " > http://augustcellars.com/JWT/My_Tag"; as an identifier. Since for CBOR > the set of tag values is closed and does not have this escape (nor would > one want the length of the tag) it is necessary to have this break down of > tag fields. > > > > > This does not seem to be exactly the same approach. The COSE RFC 8152 > defines the registry policy in a different manner. There is only one policy > that is proposed 'Expert Review' and than the Expert Review Instructions > are used to define the cases when a Standards Track specification is > required. No such text exists in the current I-D. There is no separation of > the values space in the registry according to the type of assignment here, > as in RFC 8152. > > > > [JLS] The policies look to be the same to me, but I may be missing > something that you are seeing.. Remember that Specification Required > implies Expert review. > > > > Hi Jim, You seem to miss the exact definition of policies. Please see RFC 8126, Section 4. Expert Review and Specification Required are two different policies, even if one implies the other. Your document defines multiple policies for the same registry, without making clear which is to be used and when. This is unusual. Regards, Dan
_______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
