IESG:
I hate to add a "me too" but I must. I believe that the RAB minutes would
be very useful if they were published. Having participated with many
Registrars and participated in changes and suggestions to the RRP protocol
through the ICANN Testbed process I welcome Ed's comments.
I am glad that NSI has published the I-D for their protocol, now does it
need to go beyond that and become an RFC, IMHO, no.
The IETF does not need to publish broken implementations of one companies
view of the shared gTLD registration process. Having an AD that sat on the
RAB promote the I-D and offer no reasoning as to why it
*should be* published as an Informational RFC reminds me of the bad taste
left by the IAHC and all the processes related.
I would request that the IESG let this draft expire and create a WG to
tackle the problem. I would be interested in hearing just why the IESG
thinks this document should be published. The document exists as an I-D,
the cat is out of the bag, why should it be an RFC? Its broken and of bad
design we don't need that kind of thing published any further than it has
been.
regards,
-rick
On Tue, 4 Jan 2000, Ed Gerck wrote:
>
>
> Patrik F�ltstr�m wrote:
>
> > So, you are talking about (like we did in the RAB) the quality of the
> > protocol, while I now as AD and member of the IESG is asking whether this
> > document is correctly describing what is in use.
> >
> > I ask you Ed, and all others, to please differentiate between those two
> > issues, and come with comments on the correctness of the document. Comments
> > on the protocol can be sent directly to NSI.
>
> IMO you are following a very slippery slope here. You seem
> now to be moving into "explanation mode" in order to say that
> the protocol's effectiveness is not important, just its perfunctory
> functions.
>
> In other words, you as AD and member of the IESG are saying
> that protocols are to be published as RFCs even if knowingly
> technically wrong, inefficient, outdated and insecure -- provided
> they are "in use".
>
> Well, I may be a little less pragmatic than you and I question exactly
> the correctness of the document, as well as its effectiveness.
>
> And, since our names are still in NSI's page for the Registry Advisory
> Board (RAB) and we were involved with it, I also think that the IETF
> should know that the SRP being proposed by NSI as an RFC and
> being followed through IETF under yours (a former member of the
> RAB) apparent approval is not what the RAB discussed and
> formally requested to change as documented in the RAB minutes locked
> under NDA. The RAB in Ammendment 11 has thus become a mock review
> process locked under NDA, even though the RAB was officially called by
> the USG to "review, participate, and advise in testing of the technology
> aspects of the Shared Registration System, and to suggest improvements
> to Network Solutions to better meet the mandates of Amendment 11."
>
> The least I suggest is to make the RAB Metting Minutes, together with
> its Action Plan, public -- before furthering this RFC in the IETF. Why
> should other people need to reinvent the same comments again? The hope
> that some will not be reinvented is IMO ill-founded as security
> experience shows all the time -- obscurity is not a basis for
> security.
>
> Now, of course, if NSI wants to keep the protocol private then I
> have no further comments.
>
> Cheers,
>
> Ed Gerck
>
