Hi all,
Before an RFC is published, the RPC checks the references to ensure that
they are current. However, like RFCs, external sources can be updated or
obsoleted after the RFC is published.
On 4/2/25 2:13 AM, S Moonesamy wrote:
Hi Alexis,
An RFC can reference an external standard or an external source. As an
example, RFC 3174 has the following reference:
"Secure Hash Standard", United States of American,
National Institute of Science and Technology, Federal
Information Processing Standard (FIPS) 180-1, April
1993
[JM] Although this standard has been superseded, it is still available
at csrc.nist.gov and a reader can also find the latest version. Note
that RFC 3174 has been updated by RFC 6234, which references the Secure
Hash Standard document that was current at the time (FIPS 180-3, which
is also still available).
It may happen that the external source disappeared, e.g. Erratum #8090.
[JM] We discussed this erratum report on this list [1]. We couldn't find
the paper, and the journal seems to have folded, so yes, this source is
gone. Note that missing sources should be less of an issue in the
future because outlinks from RFCs started to be archived in 2023 [2].
Erratum report 8090 [3] was rejected based on the IESG's guidance for
handling errata reports that mention broken URIs [4] (i.e., the link was
valid at the time of publication).
There was recently a case of a external standard/source, referenced
normatively, which was retracted.
[JM] Which standard is this?
Do other publishers recommend that the external/source be marked as
"retracted"?
[JM] We don't know if [ZONEENUM] (the subject of erratum report 8090)
was retracted. We just don't know what happened to it.
If [ZONEENUM] was retracted (in the sense of academic publishing [5]),
it would be up to its publisher to make this known. It would then be up
to the IETF stream to determine if a bis or Updates document would be
required to handle the retraction or if a verified erratum would be
sufficient.
Note, though, that [ZONEENUM] is an informative reference, and there is
another, accessible reference that supports the statement made in RFC 9276:
Recent academic studies have shown that NSEC3 hashing provides
only moderate protection [GPUNSEC3] [ZONEENUM].
So the inaccessibility of [ZONEENUM] is not an impediment to
understanding the text.
Best regards,
Jean
[1]
https://mailarchive.ietf.org/arch/msg/rfc-interest/s8tsACJrTzLJYouiK8mUT1H_4B8/
[2]
https://mailarchive.ietf.org/arch/msg/rfc-interest/0Xyf9GdXgQICq7p4luH7r91T110/
[3] https://www.rfc-editor.org/errata/eid8090
[4]
https://datatracker.ietf.org/doc/statement-iesg-iesg-processing-of-rfc-errata-for-the-ietf-stream-20210507/
[5] https://en.wikipedia.org/wiki/Retraction_in_academic_publishing
Regards,
S. Moonesamy
_______________________________________________
rfc-interest mailing list -- rfc-interest@rfc-editor.org
To unsubscribe send an email to rfc-interest-le...@rfc-editor.org
_______________________________________________
rfc-interest mailing list -- rfc-interest@rfc-editor.org
To unsubscribe send an email to rfc-interest-le...@rfc-editor.org
