On 24/07/2019 04:13, Benjamin Kaduk wrote: > On Wed, Jul 24, 2019 at 03:35:43AM +0100, Dennis Jackson wrote: >> On 24/07/2019 02:55, Bret Jordan wrote: >>> As a professional organization and part of due diligence, we need to try >>> and understand the risks and ramifications on the deployments of our >>> solutions. This means, understanding exactly how the market uses and >>> needs to use the solutions we create. When we remove or change some >>> technology, we should try hard to provide a work around. If a work >>> around is not possible, we need to cleanly document how these changes >>> are going to impact the market so it can prepare. This is the >>> responsible and prudent thing to do in a professional organization like >>> the IETF. >>> >> >> The IETF is for development of Internet Standards. If you want to >> publish your (subjective) analysis of how a particular standard is going >> to impact your market segment, there are any number of better venues: >> trade magazines, industry associations, your company website, etc. > > Actually, the Independent stream of the RFC series is purpose-built for > individual commentary on the consequences of a particular standard > [including in a particular segment], and would be superior (at least in > my opinion) to any of the venues you list. (See RFC 4846.) But I > believe the current ISE asks authors to try fairly hard to publish their > work in the IETF before accepting it to the Indepndent stream.
I was thinking of 'published by the IETF' to mean the IETF stream. Publishing in the Independent stream, without any proper review, consensus or claim of fitness is a different matter altogether. >>> The draft that Nancy and others have worked on is a great start to >>> documenting how these new solutions are going to impact organizational >>> networks. Regardless of whether you like the use-cases or regulations >>> that some organizations have, they are valid and our new solutions are >>> going to impact them. >> >> This isn't a question of quality. The IETF simply doesn't publish >> documents of this nature (to my knowledge). > > The IETF can publish whatever there is IETF consensus to publish. (And > a little bit more, besides, though that is probably not relevant to the > current discussion.) > > I don't have a great sense of what you mean by "documents of this > nature". If you were to say "the IETF does not publish speculative and > subjective discussion of possible future impact", I'd be fairly likely > to agree with you (but I have also seen a fair bit of speculation get > published). This was my intended meaning. I'd feel rather differently about "the IETF does not > publish objective analysis of the consequences of protocol changes on > previously deployed configurations", and would ask if you think a > document in the latter category is impossible for the TLS 1.2->1.3 > transition. (My understanding is that the latter category of document > is the desired proposal, regardless of the current state of the draft in > question.) The authors initiated this discussion by stating their draft was stable and requesting publication. Consequently, I think it must be judged on the current state, rather than the desired outcome. Even considering your more generous interpretation... the objective discussion is only 3 out of 15 pages and none of the 5 claims appears to be correct. (As others have pointed out). Best, Dennis > -Ben > > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
