On Sun, Jul 5, 2026 at 10:58 AM Andrew Lee <[email protected]> wrote:

> Dear Eric,
>
> For starters, the Canadian Centre for Cyber Security is not "some set of
> entities." It is a Five Eyes government cybersecurity agency who has a
> massive impact on an entire nation's infrastructure.
>

Yes, I'm aware of what CCCS is.


They told this mailing list they will treat N the same as Y which is policy
> affecting millions of systems and people therewith.
>

Yes, they did. This still doesn't demonstrate that the flag is "meaningless
in practice"


1. If there is no consensus to publish, which is the opposition's position
> and which Eliot appears to lean on as the reason for the N, then the
> document should not be published at all.
>

Technically, there has to be "rough consensus", not consensus, but
otherwise this is correct. In fact, it's required by RFC 8789.


2. If the chairs determine there IS consensus and publish the RFC, then it
> will have gone through 3 WGLCs and also a full IESG review. At that point,
> "the item has not been evaluated by the IETF" becomes impossible.
>

I agree that this text could be, but in this case I think the best reading
is that the IETF doesn't have a consensus evaluation on the suitability of
the mechanism. That's not the same as the *document* not having been
evaluated by the IETF.

3. The N can then only derive from the limited applicability or specific
> use cases booleans.
>

As i noted above, the applicable text from RFC 9847 is actually:

Indicates that the item has not been evaluated by the IETF and that the
IETF has made no statement about the suitability of the associated
mechanism. This does not necessarily mean that the mechanism is flawed,
only that no consensus exists. The IETF might have consensus to leave an
item marked as "N" on the basis of the item having limited applicability or
usage constraints.

The relevant piece here is "has made no statement about the suitability of
the associated mechanism", but in any case this text does not say that
limited applicability and specific use cases are the only reasons the IETF
might have consensus to leave an iterm marked N.

-Ekr
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to