> On 8. Jan 2025, at 00:49, Sandy Ginoza <sgin...@amsl.com> wrote: > > Hi all, > > Please see comments below. > >> On Jan 7, 2025, at 9:45 AM, Lynne Bartholomew <lbartholo...@amsl.com> wrote: >> >>> Mirja: I don’t think security considerations are useful for workshop >>> reports. All workshop reports that I’ve been involved with did not have >>> security considerations but I did see that some other reports do. However, >>> I assume they have mostly been added during AUTH48 based on this kind of >>> request. Particularly just adding the sentence above is not useful and I >>> wouldn’t want to do that just for the sake for process. If we want security >>> consideration we should come up with real ones but as I said I don’t think >>> we should just add anything to report in that respect. I think we should >>> conclude with the IAB to not have security consideration for workshop >>> reports in general in future. >> >> [rfced] Agreed that the section isn't necessary in this case, but for the >> time being, we need to follow our current process, which includes asking the >> Document Shepherd for approval.
The IAB document shepherd or IAB stream manager or maybe IAB chair? >> >> That being said, would you like us to set precedent here by removing the >> Security Considerations and asking the Document Shepherd for approval of the >> new form? RFC9490 (M-TEN), RFC9307 (AID), and RFC9075 (COVID) don’t have security consideration. Yes, I’m an author on all of these, however, just saying this one wouldn’t set the precedent. > > Jumping in on this one - Security Considerations are required per the RFC > Style Guide (see https://www.rfc-editor.org/rfc/rfc7322.html#section-4.8.5). > We suggest the following: > > This document is a workshop report and does not impact the security of the > Internet. I’d be fine with that and in this case we should just use this exact same phrasing for all reports in my opinion. > > If the IAB would like to discuss special handling for IAB workshop reports, > we prefer having the discussion outside of an AUTH48. Please let us know if > the text above is acceptable. Yes, we can’t decide this for good in the auth48 process, however, we could simply add a short item to the next IAB call. I don’t think this would need a long discussion… Mirja > > Thanks, > Sandy -- auth48archive mailing list -- auth48archive@rfc-editor.org To unsubscribe send an email to auth48archive-le...@rfc-editor.org
