Hi Mirja, Please see notes below.
> On Jan 21, 2025, at 7:32 AM, Mirja Kuehlewind (IETF) <i...@kuehlewind.net> > wrote: > > > >> On 8. Jan 2025, at 00:49, Sandy Ginoza <sgin...@amsl.com> wrote: >> >> Hi all, >> >> Please see comments below. >> >>> On Jan 7, 2025, at 9:45 AM, Lynne Bartholomew <lbartholo...@amsl.com> wrote: >>> >>>> Mirja: I don’t think security considerations are useful for workshop >>>> reports. All workshop reports that I’ve been involved with did not have >>>> security considerations but I did see that some other reports do. However, >>>> I assume they have mostly been added during AUTH48 based on this kind of >>>> request. Particularly just adding the sentence above is not useful and I >>>> wouldn’t want to do that just for the sake for process. If we want >>>> security consideration we should come up with real ones but as I said I >>>> don’t think we should just add anything to report in that respect. I think >>>> we should conclude with the IAB to not have security consideration for >>>> workshop reports in general in future. >>> >>> [rfced] Agreed that the section isn't necessary in this case, but for the >>> time being, we need to follow our current process, which includes asking >>> the Document Shepherd for approval. > > The IAB document shepherd or IAB stream manager or maybe IAB chair? > >>> >>> That being said, would you like us to set precedent here by removing the >>> Security Considerations and asking the Document Shepherd for approval of >>> the new form? > > RFC9490 (M-TEN), RFC9307 (AID), and RFC9075 (COVID) don’t have security > consideration. Yes, I’m an author on all of these, however, just saying this > one wouldn’t set the precedent. > >> >> Jumping in on this one - Security Considerations are required per the RFC >> Style Guide (see https://www.rfc-editor.org/rfc/rfc7322.html#section-4.8.5). >> We suggest the following: >> >> This document is a workshop report and does not impact the security of the >> Internet. > > I’d be fine with that and in this case we should just use this exact same > phrasing for all reports in my opinion. >> >> If the IAB would like to discuss special handling for IAB workshop reports, >> we prefer having the discussion outside of an AUTH48. Please let us know if >> the text above is acceptable. > > Yes, we can’t decide this for good in the auth48 process, however, we could > simply add a short item to the next IAB call. I don’t think this would need a > long discussion… The Security Considerations section is a Series-wide requirement per the RFC Style Guide [1]. RFC 3552 [2] also indicates that "All RFCs are required to have a Security Considerations section.” If we want to change this, we’d like to discuss this as a potential Series-wide change. [1] https://www.rfc-editor.org/rfc/rfc7322.html#section-4.8.5 [2] https://www.rfc-editor.org/rfc/rfc3552.html Thanks, Sandy > > Mirja > > > >> >> Thanks, >> Sandy > -- auth48archive mailing list -- auth48archive@rfc-editor.org To unsubscribe send an email to auth48archive-le...@rfc-editor.org
