Hi Mirja, My read from the meeting mostly similar to yours but slightly different. The IAB was in agreement that a Security Considerations section was not necessary for workshop reports, but there was also a concern raised about this being seen as an exception being made for the IAB given that RFC7322 requires this of all RFCs. If we want to codify this exception we should probably take it up as a retreat topic.
Regards Suresh > On Feb 6, 2025, at 12:13 PM, Mirja Kuehlewind (IETF) <i...@kuehlewind.net> > wrote: > > Hi Suresh, hi all, > > Actually we discussed this yesterday at the IAB meeting and I thought we > agreed that we don’t want security considerations in workshop reports. > > Mirja > > > >> On 6. Feb 2025, at 18:01, Sandy Ginoza <sgin...@amsl.com> wrote: >> >> Hi Suresh, Mirja, >> >> Thank you for your replies. The document has been updated to include the >> following as the Security Considerations text. >> >> This document is a workshop report and does not impact the security of the >> Internet. >> >> >> Mirja, please let us know if any additional updates are needed or if you >> approve the RFC for publication. >> >> Thank you, >> RFC Editor/sg >> >> >>> On Feb 5, 2025, at 8:11 PM, Suresh Krishnan <suresh.krish...@gmail.com> >>> wrote: >>> >>> Hi Lynne, >>> As the document shepherd I am fine with skipping the Security >>> Considerations in this document, as has been done for some past workshop >>> reports. If you feel that special casing these sends out a wrong message to >>> the community I think we can add your proposed boilerplate text and >>> consistently do so for the future. >>> >>> Thanks >>> Suresh >>> >>>> On Feb 3, 2025, at 11:53 AM, Lynne Bartholomew >>>> <lbartholo...@staff.rfc-editor.org> wrote: >>>> >>>> Hi, Mirja and *Suresh. >>>> >>>> Mirja, checking in with you regarding the status of this document. It >>>> appears that several questions remain open. >>>> >>>> * Suresh, please note that in your capacity as Document Shepherd we also >>>> need to hear from you regarding the Security Considerations section and >>>> Mirja's comments below. >>>> >>>> Please review and advise. >>>> >>>> The latest files are posted here. Please refresh your browser: >>>> >>>> https://www.rfc-editor.org/authors/rfc9707.txt >>>> https://www.rfc-editor.org/authors/rfc9707.pdf >>>> https://www.rfc-editor.org/authors/rfc9707.html >>>> https://www.rfc-editor.org/authors/rfc9707.xml >>>> https://www.rfc-editor.org/authors/rfc9707-diff.html >>>> https://www.rfc-editor.org/authors/rfc9707-rfcdiff.html (side by side) >>>> https://www.rfc-editor.org/authors/rfc9707-auth48diff.html >>>> https://www.rfc-editor.org/authors/rfc9707-auth48rfcdiff.html (side by >>>> side) >>>> https://www.rfc-editor.org/authors/rfc9707-lastdiff.html >>>> https://www.rfc-editor.org/authors/rfc9707-lastrfcdiff.html (side by side) >>>> >>>> https://www.rfc-editor.org/authors/rfc9707-xmldiff1.html >>>> https://www.rfc-editor.org/authors/rfc9707-xmldiff2.html >>>> >>>> Thank you! >>>> >>>> RFC Editor/lb >>>> >>>>> On Jan 21, 2025, at 7:32 AM, Mirja Kuehlewind (IETF) >>>>> <i...@kuehlewind.net> wrote: >>>>> >>>>> >>>>> >>>>>> On 8. Jan 2025, at 00:49, Sandy Ginoza <sgin...@amsl.com> wrote: >>>>>> >>>>>> Hi all, >>>>>> >>>>>> Please see comments below. >>>>>> >>>>>>> On Jan 7, 2025, at 9:45 AM, Lynne Bartholomew <lbartholo...@amsl.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Mirja: I don’t think security considerations are useful for workshop >>>>>>>> reports. All workshop reports that I’ve been involved with did not >>>>>>>> have security considerations but I did see that some other reports do. >>>>>>>> However, I assume they have mostly been added during AUTH48 based on >>>>>>>> this kind of request. Particularly just adding the sentence above is >>>>>>>> not useful and I wouldn’t want to do that just for the sake for >>>>>>>> process. If we want security consideration we should come up with real >>>>>>>> ones but as I said I don’t think we should just add anything to report >>>>>>>> in that respect. I think we should conclude with the IAB to not have >>>>>>>> security consideration for workshop reports in general in future. >>>>>>> >>>>>>> [rfced] Agreed that the section isn't necessary in this case, but for >>>>>>> the time being, we need to follow our current process, which includes >>>>>>> asking the Document Shepherd for approval. >>>>> >>>>> The IAB document shepherd or IAB stream manager or maybe IAB chair? >>>>> >>>>>>> >>>>>>> That being said, would you like us to set precedent here by removing >>>>>>> the Security Considerations and asking the Document Shepherd for >>>>>>> approval of the new form? >>>>> >>>>> RFC9490 (M-TEN), RFC9307 (AID), and RFC9075 (COVID) don’t have security >>>>> consideration. Yes, I’m an author on all of these, however, just saying >>>>> this one wouldn’t set the precedent. >>>>> >>>>>> >>>>>> Jumping in on this one - Security Considerations are required per the >>>>>> RFC Style Guide (see >>>>>> https://www.rfc-editor.org/rfc/rfc7322.html#section-4.8.5). We suggest >>>>>> the following: >>>>>> >>>>>> This document is a workshop report and does not impact the security of >>>>>> the Internet. >>>>> >>>>> I’d be fine with that and in this case we should just use this exact same >>>>> phrasing for all reports in my opinion. >>>>> >>>>>> >>>>>> If the IAB would like to discuss special handling for IAB workshop >>>>>> reports, we prefer having the discussion outside of an AUTH48. Please >>>>>> let us know if the text above is acceptable. >>>>> >>>>> Yes, we can’t decide this for good in the auth48 process, however, we >>>>> could simply add a short item to the next IAB call. I don’t think this >>>>> would need a long discussion… >>>>> >>>>> Mirja >>>>> >>>>> >>>>> >>>>>> >>>>>> Thanks, >>>>>> Sandy >>>>> >>>> >>> >> > -- auth48archive mailing list -- auth48archive@rfc-editor.org To unsubscribe send an email to auth48archive-le...@rfc-editor.org
