Hi Jean, This is fine. Thanks!
Mirja > On 11. Feb 2025, at 23:20, Jean Mahoney <jmaho...@staff.rfc-editor.org> wrote: > > Mirja, > > Please let us know if any additional updates are needed or if you approve the > RFC for publication. The updates to the Security Considerations section may > be seen here: > > https://www.rfc-editor.org/authors/rfc9707-lastrfcdiff.html > (side by side) > > https://www.rfc-editor.org/authors/rfc9707.txt > https://www.rfc-editor.org/authors/rfc9707.pdf > https://www.rfc-editor.org/authors/rfc9707.html > https://www.rfc-editor.org/authors/rfc9707.xml > > https://www.rfc-editor.org/authors/rfc9707-diff.html > https://www.rfc-editor.org/authors/rfc9707-rfcdiff.html > (all changes side by side) > https://www.rfc-editor.org/authors/rfc9707-auth48diff.html > https://www.rfc-editor.org/authors/rfc9707-auth48rfcdiff.html > (AUTH48 changes side by side) > https://www.rfc-editor.org/authors/rfc9707-lastdiff.html > > Best regards, > RFC Editor/jm > > > On 2/10/25 6:17 PM, Jean Mahoney wrote: >> Hi all, >> First off, the RPC apologizes for not catching the lack of Security >> Considerations in other IAB workshop documents (RFCs 9490, 9307, and 9075). >> As one of the editors of RFC 9490, I can only say that I noted the lack of >> Security Considerations on our checklist, but I failed to write a question >> about it to the authors. >> On 2/6/25 10:15 PM, Suresh Krishnan wrote: >>> Hi Mirja, >>> My read from the meeting mostly similar to yours but slightly different. >>> The IAB was in agreement that a Security Considerations section was not >>> necessary for workshop reports, but there was also a concern raised about >>> this being seen as an exception being made for the IAB given that RFC7322 >>> requires this of all RFCs. If we want to codify this exception we should >>> probably take it up as a retreat topic. >> [JM] Please note that the requirement for a Security Considerations section >> goes back to RFC 1543 "Instructions to RFC Authors" [1]. The inclusion of a >> Security Considerations section is considered an RFC Series policy. >> The RPC recommends that the recently added Security Considerations section >> remain in RFC-to-be 9707, and that the discussion of the applicability of >> the Security Considerations section take place on the RSWG mailing list. >> There is already the concept of an "empty" Security Considerations section >> ("This document does not impact the security of the Internet"), which has >> been used in multiple RFCs. We could add clearer guidance to rfc7322bis >> about the use of the "empty" Security Considerations section, or perhaps >> there could be an update to RFC 3552 "Guidelines for Writing RFC Text on >> Security Considerations" [2]. >> Best regards, >> Jean >> [1] https://www.rfc-editor.org/rfc/rfc1543#section-8 >> [2] https://www.rfc-editor.org/rfc/rfc3552 >>> >>> Regards >>> Suresh >>> >>>> On Feb 6, 2025, at 12:13 PM, Mirja Kuehlewind (IETF) <i...@kuehlewind.net> >>>> wrote: >>>> >>>> Hi Suresh, hi all, >>>> >>>> Actually we discussed this yesterday at the IAB meeting and I thought we >>>> agreed that we don’t want security considerations in workshop reports. >>>> >>>> Mirja >>>> >>>> >>>> >>>>> On 6. Feb 2025, at 18:01, Sandy Ginoza <sgin...@amsl.com> wrote: >>>>> >>>>> Hi Suresh, Mirja, >>>>> >>>>> Thank you for your replies. The document has been updated to include the >>>>> following as the Security Considerations text. >>>>> >>>>> This document is a workshop report and does not impact the security of >>>>> the Internet. >>>>> >>>>> >>>>> Mirja, please let us know if any additional updates are needed or if you >>>>> approve the RFC for publication. >>>>> >>>>> Thank you, >>>>> RFC Editor/sg >>>>> >>>>> >>>>>> On Feb 5, 2025, at 8:11 PM, Suresh Krishnan <suresh.krish...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> Hi Lynne, >>>>>> As the document shepherd I am fine with skipping the Security >>>>>> Considerations in this document, as has been done for some past workshop >>>>>> reports. If you feel that special casing these sends out a wrong message >>>>>> to the community I think we can add your proposed boilerplate text and >>>>>> consistently do so for the future. >>>>>> >>>>>> Thanks >>>>>> Suresh >>>>>> >>>>>>> On Feb 3, 2025, at 11:53 AM, Lynne Bartholomew >>>>>>> <lbartholo...@staff.rfc-editor.org> wrote: >>>>>>> >>>>>>> Hi, Mirja and *Suresh. >>>>>>> >>>>>>> Mirja, checking in with you regarding the status of this document. It >>>>>>> appears that several questions remain open. >>>>>>> >>>>>>> * Suresh, please note that in your capacity as Document Shepherd we >>>>>>> also need to hear from you regarding the Security Considerations >>>>>>> section and Mirja's comments below. >>>>>>> >>>>>>> Please review and advise. >>>>>>> >>>>>>> The latest files are posted here. Please refresh your browser: >>>>>>> >>>>>>> https://www.rfc-editor.org/authors/rfc9707.txt >>>>>>> https://www.rfc-editor.org/authors/rfc9707.pdf >>>>>>> https://www.rfc-editor.org/authors/rfc9707.html >>>>>>> https://www.rfc-editor.org/authors/rfc9707.xml >>>>>>> https://www.rfc-editor.org/authors/rfc9707-diff.html >>>>>>> https://www.rfc-editor.org/authors/rfc9707-rfcdiff.html (side by side) >>>>>>> https://www.rfc-editor.org/authors/rfc9707-auth48diff.html >>>>>>> https://www.rfc-editor.org/authors/rfc9707-auth48rfcdiff.html (side by >>>>>>> side) >>>>>>> https://www.rfc-editor.org/authors/rfc9707-lastdiff.html >>>>>>> https://www.rfc-editor.org/authors/rfc9707-lastrfcdiff.html (side by >>>>>>> side) >>>>>>> >>>>>>> https://www.rfc-editor.org/authors/rfc9707-xmldiff1.html >>>>>>> https://www.rfc-editor.org/authors/rfc9707-xmldiff2.html >>>>>>> >>>>>>> Thank you! >>>>>>> >>>>>>> RFC Editor/lb >>>>>>> >>>>>>>> On Jan 21, 2025, at 7:32 AM, Mirja Kuehlewind (IETF) >>>>>>>> <i...@kuehlewind.net> wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> On 8. Jan 2025, at 00:49, Sandy Ginoza <sgin...@amsl.com> wrote: >>>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> >>>>>>>>> Please see comments below. >>>>>>>>> >>>>>>>>>> On Jan 7, 2025, at 9:45 AM, Lynne Bartholomew >>>>>>>>>> <lbartholo...@amsl.com> wrote: >>>>>>>>>> >>>>>>>>>>> Mirja: I don’t think security considerations are useful for >>>>>>>>>>> workshop reports. All workshop reports that I’ve been involved with >>>>>>>>>>> did not have security considerations but I did see that some other >>>>>>>>>>> reports do. However, I assume they have mostly been added during >>>>>>>>>>> AUTH48 based on this kind of request. Particularly just adding the >>>>>>>>>>> sentence above is not useful and I wouldn’t want to do that just >>>>>>>>>>> for the sake for process. If we want security consideration we >>>>>>>>>>> should come up with real ones but as I said I don’t think we should >>>>>>>>>>> just add anything to report in that respect. I think we should >>>>>>>>>>> conclude with the IAB to not have security consideration for >>>>>>>>>>> workshop reports in general in future. >>>>>>>>>> >>>>>>>>>> [rfced] Agreed that the section isn't necessary in this case, but >>>>>>>>>> for the time being, we need to follow our current process, which >>>>>>>>>> includes asking the Document Shepherd for approval. >>>>>>>> >>>>>>>> The IAB document shepherd or IAB stream manager or maybe IAB chair? >>>>>>>> >>>>>>>>>> >>>>>>>>>> That being said, would you like us to set precedent here by removing >>>>>>>>>> the Security Considerations and asking the Document Shepherd for >>>>>>>>>> approval of the new form? >>>>>>>> >>>>>>>> RFC9490 (M-TEN), RFC9307 (AID), and RFC9075 (COVID) don’t have >>>>>>>> security consideration. Yes, I’m an author on all of these, however, >>>>>>>> just saying this one wouldn’t set the precedent. >>>>>>>> >>>>>>>>> >>>>>>>>> Jumping in on this one - Security Considerations are required per the >>>>>>>>> RFC Style Guide (see https://www.rfc-editor.org/rfc/ >>>>>>>>> rfc7322.html#section-4.8.5). We suggest the following: >>>>>>>>> >>>>>>>>> This document is a workshop report and does not impact the security >>>>>>>>> of the Internet. >>>>>>>> >>>>>>>> I’d be fine with that and in this case we should just use this exact >>>>>>>> same phrasing for all reports in my opinion. >>>>>>>> >>>>>>>>> >>>>>>>>> If the IAB would like to discuss special handling for IAB workshop >>>>>>>>> reports, we prefer having the discussion outside of an AUTH48. >>>>>>>>> Please let us know if the text above is acceptable. >>>>>>>> >>>>>>>> Yes, we can’t decide this for good in the auth48 process, however, we >>>>>>>> could simply add a short item to the next IAB call. I don’t think this >>>>>>>> would need a long discussion… >>>>>>>> >>>>>>>> Mirja >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Sandy >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> > -- auth48archive mailing list -- auth48archive@rfc-editor.org To unsubscribe send an email to auth48archive-le...@rfc-editor.org
