Hi, Mirja. It appears that you now approve this document for publication. We have noted your approval on the AUTH48 status page accordingly:
https://www.rfc-editor.org/auth48/rfc9707 Thank you! RFC Editor/lb > On Feb 18, 2025, at 3:28 AM, Mirja Kuehlewind (IETF) <i...@kuehlewind.net> > wrote: > > Hi Jean, > > This is fine. Thanks! > > Mirja > > > >> On 11. Feb 2025, at 23:20, Jean Mahoney <jmaho...@staff.rfc-editor.org> >> wrote: >> >> Mirja, >> >> Please let us know if any additional updates are needed or if you approve >> the RFC for publication. The updates to the Security Considerations section >> may be seen here: >> >> https://www.rfc-editor.org/authors/rfc9707-lastrfcdiff.html >> (side by side) >> >> https://www.rfc-editor.org/authors/rfc9707.txt >> https://www.rfc-editor.org/authors/rfc9707.pdf >> https://www.rfc-editor.org/authors/rfc9707.html >> https://www.rfc-editor.org/authors/rfc9707.xml >> >> https://www.rfc-editor.org/authors/rfc9707-diff.html >> https://www.rfc-editor.org/authors/rfc9707-rfcdiff.html >> (all changes side by side) >> https://www.rfc-editor.org/authors/rfc9707-auth48diff.html >> https://www.rfc-editor.org/authors/rfc9707-auth48rfcdiff.html >> (AUTH48 changes side by side) >> https://www.rfc-editor.org/authors/rfc9707-lastdiff.html >> >> Best regards, >> RFC Editor/jm >> >> >> On 2/10/25 6:17 PM, Jean Mahoney wrote: >>> Hi all, >>> First off, the RPC apologizes for not catching the lack of Security >>> Considerations in other IAB workshop documents (RFCs 9490, 9307, and 9075). >>> As one of the editors of RFC 9490, I can only say that I noted the lack of >>> Security Considerations on our checklist, but I failed to write a question >>> about it to the authors. >>> On 2/6/25 10:15 PM, Suresh Krishnan wrote: >>>> Hi Mirja, >>>> My read from the meeting mostly similar to yours but slightly different. >>>> The IAB was in agreement that a Security Considerations section was not >>>> necessary for workshop reports, but there was also a concern raised about >>>> this being seen as an exception being made for the IAB given that RFC7322 >>>> requires this of all RFCs. If we want to codify this exception we should >>>> probably take it up as a retreat topic. >>> [JM] Please note that the requirement for a Security Considerations section >>> goes back to RFC 1543 "Instructions to RFC Authors" [1]. The inclusion of a >>> Security Considerations section is considered an RFC Series policy. >>> The RPC recommends that the recently added Security Considerations section >>> remain in RFC-to-be 9707, and that the discussion of the applicability of >>> the Security Considerations section take place on the RSWG mailing list. >>> There is already the concept of an "empty" Security Considerations section >>> ("This document does not impact the security of the Internet"), which has >>> been used in multiple RFCs. We could add clearer guidance to rfc7322bis >>> about the use of the "empty" Security Considerations section, or perhaps >>> there could be an update to RFC 3552 "Guidelines for Writing RFC Text on >>> Security Considerations" [2]. >>> Best regards, >>> Jean >>> [1] https://www.rfc-editor.org/rfc/rfc1543#section-8 >>> [2] https://www.rfc-editor.org/rfc/rfc3552 >>>> >>>> Regards >>>> Suresh >>>> >>>>> On Feb 6, 2025, at 12:13 PM, Mirja Kuehlewind (IETF) >>>>> <i...@kuehlewind.net> wrote: >>>>> >>>>> Hi Suresh, hi all, >>>>> >>>>> Actually we discussed this yesterday at the IAB meeting and I thought we >>>>> agreed that we don’t want security considerations in workshop reports. >>>>> >>>>> Mirja >>>>> >>>>> >>>>> >>>>>> On 6. Feb 2025, at 18:01, Sandy Ginoza <sgin...@amsl.com> wrote: >>>>>> >>>>>> Hi Suresh, Mirja, >>>>>> >>>>>> Thank you for your replies. The document has been updated to include >>>>>> the following as the Security Considerations text. >>>>>> >>>>>> This document is a workshop report and does not impact the security of >>>>>> the Internet. >>>>>> >>>>>> >>>>>> Mirja, please let us know if any additional updates are needed or if you >>>>>> approve the RFC for publication. >>>>>> >>>>>> Thank you, >>>>>> RFC Editor/sg >>>>>> >>>>>> >>>>>>> On Feb 5, 2025, at 8:11 PM, Suresh Krishnan <suresh.krish...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>> Hi Lynne, >>>>>>> As the document shepherd I am fine with skipping the Security >>>>>>> Considerations in this document, as has been done for some past >>>>>>> workshop reports. If you feel that special casing these sends out a >>>>>>> wrong message to the community I think we can add your proposed >>>>>>> boilerplate text and consistently do so for the future. >>>>>>> >>>>>>> Thanks >>>>>>> Suresh >>>>>>> >>>>>>>> On Feb 3, 2025, at 11:53 AM, Lynne Bartholomew >>>>>>>> <lbartholo...@staff.rfc-editor.org> wrote: >>>>>>>> >>>>>>>> Hi, Mirja and *Suresh. >>>>>>>> >>>>>>>> Mirja, checking in with you regarding the status of this document. It >>>>>>>> appears that several questions remain open. >>>>>>>> >>>>>>>> * Suresh, please note that in your capacity as Document Shepherd we >>>>>>>> also need to hear from you regarding the Security Considerations >>>>>>>> section and Mirja's comments below. >>>>>>>> >>>>>>>> Please review and advise. >>>>>>>> >>>>>>>> The latest files are posted here. Please refresh your browser: >>>>>>>> >>>>>>>> https://www.rfc-editor.org/authors/rfc9707.txt >>>>>>>> https://www.rfc-editor.org/authors/rfc9707.pdf >>>>>>>> https://www.rfc-editor.org/authors/rfc9707.html >>>>>>>> https://www.rfc-editor.org/authors/rfc9707.xml >>>>>>>> https://www.rfc-editor.org/authors/rfc9707-diff.html >>>>>>>> https://www.rfc-editor.org/authors/rfc9707-rfcdiff.html (side by side) >>>>>>>> https://www.rfc-editor.org/authors/rfc9707-auth48diff.html >>>>>>>> https://www.rfc-editor.org/authors/rfc9707-auth48rfcdiff.html (side by >>>>>>>> side) >>>>>>>> https://www.rfc-editor.org/authors/rfc9707-lastdiff.html >>>>>>>> https://www.rfc-editor.org/authors/rfc9707-lastrfcdiff.html (side by >>>>>>>> side) >>>>>>>> >>>>>>>> https://www.rfc-editor.org/authors/rfc9707-xmldiff1.html >>>>>>>> https://www.rfc-editor.org/authors/rfc9707-xmldiff2.html >>>>>>>> >>>>>>>> Thank you! >>>>>>>> >>>>>>>> RFC Editor/lb >>>>>>>> >>>>>>>>> On Jan 21, 2025, at 7:32 AM, Mirja Kuehlewind (IETF) >>>>>>>>> <i...@kuehlewind.net> wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> On 8. Jan 2025, at 00:49, Sandy Ginoza <sgin...@amsl.com> wrote: >>>>>>>>>> >>>>>>>>>> Hi all, >>>>>>>>>> >>>>>>>>>> Please see comments below. >>>>>>>>>> >>>>>>>>>>> On Jan 7, 2025, at 9:45 AM, Lynne Bartholomew >>>>>>>>>>> <lbartholo...@amsl.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Mirja: I don’t think security considerations are useful for >>>>>>>>>>>> workshop reports. All workshop reports that I’ve been involved >>>>>>>>>>>> with did not have security considerations but I did see that some >>>>>>>>>>>> other reports do. However, I assume they have mostly been added >>>>>>>>>>>> during AUTH48 based on this kind of request. Particularly just >>>>>>>>>>>> adding the sentence above is not useful and I wouldn’t want to do >>>>>>>>>>>> that just for the sake for process. If we want security >>>>>>>>>>>> consideration we should come up with real ones but as I said I >>>>>>>>>>>> don’t think we should just add anything to report in that respect. >>>>>>>>>>>> I think we should conclude with the IAB to not have security >>>>>>>>>>>> consideration for workshop reports in general in future. >>>>>>>>>>> >>>>>>>>>>> [rfced] Agreed that the section isn't necessary in this case, but >>>>>>>>>>> for the time being, we need to follow our current process, which >>>>>>>>>>> includes asking the Document Shepherd for approval. >>>>>>>>> >>>>>>>>> The IAB document shepherd or IAB stream manager or maybe IAB chair? >>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> That being said, would you like us to set precedent here by >>>>>>>>>>> removing the Security Considerations and asking the Document >>>>>>>>>>> Shepherd for approval of the new form? >>>>>>>>> >>>>>>>>> RFC9490 (M-TEN), RFC9307 (AID), and RFC9075 (COVID) don’t have >>>>>>>>> security consideration. Yes, I’m an author on all of these, however, >>>>>>>>> just saying this one wouldn’t set the precedent. >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Jumping in on this one - Security Considerations are required per >>>>>>>>>> the RFC Style Guide (see https://www.rfc-editor.org/rfc/ >>>>>>>>>> rfc7322.html#section-4.8.5). We suggest the following: >>>>>>>>>> >>>>>>>>>> This document is a workshop report and does not impact the security >>>>>>>>>> of the Internet. >>>>>>>>> >>>>>>>>> I’d be fine with that and in this case we should just use this exact >>>>>>>>> same phrasing for all reports in my opinion. >>>>>>>>> >>>>>>>>>> >>>>>>>>>> If the IAB would like to discuss special handling for IAB workshop >>>>>>>>>> reports, we prefer having the discussion outside of an AUTH48. >>>>>>>>>> Please let us know if the text above is acceptable. >>>>>>>>> >>>>>>>>> Yes, we can’t decide this for good in the auth48 process, however, we >>>>>>>>> could simply add a short item to the next IAB call. I don’t think >>>>>>>>> this would need a long discussion… >>>>>>>>> >>>>>>>>> Mirja >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Sandy >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >> > -- auth48archive mailing list -- auth48archive@rfc-editor.org To unsubscribe send an email to auth48archive-le...@rfc-editor.org
