[PWG-Announce] Fwd: [saag] RFC3552bis... (update Writing Security Considerations)

[PWG-Announce] Fwd: [saag] RFC3552bis... (update Writing Security Considerations)

[PWG-Announce] Fwd: [saag] RFC3552bis... (update Writing Security Considerations)

Ira McDonald blueroofmusic at gmail.com
Thu Jun 30 15:26:24 UTC 2016


Relevant to Security Considerations sections in all public
standards.  Note the proposed timeline (mid-2017 RFC).

- Ira

---------- Forwarded message ----------
From: Stephen Farrell <stephen.farrell at cs.tcd.ie>
Date: Thu, Jun 30, 2016 at 5:22 AM
Subject: [saag] RFC3552bis...
To: "saag at ietf.org" <saag at ietf.org>


RFC3552/BCP72 [1] is about to become a teenager:-) For those
of you that don't know it by heart, that's the one that tells
folks what to put into their security considerations sections
and it dates back to July 2003.

Following on from discussion at saag in B-A, partly driven by
the work Fernando and others have done on identifiers, but also
other chats going back to the STRINT workshop, Kathleen and I
have discussed what to do about all that and having re-read the
text we reckon that now would be a good time to start work on
an RFC3552bis document to replace the current one.

In outline, we think the main tasks there we'd like to see happen
would be to a) update numerous things that are out of date, b) add
text about things that weren't so important in 2003, such as privacy,
perhaps borrowing bits from RFC6973 [2] that make sense as BCP-like
statements, and c) to make it as understandable and easy to grasp
as possible and ideally a good bit shorter.

Having figured out what we'd like, and being lazy ADs, we needed
some other folks to do the actual work so we asked Yoav Nir and
Magnus Westerlund (both cc'd) and we're delighted to say that
they've agreed to be editors for this effort. (Thanks again to
you both.)

The overall plan then is roughly to:-

- Kick off discussion now on the saag list (this mail)
- Get folks' feedback on changes they'd like (if that gets
  too voluminous we'll start a new list)
- Have a short slot at the saag session in Berlin where the
  editors can review the plan and get more feedback/comments
- The editors will send some mail about tooling (e.g. if
  they want to use github, they'll say that etc.)
- The editors will produce a -00 and we'll iterate on that
  until done
- A more substantive discussion of remaining open issues
  in November at IETF97 if needed, (which we suspect will
  be needed:-)
- Hopefully we end up ready for IETF LC around the end of
  the year or early in 2017.
- We have what'll quite probably be a fun IETF LC:-)
- Mid-2017: BCP72 will become the new RFC.

So please do re-read [1,2] and send your comments on what you
think needs changing to this list and/or the editors and/or to
Kathleen or I as appropriate.


[1] https://tools.ietf.org/html/bcp72
[2] https://tools.ietf.org/html/rfc6973

saag mailing list
saag at ietf.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/pwg-announce/attachments/20160630/c4bd5af1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3840 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/pwg-announce/attachments/20160630/c4bd5af1/attachment.p7s>

More information about the pwg-announce mailing list