-
Notifications
You must be signed in to change notification settings - Fork 0
/
draft-kucherawy-bcp97bis.xml
486 lines (415 loc) · 19 KB
/
draft-kucherawy-bcp97bis.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC1321 PUBLIC "" "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.1321.xml">
<!ENTITY RFC2026 PUBLIC "" "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2026.xml">
<!ENTITY RFC2104 PUBLIC "" "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2104.xml">
<!ENTITY RFC3967 PUBLIC "" "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3967.xml">
<!ENTITY RFC4858 PUBLIC "" "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4858.xml">
<!ENTITY RFC4897 PUBLIC "" "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4897.xml">
<!ENTITY RFC8067 PUBLIC "" "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8067.xml">
]>
<rfc ipr="trust200902" category="bcp" obsoletes="3967, 4897, 8067"
docName="draft-kucherawy-bcp97bis-02">
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc tocdepth="4" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc compact="yes" ?>
<?rfc subcompact="no"?>
<front>
<title abbrev="downref">
Procedures for Standards Track Documents to Refer
Normatively to Documents at a Lower Level
</title>
<author initials="M." surname="Kucherawy"
fullname="Murray Kucherawy"
role="editor">
<address>
<email>[email protected]</email>
</address>
</author>
<date year="2021"/>
<area>General</area>
<keyword>internet-drafts</keyword>
<abstract>
<t> IETF procedures generally require that a standards track
RFC may not have a normative reference to another
standards track document at a lower maturity level or to
a non standards track specification (other than
specifications from other standards bodies). For example,
a standards track document may not have a normative
reference to an informational RFC. Exceptions to this
rule are sometimes needed as the IETF uses informational
RFCs to describe non-IETF standards or IETF-specific modes
of use of such standards. This document defines
the procedure used in these circumstances. </t>
<t> This document merges and updates, and thus obsoletes,
RFC 3967, RFC 4897, and RFC 8067. </t>
</abstract>
</front>
<middle>
<section anchor="intro" title="Introduction">
<t> The Internet Standards Process <xref target="RFC2026"/>
(BCP 9) Section 4.2.4 specifies the following:
<figure><artwork>
Standards track specifications normally must not depend on other
standards track specifications which are at a lower maturity level
or on non standards track specifications other than referenced
specifications from other standards bodies.
</artwork></figure></t>
<t> One intent is to avoid creating a perception that a
standard is more mature than it actually is. </t>
<t> It should also be noted that Best Current Practice
documents (BCPs; see <xref target="RFC2026"/>) have
generally been considered similar to Standards Track
documents in terms of what they can reference. For
example, a normative reference from a BCP to an
Experimental RFC has been considered an
improper reference. </t>
<t> This document describes a process for allowing
normative references to documents at lower maturity
levels ("downrefs"), after due notice and consideration
as the document progresses toward publication. The
original process was defined in <xref target="RFC3967"/>
and later amended by <xref target="RFC4897"/> and
<xref target="RFC8067"/>. This document consolidates
those, and presents further guidance regarding normative
references to non-IETF documents. </t>
<section anchor="normative" title="Normative References">
<t> Within an RFC, references to other documents fall
into two general categories: "normative" and
"informative". Broadly speaking, a normative
reference specifies a document that must be read
to fully understand or implement the subject
matter in the RFC, or whose contents are
effectively part of the RFC, as its omission
would leave the RFC incompletely specified.
An informative reference is not normative; rather,
it provides only additional background
information. </t>
<t> An exact and precise definition of what is (and is
not) a normative reference has proven challenging
in practice, as the details and implications can
be subtle. Moreover, whether a reference needs to
be normative can depend on the context in which a
particular RFC is being published in the first
place. For example, in the context of an IETF
Standard, it is important that all dependent
pieces be clearly specified and available in an
archival form so that there is no disagreement
over what constitutes a standard. This is not
always the case for other documents. </t>
<t> The rest of this section provides guidance on what
might (and might not) be considered normative in
the context of the IETF standards process. </t>
<t> In the IETF, it is a basic assumption that
implementers must have a clear understanding of
what they need to implement in order to be fully
compliant with a standard and to be able to
interoperate with other implementations of that
standard. For documents that are referenced, any
document that includes key information an
implementer needs would be normative. For
example, if one needs to understand a packet
format defined in another document in order to
fully implement a specification, the reference to
that format would be normative. Likewise, if a
reference to a required algorithm is made, the
reference would be normative. </t>
<t> Some specific examples:
<list style="symbols">
<t> If a protocol relies on IPsec to provide
security, one cannot fully implement the
protocol unless the specification for
IPsec is available; hence, the reference
would be normative. The referenced
specification would likely include details
about specific key management
requirements, which transforms are
required and which are optional, etc. </t>
<t> In YANG documents, any "import" or
"include" statement by definition is a
normative reference. </t>
<t> When a reference to an example is made,
such a reference need not be normative.
For example, text such as "an algorithm
such as the one specified in [RFCxxxx]
would be acceptable" indicates an
informative reference, since that cited
algorithm is just one of several possible
algorithms that could be used. </t>
</list> </t>
</section>
</section>
<section anchor="need" title="The Need for Downward References">
<t> There are a number of circumstances in which an
IETF document may need to make a normative
reference to a document at a lower maturity level,
but such a reference conflicts with Section 4.2.4
of <xref target="RFC2026"/>. For example:
<list style="symbols">
<t> A standards track document may need to
refer to a protocol or algorithm developed
by an external body but modified, adapted,
or profiled by an IETF informational RFC,
for example, MD5 <xref target="RFC1321"/>
and HMAC <xref target="RFC2104"/>. Note
that this does not override the IETF's
duty to see that the specification is
indeed sufficiently clear to enable
creation of interoperable
implementations. </t>
<t> A standards document may need to refer
to a proprietary protocol, and the IETF
normally documents proprietary protocols
using informational RFCs. </t>
<t> A migration or co-existence document may
need to define a standards track mechanism
for migration from, and/or co-existence
with, an historic protocol, a proprietary
protocol, or possibly a non-standards
track protocol. </t>
<t> There are exceptional procedural or legal
reasons that force the target of the
normative reference to be an informational
or historical RFC or to be at a lower
standards level than the referring
document. </t>
<t> A BCP document may want to describe best
current practices for experimental or
informational specifications. </t>
</list> </t>
</section>
<section anchor="definitions" title="Definitions">
<t> A reference involves two documents, the one in which the
reference is embedded and the document referenced. Where
needed for clarity, these documents are referred to as
the "source document" and "target document",
respectively. </t>
<t> The term "Standards-Track document", as used in this
specification, is assumed to include only Standards-Track
documents at any maturity level, plus BCPs, but not
documents with any other status. </t>
</section>
<section anchor="procedure" title="Procedure">
<t> The following sections describe the procedures to be used
by authors/editors and the IESG when handling downrefs. </t>
<section anchor="auths_eds" title="Authors and Editors">
<t> When a Standards-Track or BCP document requires
a normative reference to a document of lower
maturity, the authors/editors should apply the
following very simple procedure:
<list style="symbols">
<t> The reference text (i.e., in the "Normative
References" section of the source
document) is written as usual. </t>
<t> A note is included in the reference text
that indicates that the reference is to a
target document of a lower maturity level,
that some caution should be used since it
may be less stable than the document from
which it is being referenced, and,
optionally, explaining why the
downref is appropriate. </t>
</list></t>
<t> The Internet Engineering Steering Group (IESG)
may, at its discretion, specify the exact text to
be used, establish procedures regarding the text
to use, or give guidance on this text. When
establishing procedures, the IESG should seek
appropriate community review. </t>
<t> These annotations are part of the source
document. If members of the community consider
either the downref or the annotation
text to be inappropriate, those issues can be
raised at any time during the document life cycle,
just as with any other text in the document.
There is no separate review of these
references. For example, when the downref
is to a document of a lower maturity level that
is understood to be stable, the annotation can
be omitted. Such decisions should be noted in
the document shepherd writeup
<xref target="RFC4858"/> so the IESG is aware
at the time of its review why the annotation
is absent. </t>
<t> At the option of the author/editor, similar notes
may be attached to non-normative references. </t>
</section>
<section anchor="iesg" title="The IESG">
<t> With appropriate community review, the IESG may
establish procedures for when normative downref
should delay a document and when downrefs should
be noted. Absent specific guidance, authors and
reviewers should use their best judgment. It is
assumed that, in a significant majority of cases,
noting a downref is preferable to delaying
publication. </t>
<t> When a document is presented to the IESG for
publication that contains a downref not called out
by the author/editor(s) as described in the
previous section, it is strongly recommended
that the normal IETF Last Call
procedure will be issued, with the need for the
downref explicitly documented in the
Last Call itself. Any community comments on the
appropriateness of downrefs will be considered by
the IESG as part of its deliberations. </t>
<t> If, by oversight, the Last Call does not identify
the downref, the IESG may choose to repeat the
Last Call with the downref properly
identified. If it elects not to do so, then any
future downref to the same target document is
subject again to the procedures described in this
document. In making this decision, the IESG
should take into account the general discussion
in <xref target="need"/>. </t>
<t> Once a specific downref to a particular document
has been accepted by the community (e.g., has been
mentioned in one or more Last Calls), an Area
Director may waive subsequent notices in the Last
Call of downrefs to it. This should only occur
when the same document (and version) are being
referenced and when the Area Director believes
that the document's use is an accepted part of the
community's understanding of the relevant technical
area. For example, the use of MD5
<xref target="RFC1321"/> and HMAC
<xref target="RFC2104"/> is well known among
cryptographers. Such documents are added to the
"Downref Registry". </t>
<t> In the case of a downref approved in this manner,
the annotations described above should be added
to the reference unless the IESG, after
consideration of Last Call input, concludes it is
inappropriate. </t>
<t> This procedure is not to be used if the proper
step is to move the document to which the
reference is being made into the appropriate
category. It is not intended as an easy way out
of normal process. Rather, the procedure is
intended for dealing with specific cases where
putting particular documents into the required
category is problematic and unlikely ever to
happen. </t>
</section>
</section>
<section anchor="ietf_targets" title="IETF Target Documents">
<t> The "downward reference by annotation" model specified
here is applicable only to published Standards-Track RFCs
at lower maturity levels. </t>
<t> Obviously, such downward references are part of the
relevant source document at IETF Last Call and subject to
comments from the community. </t>
<t> Advancing documents, when appropriate, is still strongly
preferred to the use of either this procedure or the one
specified in <xref target="iesg"/>. This specification
does not impose a specific test or requirement to
determine appropriateness. This is partially because it
would be impossible to do so for the general case, but
more so because the intention is to permit the IESG and
the community to balance the importance of getting a
source document published against the time and difficulty
associated with upgrading a target document. That
requirement is intended to be less stringent than the one
of <xref target="iesg"/>. </t>
</section>
<section anchor="external_targets" title="Non-IETF Target Documents">
<t> A reference to a non-IETF document provides a few
challenges relative to the RFC series:
<list style="symbols">
<t> its development may not have been as rigorous as
the Standards-Track document referencing it; </t>
<t> the actual reference to it (e.g., a web link) may
have dubious stability; </t>
<t> it may be subject to unexpected revision in
situ; or </t>
<t> it may not be freely available. </t>
</list> </t>
<t> The IESG may, at its discretion, establish policies
regarding external documents referenced normatively by
Standards-Track RFCs in light of these challenges. Such
policies are to be developed with solicitation of
community input. </t>
<t> At a minimum, authors/editors of source documents need to
secure freely available copies of the target documents for
use by all anticipated reviewers during the source
document's life cycle, which includes working group
participants, any member of the community that chooses to
participate in Last Call discussions, area review teams,
IANA expert reviewers, and members of the IESG. The
mechanism for acquiring access to those documents is to be
be specified in the shepherd writeup. </t>
</section>
<section anchor="registry" title="Downref Registry">
<t> The IETF has previously established a registry of downrefs
to RFCs that have been previously waived by the IESG in the
manner described in <xref target="iesg"/>. The registry
includes the name of the referenced RFC and the
Internet-Draft whose publication resulted it its addition
to the registry. The IESG is responsible for the
maintenance of this registry, adding new entries to it
as appropriate. </t>
<t> Going forward, new registry entries should also record
the reason the registry addition was made, and the name
of the Area Director making the new entry. </t>
<t> Note that there is currently no registry of downrefs to
non-IETF documents. </t>
</section>
<section anchor="security" title="Security Considerations">
<t> This document is not known to create any new
vulnerabilities for the Internet. On the other hand,
inappropriate or excessive use of these processes might be
considered a downgrade attack on the quality of IETF
standards or, worse, on the rigorous review of security
aspects of standards. </t>
</section>
</middle>
<back>
<references title="Normative References">
&RFC2026;
&RFC3967;
&RFC4897;
&RFC8067;
</references>
<references title="Informative References">
&RFC1321;
&RFC2104;
&RFC4858;
</references>
<section anchor="changes" title="Changes">
<t> The following are the changes in this document relative
to the current state of BCP 97:
<list style="symbols">
<t> Apply erratum #2793. </t>
<t> Remove references to RFC 1818, which is
historic. </t>
<t> Describe the downref registry's format and
ownership. </t>
<t> Discuss restricted-access documents. </t>
<t> Allow for skipping downref annotations when the
target document is understood to be stable. </t>
<t> Stronger language against using this process when
advancing the target document is The Right Thing
To Do. </t>
<t> Replace MIB guidance with YANG guidance. </t>
</list> </t>
</section>
<section anchor="ack" title="Acknowledgments">
<t> This editor offers a salute to the authors of and
contributors to RFC 3967, RFC 4897, and RFC 8067: Randy
Bush, Thomas Narten, John Klensin, Sam Hartman, and
Barry Leiba. </t>
<t> This revision benefited from contributions by
Mohamed Boucadair,
Scott Bradner,
Brian Carpenter,
Russ Housley,
John Klensin,
Michael Richardson,
and
Rich Salz. </t>
</section>
</back>
</rfc>