Gee, nobody wants to publish documents that are harmful to the Internet, but there can be disagreements about the amount of review needed and the sense of how a specification might cause harm.
The IESG is the IETF's designated final review arm and it treats specifications as being available for any environment and as needing multiple cross-area reviews for potential harm to the Internet (as well as other cross-area issues). I believe currently independent protocols do not get multiple cross-area reviews of this sort, though I might be wrong. There is not a statement and the reviews are not public. The IESG no longer reviews RFC Editor independent submissions for content, which is correct for the independents. However, they do have to read them for conflicts. In the not too distant past, it was a not surprising example when an independent protocol went by with a plaintext password because it was "for the LAN" and documented the existing protocol. I don't know if there is now security review on every independent document (versus a security reviewer only for security-specific documents). But anyway security issues (and others) that could harm the Internet in independent protocols can go by inadvertantly if the reviews are not cross-area, at least in my experience... Allison _______________________________________________ INDEPENDENT mailing list [email protected] https://www1.ietf.org/mailman/listinfo/independent
