On Tue, May 07, 2019 at 11:18:21AM -0600, Brian Campbell wrote: > Practically speaking there's the MTLS draft, which has been sent to the > IESG for publication, has commercial and opensource implementations as well > as production deployments, and is referenced by other prospective standards > and profiles. It's not uncommon to receive off list inquires about the > document status from people involved in those things asking when it will be > "finished". Which is to say that there's a good amount of interest from the > community at large in seeing the MTLS document go to RFC. And it's > relatively close to doing so (as these things go anyway). The DPoP > document, on the other hand, is currently an individual draft submission. > And while it has generated some good interest and discussion, it is only an > individual draft submission and carries the same authority as any other > individual draft submission (see > https://tools.ietf.org/html/draft-abr-twitter-reply-00 for example). I > believe that the MTLS draft should continue on the it's course. And am > interested in seeing where we can take the DPoP work and if the WG wants to > take it on. > > Your point about the "PR" perspective is taken. And I probably shouldn't > even bring these up but that whole situation is exacerbated by the > expired/dormant WG documents like draft-ietf-oauth-token-binding and > draft-ietf-oauth-signed-http-request. Some organizations out there touting
I've forgotten the details of those two documents, but in the general case, if there's a WG document that is no longer actively being worked on (or is now believed to be a bad idea), the chairs can pretty easily get a new rev posted that has a "tombstone" notice, like "this document is no longer being worked on" or similar, which may help clarify the situation to external parties without much investment on time or tooling. -Ben > their support for RFC 7800 as a complete solution in the > pop/sender-constrained space aren't helping matters either. So while I > think I hear what you are saying, I don't personally see much of anything > reasonable or actionable that can done about it. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth