Skip to main content

The Tao of IETF

A Novice's Guide to the Internet Engineering Task Force

The "Tao of the IETF", previously published as a very long individual webpage, is in the process of being replaced by other documents covering the same topics.

This page now contains only the remaining content still to be moved across, and retains the numbering scheme from the stand-alone document for that content (i.e. it starts at "5").

The new pages that have replaced sections of the Tao of the IETF are:

Table of Contents

6 RFCs and Internet-Drafts
6.1 The Overall Process
6.2 Common Issues
6.3 Writing an Internet-Draft
6.3.1 Internet-Draft Language
6.3.2 About References
6.3.3 About Required Content
6.4 Standards-Track RFCs
6.5 RFCs Other than Standards-Track

7 How to Contribute to the IETF
7.1 What You Can Do
7.2 What Your Company Can Do

6 RFCs and Internet-Drafts

This section discusses Internet-Drafts and RFCs in the IETF stream, that is, it describes how documents are produced and advanced within the IETF. For a brief note on other RFC streams, see above.

If you're a new IETF participant and are looking for a particular RFC or Internet-Draft, you can use the IETF Datatracker. This website, https://datatracker.ietf.org/, has a text search capability (including content, keywords, author, and so on), and the search results point to the document status, page count, and other useful information. A little-known hint is that dt.ietf.org is an abbreviation (a DNS CNAME entry) for the longer "datatracker.ietf.org" hostname.

Most RFCs in the IETF stream follow the same process, and the sections below discuss the process and some of the issues. Note that there are other ways to get an RFC published, particularly if it is not intended for the standards track. For the sake of brevity, we will not mention those here. After all, this document is about "the Way of the IETF" and the main Way is "developing standards."

If you are interested in learning more about how to author an Internet-Draft yourself, the I-D Authors website has a lot of information and resources, including pointers to online tools that can help.

6.1 The Overall Process

The very first step is to have a draft document. Internet-Drafts should follow a specific format, and are required to have particular sections. This will be discussed more below.

RFCs are generally written by a Working Group. If an appropriate WG doesn't seem to exist, then the BOF or Dispatch process mentioned above can be used to learn which one is appropriate, or start the process to create one.

Once a potential WG exists, the document must be adopted. To do this, you submit your individual draft to the datatracker. It should start with draft-YOURNAME-brief-subject where YOURNAME is your name. Send a note to the WG mailing list, with an introduction to the draft, and why you think it is appropriate. After any discusison, the WG Chair will issue a call for adoption. If consensus is to adopt the draft, you will be asked to submit it with the name draft-ietf-WGNAME-brief-subject; you can probably guess what WGNAME should be.

At this point, the IETF, notably the IETF Trust, now owns the copyright on the document and the IETF owns the right of "change control." This means the WG, and the overall IETF, can make any changes to the document, the one you initially wrote, that they want. If you are not comfortable with this, then the IETF is not the place for your document. There are a few more details on this below.

The WG now "works on" the document. This will be a combination of mailing list discussion, perhaps agenda time at a meeting, and publishing updated drafts. (Every draft ends with -NN where the digits indicate the draft number.)

At some point, the document will seem finished. The WG Chair will put the document in WG Last Call (WGLC) which gives the members of the WG a chance for last-minute changes. It can be frustrating to get a bunch of changes after you think you're done, but don't take it personally. Like many things, people are often deadline-driven.

After WGLC, the responsible AD (the one who oversees the WG) does a review. They will probably have comments that must be resolved by you and the WG; it's quite likely you'll have to publish a new draft. Then the IESG and the overall IETF reviews the draft, as mentioned above. The purpose of IETF Last Call is to get community-wide discussion on documents before the IESG considers them. Note the word discussion here. It is generally considered bad form to send IETF Last Call comments on documents that you have not read, or to send comments but not be prepared to discuss your views. The IETF Last Call is not a vote. Having said that, IETF Last Call comments that come from people who have just read the document for the first time can expose issues that IETF and WG regulars may have completely missed, which is why the discussion is open to everyone.

Finally, the draft is given to the RPC Production Center (RPC), and prepared for publication. There might be other changes required, including reviews by IANA for registrations and the like. The most common item you'll hear about this is AUTH48 state, which means the document is in the final stages of copy-editing by the RPC and you. The publication process can take weeks, but be patient, and you'll eventually see an email announcement saying that your brand-new RFC has been published. Congratulations!

A much more complete explanation of these steps is contained in BCP 9. This set of documents goes into great detail on a topic that is very often misunderstood, even by seasoned IETF participants: different types of RFCs go through different processes and have different rankings.

6.2 Common Issues

There are two major issues that often come up while preparing I-Ds: copyright and patents. These are discussed on the Intellectual property rights webpage

6.3 Writing an Internet-Draft

Every RFC starts its life as an I-D. Internet-Drafts have the same format as an RFC, and are required to have all the content that should appear in the RFC. This includes a couple of sections detailed below. A draft may also have more information, such as an incremental list of changes from previous versions of the draft, or pointers to online locations for raising issues and suggesting changes.

For the past several years, the official canonical source of RFCs as RFC 7991: The "xml2rfc" Version 3 Vocabulary. Some people enjoy writing in XML, and some don't. An alternative for the second group is to use a specific dialect of markdown, which is then converted to XML as needed (and especially during the publication process). A recent trend is the increasing use of markdown, and hosting I-Ds on GitHub to attract a wider audience of Internet-savvy users. Some information on this can be found at RFC 8874: Working Group GitHub Usage Guidance.

The IETF is setting up a new site, https://authors.ietf.org, to contain guides and online tools to help both new and experienced authors. As of this writing, it's still a draft but it does contain a great deal of useful content. You should feel free to use the site, and offer feedback.

Outside of the formatting decision, the most important document you can read is Guidelines to Authors of Internet-Drafts. That document explains the naming conventions, formatting requirements, required content, and details of how to submit (also called post) your draft.

6.3.1 Internet-Draft Language

It is common for Internet-Drafts that revise existing RFCs to have draft names with "bis" in them, meaning "again" or "twice." For example, a draft might be called "draft-ietf-uta-rfc6125bis" meaning that this is intended to be a revision of, and eventual replacement for, RFC6125.

Writing clear specifications can be a bit of an art, particularly for people who don't have English as their native language. You can keep the specification very short, with just a list of requirements, but that tends to cause implementors to take too much leeway. If you instead make the specification very wordy with lots of suggestions, implementors tend to miss the requirements (and often disagree with your suggestions anyway). An optimal specification is somewhere in between.

One way to make it more likely that developers will create interoperable implementations of standards is to be clear about what's being mandated in a specification. Over time, the IETF has realized that defining a few words with specific meanings helps a great deal. BCP 14 defines about a dozen keywords that can be used to clarify what are requirements, as compared to what is purely informative. It defines the meaning of words like MUST and points out that it has to appear in all uppercase to its special meaning.

It is not uncommon for feedback on standards-track I-Ds to question the particular uses of what is called "2119 language." For example, "The document says MAY but doesn't explain why not; should it be a MUST?"

6.3.2 About References

One aspect of writing IETF standards that trips up many newcomers is the rule about how to make normative references to non-IETF documents or to other RFCs in a standard. A normative reference is a reference to a document that must be followed in order to implement the standard. A non-normative reference (sometimes called an informative reference) is one that is helpful to an implementor but not strictly needed to implement it.

An IETF standard may make a normative reference to any other standards-track RFC that is at the same standards level or higher, or to any "open standard" that has been developed outside the IETF. The "same level or higher" rule means that before a standard can move from Proposed to Internet Standard, all of the RFCs that appear as a normative reference must also be an Internet Standard. This rule gives implementors assurance that everything in a Internet standard is quite stable, even the things referenced outside the standard. This rule, and its exceptions, is described in BCP 97.

There is no hard-and-fast rule about what is an "open standard", but generally this means a stable standard that was made by a generally-recognized SDO, and that anyone can get a copy of, although not necessarily for free. If the external standard changes, you have to reference the particular instantiation of that standard in your specification, as with a designation of the date of the standard. Some external standards bodies don't make old standards available, which is a problem for IETF standards that need to be used in the future. When in doubt, ask the WG chair or AD if a particular external standard can be used in an IETF standard.

6.3.3 About Required Content

Every draft is required to have some content. Some of this is boilerplate text about copyright, "2119 keyword," and so on. The document formatting tools will generate this for you automatically if you use the right keyword. In addition, there are special sections that might be required for your draft, and you (and the WG) will have to write them.

Many IETF standards have extension points, such as unassigned fields in a message header, or for something like email or HTTP, an actual message header. As mentioned above, IANA maintains online registries for these. Because of the large and diverse kinds of registries that standards require, IANA needs to have specific information about how to register parameters, what not to register, who (if anyone) approves any registration requests, and so on.

Anyone writing a draft that needs one or more registries, or adds values to existing registries must have an "IANA Considerations" section. Authors should read BCP 26, "Guidelines for Writing an IANA Considerations Section in RFCs," which describes how to properly ask for IANA to make the changes requested in their draft. If there are no considerations, it is a good idea to have the section and explicitly say "This document has no IANA requests."

Every draft must have a "Security Considerations" section. This describes possible threats or attacks, known vulnerabilities, information that could be exposed, and so on. It should also describe any strategies or mechanisms to mitigate them. When the security directorate (SECDIR) reviews your draft, this section will be one of their major focuses. Don't gloss over the section, or say things like "use TLS to get security" without explaining how the protocol uses TLS and what it provides. See BCP 72, "Guidelines for Writing RFC Text on Security Considerations", for more information on writing good security considerations sections.

Also, a draft might have a "Privacy Considerations" section. An Informational RFC, RFC 6973: Privacy Considerations for Internet Protocols, written by the IAB, is intended to raise the general awareness of privacy on the Internet. It also provides advice for when a draft should have an explicit privacy section.

Some drafts benefit from having an "Implementation Status" section, as explained by BCP 205: Improving Awareness of Running Code: The Implementation Status Section.

More detail on the required content can be found online.

6.4 Standards-Track RFCs

If the IESG approves the draft to become a standards-track RFC, they ask the RPC to publish it as a Proposed Standard.

Don't be surprised if a particular standard doesn't progress from Proposed Standard to Internet Standard. To become an Internet Standard, an RFC must have multiple interoperable implementations and the unused features in the Proposed Standard must be removed; there are additional requirements listed in BCP 9. Most of the protocols in common use are Proposed standards and never move forward. This may be because no one took the time to try to get them to Internet Standard, or some of the normative references in the standard are still at Proposed standard, or it may be that everyone found more important things to do.

6.5 RFCs Other than Standards-Track

As mentioned earlier, not all RFCs are standards. In fact, many important RFCs are not on the standards track at all. At the time of writing, there are also categories for Informational, Experimental, Best Current Practice, and Historical for standards that are no longer recommended for use. The role of Informational RFCs can be confusing, and people sometimes refer to them as "standards," when they are not.

Experimental RFCs are for specifications that are interesting, but for which it is unclear if there will be widespead deployment, or if they will scale to work after such deployment. That is, a specification might solve a problem, but there might not be IETF consensus that the problem is worth solving or that the specification is complete enough to address the problem. Experimental RFCs are also used to get people to experiment with a technology that looks like it might be standards-track material, but for which there are still unanswered questions.

The IESG has created guidelines that can help choose between Informational and Experimental classification. This is a short informal read, and if are not sure where your document fits, it is worth reading.

Finally, there are two sub-series of RFCs: Best Current Practice (BCP) and Internet Standards (STD). BCP describes the application of various technologies in the Internet, and are also commonly used to document the many parts of the IETF process. The STD sub-series was created to identify RFCs that do in fact specify Internet standards.

These are an example of the aphorism that everything in computer science can be solved by a layer of indirection. For example, a single BCP can refer to one or more RFCs, and the specific RFCs can change such as when a new version of a protocol is published. Likewise, some STDs are actually sets of more than one RFC, and the "standard" designation applies to the whole set of documents.

7 How to Contribute to the IETF

7.1 What You Can Do

Read: Review the Internet-Drafts in your area of expertise and comment on them in the Working Groups. Participate in the discussion in a friendly, helpful fashion, with the goal being the best Internet standards possible. Listen much more than you speak. If you disagree, debate the technical issues: never attack the people.

Implement: Write programs that use the current Internet standards. The standards aren't worth much unless they are available to Internet users. Implement even the "minor" standards, since they will become less minor if they appear in more software. Report any problems you find with the standards to the appropriate Working Group so that the standard can be clarified in later revisions. Remember the tenet, "rough consensus and running code," so you can help support the standards you want to become more widespread by creating more running code. You can help the development of protocols before they become standards by implementing I-Ds (but not doing wide-spread deployment) to ensure that the authors have done a good job. If you find errors or omissions, offer improvements based on your implementation experience. A great way to get involved in this is by participating in the Hackathons.

Write: Edit or co-author Internet-Drafts in your area of expertise. Do this for the benefit of the Internet community, not to get your name (or, even worse, your company's name) on a document. Draft authors receive kinds of technical (and, sadly, sometimes personal) criticism. Take the technical comments with equanimity and use it to improve your draft in order to produce the best and most interoperable standard, and ignore the personal ones.

7.2 What Your Company Can Do

Share: Avoid proprietary standards. If you are an implementor, exhibit a strong preference for IETF standards. If the IETF standards aren't as good as the proprietary standards, work to make the IETF standards better. If you're a purchaser, avoid products that use proprietary standards that compete with the open standards of the IETF and tell the vendors that you are doing so.

Open Up: If your company owns a patent that is used in an IETF standard, convince the company to make the patent available at no cost to anyone who is implementing the standard. Patents have previously caused many serious problems for Internet standards because they prevent some companies from being able to freely implement them. Fortunately, many companies have generously offered unlimited licenses for particular patents in order to help the IETF standards flourish. These companies are usually rewarded with positive publicity for the fact that they are not as greedy or short-sighted as other patent-holders.

Support: The IETF has sponsorship opportunities and an endowment which can also take individual-sized donations. Become a member of ISOC. Urge any company that has benefited from the Internet to contribute, since this has the greatest financial benefit for the group. It will, of course, also benefit the Internet as a whole.

Next IETF Hackathon

The IETF 120 Hackathon will be held Online and in Vancouver.

Register for the next IETF Hackathon!