idnits 2.17.1 draft-narten-iana-considerations-rfc2434bis-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3667, Section 5.1 on line 17. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 614. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 627. ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line 643), which is fine, but *also* found old RFC 2026, Section 10.4C, paragraph 1 text on line 39. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** The document seems to lack an RFC 3978 Section 5.5 (updated by RFC 4748) Disclaimer -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack an RFC 3979 Section 5, para. 2 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, or will be disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** Missing revision: the document name given in the document, 'draft-narten-iana-considerations-rfc2434bis', does not give the document revision number ~~ Missing draftname component: the document name given in the document, 'draft-narten-iana-considerations-rfc2434bis', does not seem to contain all the document name components required ('draft' prefix, document source, document name, and revision) -- see https://www.ietf.org/id-info/guidelines#naming for more information. == Mismatching filename: the document gives the document name as 'draft-narten-iana-considerations-rfc2434bis', but the file name used is 'draft-narten-iana-considerations-rfc2434bis-00' == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) (A line matching the expected section header was found, but with an unexpected indentation: ' mented IANA considerations for individual protocols do not always' ) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 19, 2004) is 7215 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'DHCP' is mentioned on line 303, but not defined == Missing Reference: 'IETF-PRO-CESS' is mentioned on line 221, but not defined == Missing Reference: 'EXPERI-MENTATION' is mentioned on line 246, but not defined == Missing Reference: 'RFCXXX' is mentioned on line 441, but not defined == Missing Reference: 'RFC 1602' is mentioned on line 469, but not defined ** Obsolete undefined reference: RFC 1602 (Obsoleted by RFC 2026) == Unused Reference: 'DHCP-OPTIONS' is defined on line 540, but no explicit reference was found in the text == Unused Reference: 'EXPERIMENTATION' is defined on line 543, but no explicit reference was found in the text == Unused Reference: 'MIME-LANG' is defined on line 565, but no explicit reference was found in the text ** Obsolete normative reference: RFC 1700 (ref. 'ASSIGNED') (Obsoleted by RFC 3232) ** Obsolete normative reference: RFC 2283 (ref. 'BGP4-EXT') (Obsoleted by RFC 2858) ** Obsolete normative reference: RFC 2434 (ref. 'IANA-CONSIDERATIONS') (Obsoleted by RFC 5226) ** Downref: Normative reference to an Informational RFC: RFC 2860 (ref. 'IANA-MOU') ** Obsolete normative reference: RFC 1825 (ref. 'IPSEC') (Obsoleted by RFC 2401) ** Obsolete normative reference: RFC 2184 (ref. 'MIME-LANG') (Obsoleted by RFC 2231) ** Obsolete normative reference: RFC 2048 (ref. 'MIME-REG') (Obsoleted by RFC 4288, RFC 4289) ** Obsolete normative reference: RFC 1869 (ref. 'SMTP-EXT') (Obsoleted by RFC 2821) Summary: 20 errors (**), 1 flaw (~~), 12 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT Thomas Narten 3 IBM 4 Harald Tveit Alvestrand 5 Cisco 6 July 19, 2004 8 Guidelines for Writing an IANA Considerations Section in RFCs 10 12 Status of this Memo 14 By submitting this Internet-Draft, I certify that any applicable 15 patent or other IPR claims of which I am aware have been disclosed, 16 and any of which I become aware will be disclosed, in accordance with 17 RFC 3668. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference mate- 27 rial or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt. 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 This Internet-Draft expires January, 2005. 37 Copyright Notice 39 Copyright (C) The Internet Society (2004). All Rights Reserved. 41 Abstract 43 Many protocols make use of identifiers consisting of constants and 44 other well-known values. Even after a protocol has been defined and 45 deployment has begun, new values may need to be assigned (e.g., for a 46 new option type in DHCP, or a new encryption or authentication trans- 47 form for IPsec). To ensure that such quantities have consistent 48 values and interpretations in different implementations, their 49 assignment must be administered by a central authority. For IETF pro- 50 tocols, that role is provided by the Internet Assigned Numbers 51 Authority (IANA). 53 In order for the IANA to manage a given name space prudently, it 54 needs guidelines describing the conditions under which new values can 55 be assigned. If the IANA is expected to play a role in the management 56 of a name space, the IANA must be given clear and concise instruc- 57 tions describing that role. This document discusses issues that 58 should be considered in formulating a policy for assigning values to 59 a name space and provides guidelines to document authors on the spe- 60 cific text that must be included in documents that place demands on 61 the IANA. 63 Contents 65 Status of this Memo.......................................... 1 67 1. Introduction............................................. 3 69 2. Issues To Consider....................................... 4 71 3. Well-Known IANA Policy Definitions....................... 6 73 4. Registration maintenance................................. 8 75 5. What To Put In Documents................................. 8 76 5.1. When There Are No IANA Actions...................... 9 77 5.2. Requesting Assignments From an Existing Name Space.. 9 78 5.3. Creation of New Registries.......................... 10 80 6. Applicability to Past and Future RFCs.................... 11 82 7. Security Considerations.................................. 12 84 8. Acknowledgments.......................................... 12 86 9. References............................................... 13 88 10. Authors' Addresses...................................... 14 90 1. Introduction 92 Many protocols make use of fields that contain constants and other 93 well-known values (e.g., the Protocol field in the IP header [IP] or 94 MIME types in mail messages [MIME-REG]). Even after a protocol has 95 been defined and deployment has begun, new values may need to be 96 assigned (e.g., a new option type in DHCP [DHCP] or a new encryption 97 or authentication algorithm for IPsec [IPSEC]). To ensure that such 98 fields have consistent values and interpretations in different imple- 99 mentations, their assignment must be administered by a central 100 authority. For IETF protocols, that role is provided by the Internet 101 Assigned Numbers Authority (IANA) [IANA-MOU]. 103 In this document, we call the set of possible values for such a field 104 a "name space"; its actual content may be a name, a number or another 105 kind of value. The assignment of a specific value to a name space is 106 called an assigned number (or assigned value). Each assignment of a 107 number in a name space is called a registration. 109 In order for the IANA to manage a given name space prudently, it 110 needs guidelines describing the conditions under which new values 111 should be assigned. This document provides guidelines to authors on 112 what sort of text should be added to their documents, and reviews 113 issues that should be considered in formulating an appropriate policy 114 for assigning numbers to name spaces. 116 Not all name spaces require centralized administration. In some 117 cases, it is possible to delegate a name space in such a way that 118 further assignments can be made independently and with no further 119 (central) coordination. In the Domain Name System, for example, the 120 IANA only deals with assignments at the higher-levels, while subdo- 121 mains are administered by the organization to which the space has 122 been delegated. As another example, Object Identifiers (OIDs) as 123 defined by the ITU are also delegated [ASSIGNED]. When a name space 124 can be delegated, the IANA only deals with assignments at the top 125 level. 127 This document uses the terms 'MUST', 'SHOULD' and 'MAY', and their 128 negatives, in the way described in RFC 2119 [KEYWORDS]. In this case, 129 "the specification" as used by RFC 2119 refers to the processing of 130 protocols being submitted to the IETF standards process. 132 2. Issues To Consider 134 One issue to consider in managing a name space is its size. If the 135 space is small and limited in size, assignments must be made care- 136 fully to ensure that the space doesn't become exhausted. If the space 137 is essentially unlimited, on the other hand, it may be perfectly rea- 138 sonable to hand out new values to anyone that wants one. Even when 139 the space is essentially unlimited, however, it is usually desirable 140 to have at least minimal review to prevent the hoarding of or unnec- 141 essary wasting of a space. For example, if the space consists of 142 text strings, it may be desirable to prevent organizations from 143 obtaining large sets of strings that correspond to the "best" names 144 (e.g., existing company names). Experience has also shown that some 145 level of minimal review is useful to prevent assignments in cases 146 where the request is malformed or not actually needed (this may not 147 always be immediately obvious to a non-subject-matter expert). 149 A second consideration is whether it makes sense to delegate the name 150 space in some manner. This route should be pursued when appropriate, 151 as it lessens the burden on the IANA for dealing with assignments. 153 A third, and perhaps most important consideration, concerns potential 154 impact on interoperability of unreviewed extensions. Proposed proto- 155 col extensions generally benefit from community review; indeed, 156 review is often essential to prevent future interoperability 157 problems. [VENDOR-EXT] discusses this topic in considerable detail. 159 In some cases, the name space is essentially unlimited, there are no 160 potential interoperability issues, and assigned numbers can safely be 161 given out to anyone. When no subjective review is needed, the IANA 162 can make assignments directly, provided that the IANA is given spe- 163 cific instructions on what types of requests it should grant, and 164 what information must be provided before a request for an assigned 165 number will be considered. Note that the IANA will not define an 166 assignment policy; it should be given a set of guidelines that allow 167 it to make allocation decisions with minimal subjectivity. 169 In most cases, some review of prospective allocations is appropriate, 170 and the question becomes who should perform the review and how rigor- 171 ous the review needs to be. In many cases, one might think that an 172 IETF Working Group (WG) familiar with the name space at hand should 173 be consulted. In practice, however, WGs eventually disband, so they 174 cannot be considered a permanent evaluator. It is also possible for 175 name spaces to be created through individual submission documents, 176 for which no WG is ever formed. 178 One way to ensure community review of prospective assignments is to 179 have the requester submit a document for publication as an RFC. Such 180 an action helps ensure that the IESG and relevant WGs review the 181 assignment. [XXX update wrt draft-iesg-rfced-documents?] This is the 182 preferred way of ensuring review, and is particularly important if 183 any potential interoperability issues can arise. For example, many 184 assignments are not just assignments, but also involve an element of 185 protocol specification. A new option may define fields that need to 186 be parsed and acted on, which (if specified poorly) may not fit 187 cleanly with the architecture of other options or the base protocols 188 on which they are built. 190 In some cases, however, the burden of publishing an RFC in order to 191 get an assignment is excessive. However, it is generally still useful 192 (and sometimes necessary) to discuss proposed additions on a mailing 193 list dedicated to the purpose (e.g., the ietf-types@iana.org for 194 media types) or on a more general mailing list (e.g., that of a cur- 195 rent or former IETF WG). Such a mailing list provides a way for new 196 registrations to be publicly reviewed prior to getting assigned, or 197 to give advice for persons who want help in understanding what a 198 proper registration should contain. 200 While discussion on a mailing list can provide valuable technical 201 expertise, opinions may vary and discussions may continue for some 202 time without clear resolution. In addition, the IANA cannot partici- 203 pate in all of these mailing lists and cannot determine if or when 204 such discussions reach consensus. Therefore, the IANA cannot allow 205 general mailing lists to fill the role of providing definitive recom- 206 mendations regarding a registration question. Instead, the IANA will 207 rely on a "designated expert" to advise it in assignment matters. 208 That is, the IANA forwards the requests it receives to a specific 209 point-of-contact (one or a small number of individuals) and acts upon 210 the returned recommendation from the designated expert. The desig- 211 nated expert can initiate and coordinate as wide a review of an 212 assignment request as may be necessary to evaluate it properly. 214 Designated experts are appointed by the relevant Area Director of the 215 IESG. They are typically named at the time a document that creates a 216 new numbering space is published as an RFC, but as experts originally 217 appointed may later become unavailable, the relevant Area Director 218 will appoint replacements if necessary. 220 Any decisions made by the designated expert can be appealed using the 221 normal IETF appeals process as outlined in Section 6.5 of [IETF-PRO- 222 CESS]. Since the designated experts are appointed by the IESG, they 223 may be removed by the IESG. 225 3. Well-Known IANA Policy Definitions 227 The following are some defined policies, some of which are in use 228 today. These cover a range of typical policies that have been used to 229 date. It is not required that documents use these terms; the actual 230 requirement is that the instructions to IANA are clear and unam- 231 bigous. However, it is preferable to use these terms where possible, 232 since there meaning is widely understood. 234 Private Use - For private or local use only, with the type and 235 purpose defined by the local site. No attempt is made to 236 prevent multiple sites from using the same value in differ- 237 ent (and incompatible) ways. There is no need for IANA to 238 review such assignments and assignments are not generally 239 useful for interoperability. 241 Examples: Site-specific options in DHCP [DHCP] have signif- 242 icance only within a single site. "X-foo:" header lines in 243 email messages. 245 Experimental Use - Similar to private or local use only, with the 246 purpose being to facilitate experimentation. See [EXPERI- 247 MENTATION] for details. 249 Hierarchical allocation - Delegated managers can assign values 250 provided they have been given control over that part of the 251 name space. IANA controls the higher levels of the 252 namespace according to one of the other policies. 254 Examples: DNS names, Object Identifiers 256 First Come First Served - Anyone can obtain an assigned number, so 257 long as they provide a point of contact and a brief 258 description of what the value would be used for. For num- 259 bers, the exact value is generally assigned by the IANA; 260 with names, specific names are usually requested. 262 Examples: vnd. (vendor assigned) MIME types [MIME-REG], TCP 263 and UDP port numbers. 265 Expert Review (or Designated Expert) - approval by a Designated 266 Expert is required. 268 Specification Required - Values and their meaning must be docu- 269 mented in an RFC or other permanent and readily available 270 reference, in sufficient detail so that interoperability 271 between independent implementations is possible. 273 Examples: SCSP [SCSP] 275 IESG Approval - New assignments must be approved by the IESG. 276 Although there is no requirement that the request be docu- 277 mented in an RFC, the IESG has discretion to request docu- 278 ments or other supporting materials on a case-by-case 279 basis. 281 IETF Review - (Formerly "IETF Consensus" [IANA-CONSIDERATIONS]) 282 New values are assigned only through RFC publication of 283 documents that have been shepherded through the IESG as AD- 284 Sponsored documents [XXX need ref]. The intention is that 285 the document and proposed assignment will be reviewed by 286 the IESG and appropriate IETF WGs (or experts, if suitable 287 working groups no longer exist) to ensure that the proposed 288 assignment will not negatively impact interoperability or 289 otherwise extend IETF protocols in an inappropriate manner. 291 [XXX: should an explicit last call be required?] 293 Examples: SMTP extensions [SMTP-EXT], BGP Subsequent 294 Address Family Identifiers [BGP4-EXT]. 296 Standards Action - Values are assigned only for Standards Track 297 RFCs approved by the IESG. 299 Examples: MIME top level types [MIME-REG] 301 It should be noted that it often makes sense to partition a name 302 space into several categories, with assignments out of each category 303 handled differently. For example, the DHCP option space [DHCP] is 304 split into two parts. Option numbers in the range of 1-127 are glob- 305 ally unique and assigned according to the Specification Required pol- 306 icy described above, while options number 128-254 are "site spe- 307 cific", i.e., Private Use. Dividing the name space up makes it possi- 308 ble to have different policies in place for different ranges. 310 4. Registration maintenance 312 Registrations are a request for an assigned number, including the 313 related information needed to evaluate and document the request. Even 314 after a number has been assigned, some types of registrations contain 315 additional information that may need to be updated over time. For 316 example, mime types, character sets, language tags, etc. typically 317 include more information than just the registered value itself. Exam- 318 ple information can include point of contact information, security 319 issues, pointers to updates, literature references, etc. In such 320 cases, the document must clearly state who is responsible for main- 321 taining and updating a registration. It is appropriate to: 323 - Let the author update the registration, subject to the same con- 324 straints and review as with new registrations. 326 - Allow some mechanism to attach comments to the registration, for 327 cases where others have significant objections to claims in a 328 registration, but the author does not agree to change the regis- 329 tration. 331 - Designate the IESG or another authority as having the right to 332 reassign ownership of a registration. This is mainly to get 333 around the problem when some registration owner cannot be 334 reached in order to make necessary updates. 336 5. What To Put In Documents 338 The previous sections presented some issues that should be considered 339 in formulating a policy for assigning well-known numbers and other 340 protocol constants. It is the Working Group and/or document author's 341 job to formulate an appropriate policy and specify it in the appro- 342 priate document. In almost all cases, having an explicit "IANA Con- 343 siderations" section is appropriate. The following subsections define 344 what is needed for the different types of IANA actions. 346 5.1. When There Are No IANA Actions 348 Before an Internet-Draft can be published as an RFC, IANA needs to 349 know what actions (if any) it needs to perform. Experience has shown 350 that it is not always immediately obvious whether a document has no 351 IANA actions, without reviewing a document in some detail. In order 352 to make it clear to IANA that it has no actions to perform (and that 353 the author has consciously made such a determination!), such docu- 354 ments should include an IANA Considerations section that states: 356 This document has no IANA Actions. 358 5.2. Requesting Assignments From an Existing Name Space 360 Often, a document requests the assignment of a code point from an 361 already existing name space (i.e., one created by a previously-pub- 362 lished RFC). In such cases documents should make clear: 364 - From what name space is a value is being requested? List the exact 365 name space listed on the IANA web page (and RFC), and cite the RFC 366 where the name space is defined. (Note: There is no need to men- 367 tion what the allocation policy for new assignments is, as that 368 should be clear from the references.) 370 - For each value being requested, give it a unique name, e.g., TBD1, 371 TBD2, etc. Throughout the document where the actual IANA-assigned 372 value should be filled in, use "TDBx" notation. This helps ensure 373 that the final RFC has the correct assigned value filled in in all 374 of the relevant places where the value is listed in the final doc- 375 ument. 377 - Normally, the values to be used are chosen by IANA; documents 378 shouldn't pick values themselves. However, in some cases a value 379 may have been used for testing or in early implementations. In 380 such cases, it is acceptable to include text suggesting what spe- 381 cific value should be used (e.g., include the text "the value XXX 382 is suggested"). However, it should be noted that suggested values 383 are just that; IANA will attempt to assign them, but may find that 384 impossible, if the proposed number has already been assigned for 385 some other use. 387 - The IANA Considerations section should summarize all of the IANA 388 actions, with pointers to the relevant sections as appropriate. 389 When multiple values are requested, it is generally helpful to 390 include a summary table. 392 As an example, the following text could be used to request assignment 393 of a DHCPv6 option number: 395 IANA has assigned an option code value of TBD1 to the DNS Recur- 396 sive Name Server option and an option code value of TBD2 to the 397 Domain Search List option from the DHCP option code space defined 398 in section 24.3 of RFC 3315. 400 5.3. Creation of New Registries 402 Documents that create a new name space (or modify the definition of 403 an existing space) and that expect the IANA to play a role in main- 404 taining that space (e.g., serving as a repository for registered val- 405 ues) MUST document the process through which future assignments are 406 made. Such a section must state clearly: 408 - The name of the new registry to be created. The name will appear 409 on the IANA web page and will be refered to in future Internet 410 Drafts that need to allocate a value from the new space. 412 - The review steps under which future allocations from the name 413 space will be made (i.e., see Section 3). Note: When a Desig- 414 nated Expert is used, documents MUST NOT name the Designated 415 Expert in the document itself; instead, the name should be 416 relayed to the appropriate IESG Area Director at the time the 417 document is sent to the IESG for approval. 419 - If the request should also be reviewed on a specific public 420 mailing list (such as the ietf-types@iana.org for media types), 421 that mailing address should be specified. Note, however, that 422 use of a Designated Expert MUST also be specified. 424 - if the IANA is expected to make assignments without requiring an 425 outside review, sufficient guidance MUST be provided so that the 426 requests can be evaluated with minimal subjectivity. 428 Finally, it is quite acceptable to pick one of the example policies 429 cited above and refer to it by name. Indeed, this is the preferred 430 mechanism in those cases where the sample policies provide the 431 desired level of review. It is also acceptable to cite one of the 432 above policies and include additional guidelines for what kind of 433 considerations should be taken into account by the review process. 434 For example, RADIUS [RFC3575] specifies the use of a Designated 435 Expert, but includes additional criteria the Designated Expert should 436 follow. 438 For example, a document could say something like: 440 This document defines the FooBar DHCP option (see Section y), 441 assigned a value of TBD1 from the DCHP Option space [RFCXXX]. 442 The FooBar option also contains an 8-bit FooType field, for 443 which IANA is to create and maintain a registry. Initial values 444 for FooType field are given below; future assignments are to be 445 made through Expert Review [IANA-CONSIDERATIONS]. Assignments 446 consist of a name and the value. 448 Name Value Definition 449 ---- ----- ---------- 450 Frobnitz 1 See Section y.1 451 NitzFrob 2 See Section y.2 453 For examples of documents that provide good and detailed guidance to 454 the IANA on the issue of assigning numbers, consult [MIME-REG, MIME- 455 LANG, RFC3757, RFC3749, RFC3575]. 457 6. Applicability to Past and Future RFCs 459 For all existing RFCs that either explicitly or implicitly rely on 460 the IANA to evaluate assignments without specifying a precise evalua- 461 tion policy, the IANA (in consultation with the IESG) will continue 462 to decide what policy is appropriate. Changes to existing policies 463 can always be initiated through the normal IETF consensus process. 465 Any decisions made by the IANA can be appealed using the normal IETF 466 appeals process as outlined in Section 6.5 of [IETF-PROCESS]. Specif- 467 ically, appeals should be directed to the IESG, followed (if neces- 468 sary) by an appeal to the IAB. By virtue of the IAB's role as over- 469 seer of IANA administration [RFC 1602], the IAB's decision is final. 471 All future RFCs that either explicitly or implicitly rely on the IANA 472 to register or otherwise manage assignments MUST provide guidelines 473 for managing the name space. 475 [XXX: following is new text w.r.t. 2434. Is this something that is 476 appropriate to include??] 478 Since RFC 2434 was published, experience has shown that the docu- 479 mented IANA considerations for individual protocols do not always 480 adequately cover the reality on the ground. For example, many older 481 routing protocols do not have documented, detailed IANA considera- 482 tions. In addition, documented IANA considerations are sometimes 483 found to be too stringent to allow even working group documents (for 484 which there is strong consensus) to obtain code points from IANA in 485 advance of actual RFC publication. In other cases, the documented 486 procedures are unclear or neglected to cover all the cases. In order 487 to allow assignments in individual cases where there is strong IETF 488 consensus that an allocation should go forward, but the documented 489 procedures do not support such an assignment, the IESG is granted 490 authority to approve assignments in such cases. The intention is not 491 to overule documented procedures, or to obviate the need for proto- 492 cols to properly document their IANA Considerations, but to permit 493 assignments in individual cases where it is obvious that the assign- 494 ment should just be made, but updating the IANA process just to 495 assign a particular code point is viewed as too heavy a burden. 497 7. Security Considerations 499 Information that creates or updates a registration needs to be 500 authenticated. 502 Information concerning possible security vulnerabilities of a proto- 503 col may change over time. Likewise, security vulnerabilities related 504 to how an assigned number is used (e.g., if it identifies a protocol) 505 may change as well. As new vulnerabilities are discovered, informa- 506 tion about such vulnerabilities may need to be attached to existing 507 registrations, so that users are not mislead as to the true security 508 issues surrounding the use of a registered number. 510 An analysis of security issues is required for all parameters (data 511 types, operation codes, keywords, etc.) used in IETF protocols or 512 registered by the IANA. All descriptions of security issues must be 513 as accurate as possible regardless of level of registration. In par- 514 ticular, a statement that there are "no security issues associated 515 with this type" must not given when it would be more accurate to 516 state that "the security issues associated with this type have not 517 been assessed". 519 8. Acknowledgments 521 From RFC 2434: 523 Jon Postel and Joyce Reynolds provided a detailed explanation on what 524 the IANA needs in order to manage assignments efficiently, and 525 patiently provided comments on multiple versions of this document. 526 Brian Carpenter provided helpful comments on earlier versions of the 527 document. One paragraph in the Security Considerations section was 528 borrowed from [MIME-REG]. 530 9. References 532 [ASSIGNED] Reynolds, J., and J. Postel, "Assigned Numbers", STD 2, 533 RFC 1700, October 1994. See also: 534 http://www.iana.org/numbers.html 536 [BGP4-EXT] Bates. T., Chandra, R., Katz, D. and Y. Rekhter, "Multi- 537 protocol Extensions for BGP-4", RFC 2283, February 538 1998. 540 [DHCP-OPTIONS] Alexander, S. and R. Droms, "DHCP Options and BOOTP 541 Vendor Extensions", RFC 2132, March 1997. 543 [EXPERIMENTATION] "Assigning Experimental and Testing Numbers Consid- 544 ered Useful". T. Narten, RFC 3692, January 2004. 546 [IANA-CONSIDERATIONS] Alvestrand, H. and T. Narten, "Guidelines for 547 Writing an IANA Considerations Section in RFCs", BCP 548 26, RFC 2434, October 1998. 550 [IANA-MOU] Memorandum of Understanding Concerning the Technical Work 551 of the Internet Assigned Numbers Authority. B. Car- 552 penter, F. Baker, M. Roberts, RFC 2860, June 2000. 554 [IETF-PROCESS] Bradner, S., "The Internet Standards Process -- Revi- 555 sion 3", BCP 9, RFC 2026, October 1996. 557 [IP] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981. 559 [IPSEC] Atkinson, R., "Security Architecture for the Internet Proto- 560 col", RFC 1825, August 1995. 562 [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate 563 Requirement Levels", BCP 14, RFC 2119, March 1997. 565 [MIME-LANG] Freed, N. and K. Moore, "MIME Parameter Value and Encoded 566 Word Extensions: Character Sets, Languages, and Con- 567 tinuations", RFC 2184, August 1997. 569 [MIME-REG] Freed, N., Klensin, J. and J. Postel, "Multipurpose Inter- 570 net Mail Extension (MIME) Part Four: Registration 571 Procedures", RFC 2048, November 1996. 573 [SCSP] Luciani, J., Armitage, G. and J. Halpern, "Server Cache Syn- 574 chronization Protocol (SCSP)", RFC 2334, April 1998. 576 [SMTP-EXT] Klensin, J., Freed, N., Rose, M., Stefferud, E. and D. 577 Crocker, "SMTP Service Extensions", RFC 1869, Novem- 578 ber 1995. 580 [VENDOR-EXT] "Considerations on the Extensibility of IETF protocols", 581 draft-iesg-vendor-extensions-02.txt 583 [RFC3575] IANA Considerations for RADIUS (Remote Authentication Dial 584 In User Service). B. Aboba. RFC 3575, July 2003. 586 10. Authors' Addresses 588 Thomas Narten 589 IBM Corporation 590 3039 Cornwallis Ave. 591 PO Box 12195 - BRQA/502 592 Research Triangle Park, NC 27709-2195 594 Phone: 919-254-7798 595 EMail: narten@us.ibm.com 597 Harald Tveit Alvestrand 598 Cisco Systems 599 5245 Arboretum Dr 600 Los Altos, CA 601 USA 603 Email: Harald@Alvestrand.no 605 Intellectual Property Statement 607 The IETF takes no position regarding the validity or scope of any 608 Intellectual Property Rights or other rights that might be claimed to 609 pertain to the implementation or use of the technology described in 610 this document or the extent to which any license under such rights 611 might or might not be available; nor does it represent that it has 612 made any independent effort to identify any such rights. Information 613 on the procedures with respect to rights in RFC documents can be 614 found in BCP 78 and BCP 79. 616 Copies of IPR disclosures made to the IETF Secretariat and any assur- 617 ances of licenses to be made available, or the result of an attempt 618 made to obtain a general license or permission for the use of such 619 proprietary rights by implementers or users of this specification can 620 be obtained from the IETF on-line IPR repository at 621 http://www.ietf.org/ipr. 623 The IETF invites any interested party to bring to its attention any 624 copyrights, patents or patent applications, or other proprietary 625 rights that may cover technology that may be required to implement 626 this standard. Please address the information to the IETF at ietf- 627 ipr@ietf.org. 629 Disclaimer of Validity 631 This document and the information contained herein are provided on an 632 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 633 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 634 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 635 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFOR- 636 MATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES 637 OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 639 Copyright Statement 641 Copyright (C) The Internet Society (2004). This document is subject 642 to the rights, licenses and restrictions contained in BCP 78, and 643 except as set forth therein, the authors retain all their rights.