[Docs] [txt|pdf]



[Note that this file is a concatenation of more than one RFC.]





Network Working Group                                            R. Bush
Request for Comments: 3967                                           IIJ
BCP: 97                                                        T. Narten
Category: Best Current Practice                          IBM Corporation
                                                           December 2004


          Clarifying when Standards Track Documents may Refer
               Normatively to Documents at a Lower Level

Status of this Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   IETF procedures generally require that a standards track RFC may not
   have a normative reference to another standards track document at a
   lower maturity level or to a non standards track specification (other
   than specifications from other standards bodies).  For example, a
   standards track document may not have a normative reference to an
   informational RFC.  Exceptions to this rule are sometimes needed as
   the IETF uses informational RFCs to describe non-IETF standards or
   IETF-specific modes of use of such standards.  This document
   clarifies and updates the procedure used in these circumstances.

1.  Introduction

   The Internet Standards Process [RFC2026] Section 4.2.4 specifies the
   following:

      Standards track specifications normally must not depend on other
      standards track specifications which are at a lower maturity level
      or on non standards track specifications other than referenced
      specifications from other standards bodies.

   One intent is to avoid creating a perception that a standard is more
   mature than it actually is.







Bush & Narten            Best Current Practice                  [Page 1]

RFC 3967            Document Down-Ref Clarifications       December 2004


   It should also be noted that Best Current Practice documents
   [RFC1818] have generally been considered similar to Standards Track
   documents in terms of what they can reference.  For example, a
   normative reference to an Experimental RFC has been considered an
   improper reference per [RFC2026].

1.1.  Normative References

   Within an RFC, references to other documents fall into two general
   categories: "normative" and "informative".  Broadly speaking, a
   normative reference specifies a document that must be read to fully
   understand or implement the subject matter in the new RFC, or whose
   contents are effectively part of the new RFC, as its omission would
   leave the new RFC incompletely specified.  An informative reference
   is not normative; rather, it provides only additional background
   information.

   An exact and precise definition of what is (and is not) a normative
   reference has proven challenging in practice, as the details and
   implications can be subtle.  Moreover, whether a reference needs to
   be normative can depend on the context in which a particular RFC is
   being published in the first place.  For example, in the context of
   an IETF Standard, it is important that all dependent pieces be
   clearly specified and available in an archival form so that there is
   no disagreement over what constitutes a standard.  This is not always
   the case for other documents.

   The rest of this section provides guidance on what might (and might
   not) be considered normative in the context of the IETF standards
   process.

   In the IETF, it is a basic assumption that implementors must have a
   clear understanding of what they need to implement in order to be
   fully compliant with a standard and to be able to interoperate with
   other implementations of that standard.  For documents that are
   referenced, any document that includes key information an implementer
   needs would be normative.  For example, if one needs to understand a
   packet format defined in another document in order to fully implement
   a specification, the reference to that format would be normative.
   Likewise, if a reference to a required algorithm is made, the
   reference would be normative.

   Some specific examples:

   -  If a protocol relies on IPsec to provide security, one cannot
      fully implement the protocol unless the specification for IPsec is
      available; hence, the reference would be normative.




Bush & Narten            Best Current Practice                  [Page 2]

RFC 3967            Document Down-Ref Clarifications       December 2004


      The referenced specification would likely include details about
      specific key management requirements, which transforms are
      required and which are optional, etc.

   -  In MIB documents, an IMPORTS clause by definition is a normative
      reference.

   -  When a reference to an example is made, such a reference need not
      be normative.  For example, text such as "an algorithm such as the
      one specified in [RFCxxxx] would be acceptable" indicates an
      informative reference, since that cited algorithm is just one of
      several possible algorithms that could be used.

2.  The Need for Downward References

   There are a number of circumstances in which an IETF document may
   need to make a normative reference to a document at a lower maturity
   level, but such a reference conflicts with Section 4.2.4 of
   [RFC2026].  For example:

   o  A standards track document may need to refer to a protocol or
      algorithm developed by an external body but modified, adapted, or
      profiled by an IETF informational RFC, for example, MD5 [RFC1321]
      and HMAC [RFC2104].  Note that this does not override the IETF's
      duty to see that the specification is indeed sufficiently clear to
      enable creation of interoperable implementations.

   o  A standards document may need to refer to a proprietary protocol,
      and the IETF normally documents proprietary protocols using
      informational RFCs.

   o  A migration or co-existence document may need to define a
      standards track mechanism for migration from, and/or co-existence
      with, an historic protocol, a proprietary protocol, or possibly a
      non-standards track protocol.

   o  There are exceptional procedural or legal reasons that force the
      target of the normative reference to be an informational or
      historical RFC or to be at a lower standards level than the
      referring document.

   o  A BCP document may want to describe best current practices for
      experimental or informational specifications.








Bush & Narten            Best Current Practice                  [Page 3]

RFC 3967            Document Down-Ref Clarifications       December 2004


3.  The Procedure to Be Used

   For Standards Track or BCP documents requiring normative reference to
   documents of lower maturity, the normal IETF Last Call procedure will
   be issued, with the need for the downward reference explicitly
   documented in the Last Call itself.  Any community comments on the
   appropriateness of downward references will be considered by the IESG
   as part of its deliberations.

   Once a specific down reference to a particular document has been
   accepted by the community (e.g., has been mentioned in several Last
   Calls), an Area Director may waive subsequent notices in the Last
   Call of down references to it.  This should only occur when the same
   document (and version) are being referenced and when the AD believes
   that the document's use is an accepted part of the community's
   understanding of the relevant technical area.  For example, the use
   of MD5 [RFC1321] and HMAC [RFC2104] is well known among
   cryptographers.

   This procedure should not be used if the proper step is to move the
   document to which the reference is being made into the appropriate
   category.  It is not intended as an easy way out of normal process.
   Rather, the procedure is intended for dealing with specific cases
   where putting particular documents into the required category is
   problematic and unlikely ever to happen.

4.  Security Considerations

   This document is not known to create any new vulnerabilities for the
   Internet.  On the other hand, inappropriate or excessive use of the
   process might be considered a downgrade attack on the quality of IETF
   standards or, worse, on the rigorous review of security aspects of
   standards.

5.  Acknowledgments

   This document is the result of discussion within the IESG, with
   particular contribution by Harald Alvestrand, Steve Bellovin, Scott
   Bradner, Ned Freed, Allison Mankin, Jeff Schiller, and Bert Wijnen.












Bush & Narten            Best Current Practice                  [Page 4]

RFC 3967            Document Down-Ref Clarifications       December 2004


6.  References

6.1.  Normative References

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", BCP 9, RFC 2026, October 1996.

6.2.  Informative References

   [RFC1818]  Postel, J., Li, T., and Y. Rekhter, "Best Current
              Practices", BCP 1, RFC 1818, August 1995.

   [RFC1321]  Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
              April 1992.

   [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC:
              Keyed-Hashing for Message Authentication", RFC 2104,
              February 1997.

7.  Authors' Addresses

   Randy Bush
   IIJ
   5147 Crystal Springs
   Bainbridge Island, WA  98110
   US

   Phone: +1 206 780 0431
   EMail: randy@psg.com
   URI:   http://psg.com/~randy/


   Thomas Narten
   IBM Corporation
   P.O. Box 12195
   Research Triangle Park, NC  27709-2195
   US

   Phone: +1 919 254 7798
   EMail: narten@us.ibm.com











Bush & Narten            Best Current Practice                  [Page 5]

RFC 3967            Document Down-Ref Clarifications       December 2004


8.  Full Copyright Statement

   Copyright (C) The Internet Society (2004).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and at www.rfc-editor.org, and except as set
   forth therein, the authors retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the ISOC's procedures with respect to rights in ISOC Documents can
   be found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.







Bush & Narten            Best Current Practice                  [Page 6]
=========================================================================




Network Working Group                                         J. Klensin
Request for Comments: 4897
BCP: 97                                                       S. Hartman
Updates: 3967                                                        MIT
Category: Best Current Practice                                June 2007


       Handling Normative References to Standards-Track Documents

Status of This Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   The Internet Engineering Task Force (IETF) and Request for Comments
   (RFC) Editor have a long-standing rule that a document at a given
   maturity level cannot be published until all of the documents that it
   references as normative are at that maturity level or higher.  This
   rule has sometimes resulted in very long publication delays for
   documents and some claims that it was a major obstruction to
   advancing documents in maturity level.  The IETF agreed on a way to
   bypass this rule with RFC 3967.  This document describes a simpler
   procedure for downward references to Standards-Track and Best Current
   Practice (BCP) documents, namely "note and move on".  The procedure
   in RFC 3967 still applies for downward references to other classes of
   documents.  In both cases, annotations should be added to such
   References.

















Klensin & Hartman        Best Current Practice                  [Page 1]

RFC 4897                  Normative References                 June 2007


Table of Contents

1. Introduction ....................................................2
2. Terminology .....................................................3
3. Normative Reference Rule ........................................3
   3.1. Source Documents Not Yet Processed by the IESG .............3
   3.2. Documents Already in the RFC Editor Queue ..................4
4. Target Documents Not on the Standards Track .....................4
5. Target Documents that Can Be Referenced This Way ................4
6. Security Considerations .........................................5
7. Acknowledgements ................................................5
8. Normative References ............................................5

1.  Introduction

   The IETF and RFC Editor have a long-standing rule (see, e.g., RFC
   2026, Section 4.2.4 [RFC2026] and the extended discussion in RFC 3967
   [RFC3967]) that a document at a given maturity level cannot be
   published until all of the documents to which it makes a normative
   reference are at that maturity level or higher.  This rule has
   sometimes resulted in very long publication delays for documents and
   some claims that it was a major obstruction to advancing documents in
   maturity level.  Recognizing the problems that this rule sometimes
   caused, RFC 3967 established an exception procedure for normative
   downward references under some specific circumstances.  Perhaps
   because of its fairly stringent requirements, RFC 3967 has not proven
   adequate either to clear the backlog of documents awaiting upgraded
   documents or to prevent additional documents from joining that queue.

   This document replaces the long-standing rule for downward references
   to Standards-Track documents (including BCPs) that are already
   published.  For normative references to Standards-Track and BCP
   documents, that rule was to hold the newer, referencing, document
   until the referenced ones could be brought to the appropriate
   maturity level.  It is now possible, following procedures described
   below, to simply note the downward normative reference and move on.

   This document also updates RFC 3967.  When downward references from a
   source document are approved under the procedure specified in that
   specification, we recommend that the references in the approved
   (source) document be annotated in the same way as references approved
   under this rule.









Klensin & Hartman        Best Current Practice                  [Page 2]

RFC 4897                  Normative References                 June 2007


2.  Terminology

   A reference involves two documents, the one in which the reference is
   embedded and the document referenced.  Where needed for clarity,
   these documents are referred to as the "source document" and "target
   document", respectively.

   The term "Standards-Track document", as used in this specification,
   is assumed to include BCPs but not Informational or Experimental
   documents of any variety or origin.

3.  Normative Reference Rule

   This document specifies an alternative to holding source documents
   until all target documents referenced normatively are upgraded or by
   applying the procedure of RFC 3967.

3.1.  Source Documents Not Yet Processed by the IESG

   An author or editor who requires a normative downward reference to a
   Standards-Track RFC uses the following very simple procedure:

   o  The reference text (i.e., in the "Normative References" section of
      the source document) is written as usual.
   o  A note is included in the reference text that indicates that the
      reference is to a target document of a lower maturity level, that
      some caution should be used since it may be less stable than the
      document from which it is being referenced, and, optionally,
      explaining why the downward reference is appropriate.

   The Internet Engineering Steering Group (IESG) may, at its
   discretion, specify the exact text to be used, establish procedures
   regarding the text to use, or give guidance on this text.  When
   establishing procedures, the IESG should seek appropriate community
   review.

   These annotations are part of the source document.  If members of the
   community consider either the downward reference or the annotation
   text to be inappropriate, those issues can be raised at any time
   during the document life cycle, just as with any other text in the
   document.  There is no separate review of these references.

   With appropriate community review, the IESG may establish procedures
   for when normative downward references should delay a document and
   when downward references should be noted.  Absent specific guidance,
   authors and reviewers should use their best judgment.  It is assumed
   that, in a significant majority of cases, noting a downward reference
   is preferable to delaying publication.



Klensin & Hartman        Best Current Practice                  [Page 3]

RFC 4897                  Normative References                 June 2007


   At the option of the author, similar notes may be attached to non-
   normative references.

3.2.  Documents Already in the RFC Editor Queue

   The IESG may, at its discretion, specify a procedure to be applied to
   source documents that are already in the RFC Editor queue, awaiting
   target referenced documents.  The IESG should encourage authors with
   documents in the RFC Editor queue awaiting downward references to
   Standards-Track RFCs to evaluate whether this new rule is appropriate
   for their documents.  If authors believe that adding an annotation
   and releasing the document is the best way forward, then the IESG
   should ensure that appropriate review is conducted and, if that
   review agrees with that of the authors' evaluation, allow the
   annotations to be added.  The IESG will announce its decision via the
   normal Protocol-Action or Document-Action mechanisms.

4.  Target Documents Not on the Standards Track

   In the case of a normative reference to a document not on the
   standards track that is approved under the procedures defined in RFC
   3967, the annotation described in Section 3.1 or the retrospective
   annotation described in Section 3.2, SHOULD be added to the reference
   unless the IESG, after consideration of Last Call input, concludes it
   is inappropriate.

5.  Target Documents that Can Be Referenced This Way

   The "downward reference by annotation" model specified here is
   applicable only to published Standards-Track RFCs at lower maturity
   levels.

   Obviously, such downward references are part of the relevant source
   document at IETF Last Call and subject to comments from the
   community.

   Advancing documents, when appropriate, is still considered preferable
   to the use of either this procedure or the one specified in RFC 3967.
   This specification does not impose a specific test or requirement to
   determine appropriateness.  This is partially because it would be
   impossible to do so for the general case, but more so because the
   intention is to permit the IESG and the community to balance the
   importance of getting a source document published against the time
   and difficulty associated with upgrading a target document.  That
   requirement is intended to be less stringent than the one of RFC
   3967.





Klensin & Hartman        Best Current Practice                  [Page 4]

RFC 4897                  Normative References                 June 2007


6.  Security Considerations

   This document specifies an IETF procedure.  It is not believed to
   raise any security issues although, in principle, relaxing the
   normative downward reference rules for references associated with
   security mechanisms could make a specification less stable and hence
   less secure.

7.  Acknowledgements

   This proposal was suggested by a comment by Spencer Dawkins and many
   complaints about the negative impact of the current rules.  The
   author is unsure about the validity of some of those complaints; the
   proposal is, in part, a way to test the validity question.  Spencer
   also provided helpful comments on a preliminary version.  It was
   revised in response to extensive discussion in the IESG and benefited
   significantly by comments from Brian Carpenter.

8.  Normative References

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", BCP 9, RFC 2026, October 1996.

   [RFC3967]  Bush, R. and T. Narten, "Clarifying when Standards Track
              Documents may Refer Normatively to Documents at a Lower
              Level", BCP 97, RFC 3967, December 2004.

Authors' Addresses

   John C Klensin
   1770 Massachusetts Ave, #322
   Cambridge, MA  02140
   USA

   Phone: +1 617 491 5735
   EMail: john-ietf@jck.com


   Sam Hartman
   Massachusetts Institute of Technology
   77 Massachusetts Ave
   Cambridge, MA  02139
   USA

   EMail: hartmans-ietf@mit.edu






Klensin & Hartman        Best Current Practice                  [Page 5]

RFC 4897                  Normative References                 June 2007


Full Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.







Klensin & Hartman        Best Current Practice                  [Page 6]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/