[ietf-nntp] Current status

[Russ Allbery]

Here's a brief summary of our current status:

The IESG last call on the base document returned almost entirely favorable
responses except for one question about why we didn't document a secure
authentication protocol, particularly given our notes in Security
Considerations.  There has been subsequent discussion of that at the IESG
level, and the person raising those objections is currently on vacation
(until next week, as I recall), so it's not clear yet whether that will
require any further action on our part.

In case it does, however, Jeff is going to publish his AUTHINFO draft as
an I-D so that we both have an I-D to point the IESG folks at and so that
we have a published start for discussion on finishing that language.  It
may not continue as a separate draft; it may instead be rolled into either
the base document or the base document split into core and extensions and
it may be rolled into extensions.  That's still an open question (and we
don't have to decide until after the IESG decides whether they want us to
publish it at the same time as the base protocol).

If the IESG decides that authentication isn't critical to include the base
document, I want to get it published as-is (with the necessary minor
tweaks that came up during IESG review) so that we finally have it out the
door.  Immediately following that, this working group will present a list
of extensions to consider for future work (said list currently consisting
of AUTHINFO, TLS, and streaming unless anyone wants to make a strong case
for something else).  At that point we will have fulfilled all of our
milestones.

My expectation is that at that point, this working group will be concluded
since it's fulfilled its charter.  A new working group will likely be
formed shortly thereafter, with a new charter, to work specifically on
NNTP extensions, starting with the list that we present.  I do think
closing down the working group and starting a new one is the right thing
to do; we can put forward a new call for participants in
news.software.nntp, we have a clear break from our previous work, the
working group is announced again at the IETF level and may draw more
interest, etc.  Not to mention that this working group is currently very
deep into working group exhaustion, and I think we could use a break and a
fresh start.

If the IESG *does* want us to publish authentication at the same time as
the base protocol, the current preferred proposal seems to be to publish
two documents, the base and all of the extensions, and include TLS,
AUTHINFO, and possibly streaming into the extensions document.  We do need
to think about Jeff's point, however, on whether or not we should keep
documents separate if they're going to be changing in the future for ease
of producing new versions of the standard.

If we go that route, we'll have to finish that work and submit however
many drafts we end up with in the end for another Last Call, I expect,
since that's a pretty comprehensive change.  My guess is that that work
would take us into the summer, but shouldn't take us past that.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>