On Apr 14, 2009, at 12:54 PM, Jeffrey Hutzelman wrote:
--On Tuesday, April 14, 2009 12:48:05 PM -0700 Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx > wrote:Simon, Overall, this I-D mets my needs. Thanks! One issue the I-D needs to discuss is how to establish additionalEXTERNAL-* mechanisms. That is, say I wanted to define EXTERNAL- IPSEC or EXTERNAL-IPC. How are names of family members ensured to be unique? etc.I suggest that EXTERNAL-* family members be registered in the SASLmechanism name table under an Expert Review Required policy. I rather not use "Specification Required" as that overly burdensome, and I don't see any particular reason for the IETF to have a monopoly on the design of such mechanisms. (If I were to specify EXTERNAL-IPC, I'd likely do sooutside of the IETF.)Uh, generally Specification Required is _less_ restrictive than Expert Review, as it only requires that you provide a specification rather than requiring approval from someone.
I note that RFC 5226 says "Specification Required also implies use of a Designated Expert". Designated Expert is an alias for Expert Review.
Anyways, though a document can place all kinds of requirements upon what an "Expert Review" might cover, I was thinking of a review limited to the appropriateness of the request. That is, no requirement (but no preclusion) that the Expert review anything outside the registration request.
I would be fine with Specification Required. The difference doesn't matter much (to me).
Meeting the requirement means providing some form of specification; it does not require an RFC, let alone IETF approval.That said, I agree with the approach, and with the notion that the IETF needn't have a monopoly on EXTERNAL-* mechanisms.-- Jeff