Internet DRAFT - draft-rescorla-rfc-jit

draft-rescorla-rfc-jit







RFC Series Working Group                                     E. Rescorla
Internet-Draft                                   Windy Hill Systems, LLC
Intended status: Informational                          11 February 2024
Expires: 14 August 2024


                      Just-In-Time RFC Publication
                       draft-rescorla-rfc-jit-00

Abstract

   This document describes a new approach to RFC publication that is
   intended to allow easy revisions without re-running the entire RFC
   publication process.

Discussion Venues

   This note is to be removed before publishing as an RFC.

   Source for this draft and an issue tracker can be found at
   https://github.com/ekr/draft-rescorla-rfc-jit.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 14 August 2024.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.








Rescorla                 Expires 14 August 2024                 [Page 1]

Internet-Draft                   RFC JIT                   February 2024


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   3
   3.  Requirements  . . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Generic Structure . . . . . . . . . . . . . . . . . . . . . .   3
   5.  Mapping onto the RFC Series . . . . . . . . . . . . . . . . .   4
   6.  IETF Consensus  . . . . . . . . . . . . . . . . . . . . . . .   4
   7.  Version Publication Logistics . . . . . . . . . . . . . . . .   5
   8.  Published Version Adjustments . . . . . . . . . . . . . . . .   6
     8.1.  Published Versions  . . . . . . . . . . . . . . . . . . .   6
     8.2.  XML . . . . . . . . . . . . . . . . . . . . . . . . . . .   7
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     11.1.  Normative References . . . . . . . . . . . . . . . . . .   7
     11.2.  Informative References . . . . . . . . . . . . . . . . .   7
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .   7
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   The current RFC publication process is unwieldy and slow.  This is a
   poor match for an environment where protocol specifications routinely
   see wide deployment well in advance of IESG approval, let alone RFC
   publication.  Despite the long publication time, RFCs also routinely
   contain errors (as an example, TLS 1.3 [RFC8446] currently has >40
   errata).  However, fixing these errors is prohibitively difficult as
   it currently requires publishing a new RFC, which incurs new delay,
   at which point new errors will have accumulated and the cycle begins
   again.

   This document proposes a new approach to RFC publication, termed
   "just-in-time" (JIT) publication, which is designed to address this
   issue.  JIT publication is centered around two basic ideas:

   *  A series of documents which are intended to be semantically
      identical, even though the text may be different.

   *  The ability to rapidly publish new documents within a series as
      soon as the requisite level of approval has been obtained.




Rescorla                 Expires 14 August 2024                 [Page 2]

Internet-Draft                   RFC JIT                   February 2024


   When put together, these allow us to cheaply address issues as they
   are discovered.  This document focuses on the IETF Stream as that is
   the dominant source of RFCs.  However, the contents potentially apply
   to other streams as well.

2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Requirements

   The method in this document is intended to balance a number of
   requirements.

   *  Easy updating: Once a document is published it MUST be easy to
      make non-semantic changes (editorial fixes, clarifications, etc.)
      without re-running the whole process.

   *  Referential Integrity: It MUST be possible to reference a specific
      version of a document (i.e., the exact bits).

   *  Semantic References: It MUST be possible to reference a document
      as a semantic entity, including whatever editorial updates have
      been made.

4.  Generic Structure

   This section describes a generic publication structure that does not
   take into account the RFC Series.  In Section 5 we describe how it
   might be mapped onto the existing RFC Series.  It makes use of a two-
   level structure of Document and Version.

   *  Documents refer to the semantics of a given specification and thus
      may appear in multiple Versions.  Each document has a document
      identifier D which is persistent through the life of the document
      and refers to the latest Version.

   *  Versions refer to specific instances of a Document.  All versions
      of a given document have the same semantics.  Each version has a
      unique version identifier under the document, as in D.V,
      indicating version V of document D.






Rescorla                 Expires 14 August 2024                 [Page 3]

Internet-Draft                   RFC JIT                   February 2024


   In this design, documents would proceed through the process as usual
   until they were first published as an RFC.  At the point where they
   were published by the RPC they would receive a document identifier
   and the initial version would be published, e.g., at https://rfc-
   editor.org/documents/D.0.

   Once the initial version was published, new versions could be
   immediately published based on approval from the Area Director (or
   perhaps the WG Chair), who would be responsible for confirming that
   the changes did not change the document semantics.

   This process allows for errata, etc. to be immediately applied to the
   document in place.  Note that this is consistent with AUTH48 process
   because the AD can sign off on changes after IESG approval (see
   Section 6 for more on this).  Moreover, the stakes here are quite low
   because we can always publish a new Version that reverts any change
   which has been inappropriately applied.

5.  Mapping onto the RFC Series

   There are at least two ways to map this onto the existing RFC Series,
   which only has one level with each RFC being unchanging.

   *  Add a new level of Document identifiers with RFCs as versions
      (e.g., D1234.1 -> RFC 123456)

   *  Add a new level of Version below RFC (e.g., RFC8446.0, RFC8446.1,
      etc.), with the main RFC# pointing to the most current version.

   Either of these would probably work, and which people prefer to some
   extent depends on their priors.  However, it's worth noting that the
   former approach would create a new reference that people would
   generally be pointed to that wasn't RFCs, whereas the second would
   not.  In addition, it would start to burn through the RFC numbers
   very quickly, especially if each erratum creates a new version.

6.  IETF Consensus

   All IETF Stream documents require IETF rough consensus [RFC8789].  As
   with the existing publication process, the combination of IETF Last
   Call and IESG review is intended to ensure that the initial published
   document as reviewed by the IESG has IETF Consensus.  The JIT
   publication process in principle allows for subsequent revisions to
   incorporate material that does not have consensus.  This would be a
   process violation because ADs are supposed to only approve non-
   semantic changes, but of course ADs might make mistakes.





Rescorla                 Expires 14 August 2024                 [Page 4]

Internet-Draft                   RFC JIT                   February 2024


   However, it is _already_ possible to introduce non-consensus changes
   in RFCs during AUTH48.  Authors routinely make changes to RFCs during
   the AUTH48 process; the RPC does not prevent these changes but just
   requires that substantive changes be approved by the appropriate AD.
   This proposal extends the period when changes can be made past
   initial RFC publication but the risk of non-consensus changes being
   mistakenly made is mitigated by several factors:

   1.  Changes are explicitly restricted to those without any semantic
       content, whereas AUTH48 changes can be semantically meaningful at
       the ADs discretion.  The RPC could detect at least some of these
       cases, as they do now.

   2.  Any such changes are clearly visible as a diff from the previous
       version, so this situation is readily detectable.  One could
       imagine having a short "objection period" between approval and
       publication to allow for incorrect changes to be detected.

   3.  It is trivial to publish a new version reverting any non-
       consensus changes.

   Together, these changes minimize the risk of semantic changes being
   introduced to published RFCs.

   As a side effect, JIT publication may also make AUTH48 faster, as
   authors would not need to worry so much about having every single
   sentence be perfect.

7.  Version Publication Logistics

   Once the RPC has published the initial version of an RFC, it should
   be trivial to make a change and re-spin the document without
   significant work by the RPC.  Ideally, there would be a simple
   process in which the changes were proposed, approved by the ADs,
   vetted by the RPC and then mechanically published as a new RFC
   version.  This should only require changing the specific text, rather
   than metadata, etc., which should all change automatically.

   For readers familiar with GitHub, one could imagine this a workflow
   powered by GitHub actions:

   1.  Once the RFC is published, the XML is published on GitHub (e.g.,
       in a repo containing the XML for every RFC).

   2.  The proposed change is submitted as a pull request to the XML.

   3.  A GitHub action automatically generates the resulting publication
       formats (HTML, TXT, PDF) for review.



Rescorla                 Expires 14 August 2024                 [Page 5]

Internet-Draft                   RFC JIT                   February 2024


   4.  The AD approves the pull request.

   5.  Upon AD approval and verification that no inappropriate changes
       have been made, the RPC merges the pull request.

   6.  A GitHub action publishes the RFC Version.

   Obviously, these processes need not be based on GitHub, but this
   example illustrates the desired level of automation.

8.  Published Version Adjustments

8.1.  Published Versions

   With JIT RFC publication, we will have multiple versions of the same
   semantic document, which means that we need some way to help readers
   keep track of the state of the documents.  Minimally:

   *  There needs to be a semantic reference that points to the most
      recent Version of the document.  This reference is stable but the
      target is updated whenever a new version is published.

   *  There should be an associated document/page which lists each
      Version of the document along with a brief summary of the changes
      (think "git log").

   *  Each Version of the document should have an affordance which
      allows the reader to (1) find previous Versions of the document
      and (2) see what changes were made in this Version

   For instance, if we were to use RFC number as the stable reference,
   then:

   *  A reader could always get the most recent Version of a document by
      going to the semantic reference at https://rfc-
      editor.org/documents/RFC12345

   *  The individual versions of the documents would be at https://rfc-
      editor.org/documents/RFC12345.0, https://rfc-editor.org/documents/
      RFC12345.1, etc.

   *  The list of all Versions might live at https://rfc-
      editor.org/versions/RFC12345








Rescorla                 Expires 14 August 2024                 [Page 6]

Internet-Draft                   RFC JIT                   February 2024


8.2.  XML

   If we expect people to make changes directly to the published XML,
   it's important that that the XML be as legible as possible.
   Currently, the XML produced by the preptool is significantly harder
   to read than the editorial XML that people work on.  Simplifying that
   XML would be valuable in terms of user ergonomics, but can be pursued
   in parallel to the changes proposed here.

9.  Security Considerations

   This document in theory might make it possible to make semantically
   relevant changes to RFCs post-publication, which could have security
   implications.  In the event that this happens, it is straightforward
   to revert these changes.

10.  IANA Considerations

   This document has no IANA actions.

11.  References

11.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

11.2.  Informative References

   [RFC8446]  Rescorla, E., "The Transport Layer Security (TLS) Protocol
              Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
              <https://www.rfc-editor.org/rfc/rfc8446>.

   [RFC8789]  Halpern, J., Ed. and E. Rescorla, Ed., "IETF Stream
              Documents Require IETF Rough Consensus", BCP 9, RFC 8789,
              DOI 10.17487/RFC8789, June 2020,
              <https://www.rfc-editor.org/rfc/rfc8789>.

Acknowledgments

   TODO acknowledge.




Rescorla                 Expires 14 August 2024                 [Page 7]

Internet-Draft                   RFC JIT                   February 2024


Author's Address

   Eric Rescorla
   Windy Hill Systems, LLC
   Email: ekr@rtfm.com














































Rescorla                 Expires 14 August 2024                 [Page 8]