From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc2360.txt | 1123 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1123 insertions(+) create mode 100644 doc/rfc/rfc2360.txt (limited to 'doc/rfc/rfc2360.txt') diff --git a/doc/rfc/rfc2360.txt b/doc/rfc/rfc2360.txt new file mode 100644 index 0000000..4353db5 --- /dev/null +++ b/doc/rfc/rfc2360.txt @@ -0,0 +1,1123 @@ + + + + + + +Network Working Group G. Scott, Editor +Request for Comments: 2360 Defense Information Systems Agency +BCP: 22 June 1998 +Category: Best Current Practice + + + Guide for Internet Standards Writers + +Status of this Memo + + This document specifies an Internet Best Current Practices for the + Internet Community, and requests discussion and suggestions for + improvements. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (1998). All Rights Reserved. + +Abstract + + This document is a guide for Internet standard writers. It defines + those characteristics that make standards coherent, unambiguous, and + easy to interpret. In addition, it singles out usage believed to + have led to unclear specifications, resulting in non-interoperable + interpretations in the past. These guidelines are to be used with + RFC 2223, "Instructions to RFC Authors". + +Table of Contents + + 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . 2 + 2 General Guidelines . . . . . . . . . . . . . . . . . . . . . 2 + 2.1 Discussion of Security . . . . . . . . . . . . . . . . . . . 3 + 2.2 Protocol Description . . . . . . . . . . . . . . . . . . . 4 + 2.3 Target Audience . . . . . . . . . . . . . . . . . . . . . . 5 + 2.4 Level of Detail . . . . . . . . . . . . . . . . . . . . . . 5 + 2.5 Change Logs . . . . . . . . . . . . . . . . . . . . . . . . 6 + 2.6 Protocol Versions . . . . . . . . . . . . . . . . . . . . . 6 + 2.7 Decision History . . . . . . . . . . . . . . . . . . . . . 6 + 2.8 Response to Out of Specification Behavior . . . . . . . . . 6 + 2.9 The Liberal/Conservative Rule . . . . . . . . . . . . . . . 7 + 2.10 Handling of Protocol Options . . . . . . . . . . . . . . . 8 + 2.11 Indicating Requirement Levels . . . . . . . . . . . . . . . 9 + 2.12 Notational Conventions . . . . . . . . . . . . . . . . . . . 9 + 2.13 IANA Considerations . . . . . . . . . . . . . . . . . . . 10 + 2.14 Network Management Considerations . . . . . . . . . . . . 10 + 2.15 Scalability Considerations . . . . . . . . . . . . . . . . 10 + 2.16 Network Stability . . . . . . . . . . . . . . . . . . . . 11 + 2.17 Internationalization . . . . . . . . . . . . . . . . . . . 11 + + + +Scott Best Current Practice [Page 1] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + 2.18 Glossary . . . . . . . . . . . . . . . . . . . . . . . . 11 + 3 Specific Guidelines . . . . . . . . . . . . . . . . . . . 12 + 3.1 Packet Diagrams . . . . . . . . . . . . . . . . . . . . . 12 + 3.2 Summary Tables . . . . . . . . . . . . . . . . . . . . . 13 + 3.3 State Machine Descriptions . . . . . . . . . . . . . . . . 13 + 4 Document Checklist . . . . . . . . . . . . . . . . . . . . 15 + 5 Security Considerations . . . . . . . . . . . . . . . . . 16 + 6 References . . . . . . . . . . . . . . . . . . . . . . . . 16 + 7 Acknowledgments . . . . . . . . . . . . . . . . . . . . . 18 + 8 Editor's Address . . . . . . . . . . . . . . . . . . . . . 18 + 9 Appendix . . . . . . . . . . . . . . . . . . . . . . . . . 19 + 10 Full Copyright Statement . . . . . . . . . . . . . . . . . 20 + +1 Introduction + + This document is a guide for Internet standard writers. It offers + guidelines on how to write a standards-track document with clarity, + precision, and completeness. These guidelines are based on both + prior successful and unsuccessful IETF specification experiences. + These guidelines are to be used with RFC 2223, "Instructions to RFC + Authors", or its update. Note that some guidelines may not apply in + certain situations. + + The goal is to increase the possibility that multiple implementations + of a protocol will interoperate. Writing specifications to these + guidelines will not guarantee interoperability. However, a + recognized barrier to the creation of interoperable protocol + implementations is unclear specifications. + + Many will benefit from having well-written protocol specifications. + Implementers will have a better chance to conform to the protocol + specification. Protocol testers can use the specification to derive + unambiguous testable statements. Purchasers and users of the + protocol will have a better understanding of its capabilities. + + For further information on the process for standardizing protocols + and procedures please refer to BCP 9/RFC 2026, "The Internet + Standards Process -- Revision 3". In addition, some considerations + for protocol design are given in RFC 1958, "Architectural Principles + of the Internet". + +2 General Guidelines + + It is important that multiple readers and implementers of a standard + have the same understanding of a document. To this end, information + should be orderly and detailed. The following are general guidelines + intended to help in the production of such a document. The IESG may + require that all or some of the following sections appear in a + + + +Scott Best Current Practice [Page 2] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + standards track document. + +2.1 Discussion of Security + + If the Internet is to achieve its full potential in commercial, + governmental, and personal affairs, it must assure users that their + information transfers are free from tampering or compromise. Well- + written security sections in standards-track documents can help + promote the confidence level required. Above all, new protocols and + practices must not worsen overall Internet security. + + A significant threat to the Internet comes from those individuals who + are motivated and capable of exploiting circumstances, events, or + vulnerabilities of the system to cause harm. In addition, deliberate + or inadvertent user behavior may expose the system to attack or + exploitation. The harm could range from disrupting or denying + network service, to damaging user systems. Additionally, information + disclosure could provide the means to attack another system, or + reveal patterns of behavior that could be used to harm an individual, + organization, or network. This is a particular concern with + standards that define a portion of the Management Information Base + (MIB). + + Standards authors must accept that the protocol they specify will be + subject to attack. They are responsible for determining what attacks + are possible, and for detailing the nature of the attacks in the + document. Otherwise, they must convincingly argue that attack is not + realistic in a specific environment, and restrict the use of the + protocol to that environment. + + After the document has exhaustively identified the security risks the + protocol is exposed to, the authors must formulate and detail a + defense against those attacks. They must discuss the applicable + countermeasures employed, or the risk the user is accepting by using + the protocol. The countermeasures may be provided by a protocol + mechanism or by reliance on external mechanisms. Authors should be + knowledgeable of existing security mechanisms, and reuse them if + practical. When a cryptographic algorithm is used, the protocol + should be written to permit its substitution with another algorithm + in the future. Finally, the authors should discuss implementation + hints or guidelines, e.g., how to deal with untrustworthy data or + peer systems. + + Security measures will have an impact within the environment that + they are used. Perhaps users will now be constrained on what they + can do in the Internet, or will experience degradation in the speed + of service. The effects the security measures have on the protocol's + use and performance should be discussed. + + + +Scott Best Current Practice [Page 3] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + The discussion of security can be concentrated in the Security + Considerations section of the document, or throughout the document + where it is relevant to particular parts of the specification. An + advantage of the second approach is that it ensures security is an + integral part of the protocol's development, rather than something + that is a follow-on or secondary effort. If security is discussed + throughout the document, the Security Considerations section must + summarize and refer to the appropriate specification sections. This + will insure that the protocol's security measures are emphasized to + implementer and user both. + + Within the Security Considerations section, a discussion of the path + not taken may be appropriate. There may be several security + mechanisms that were not selected for a variety of reasons: cost or + difficulty of implementation, or ineffectiveness for a given network + environment. By listing the mechanisms they did not use and the + reasons, editors can demonstrate that the protocol's WG gave security + the necessary thought. In addition, this gives the protocol's users + the information they need to consider whether one of the non-selected + mechanisms would be better suited to their particular requirements. + + A document giving further guidance on security topics is in + development. Authors should obtain a copy of the completed RFC to + help them prepare the security portion of the standard. + + Finally, it is no longer acceptable that Security Considerations + sections consist solely of statements to the effect that security was + not considered in preparing the standard. + + Some examples of Security Considerations sections are found in STD + 33/RFC 1350, STD 51/RFC 1662, and STD 53/RFC 1939. RFC 2316, "Report + of the IAB Security Architecture Workshop", provides additional + information in this topic area. + +2.2 Protocol Description + + Standards track documents must include a description of the protocol. + This description must address the protocol's purpose, intended + functions, services it provides, and, the arena, circumstances, or + any special considerations of the protocol's use. + + The authors of a protocol specification will have a great deal of + knowledge as to the reason for the protocol. However, the reader is + more likely to have general networking knowledge and experience, + rather than expertise in a particular protocol. An explanation of + it's purpose and use will give the reader a reference point for + + + + + +Scott Best Current Practice [Page 4] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + understanding the protocol, and where it fits in the Internet. The + STD 54/RFC 2328 was recommended to the STDGUIDE working group as + providing a good example of this in its "Protocol Overview" section. + + The protocol's general description must also provide information on + the relationship between the different parties to the protocol. This + can be done by showing typical packet sequences. + + This also applies to the algorithms used by a protocol. A detailed + description of the algorithms or citation of readily available + references that give such a description is necessary. + +2.3 Target Audience + + RFCs have been written with many different purposes, ranging from the + technical to the administrative. Those written as standards should + clearly identify the intended audience, for example, designers, + implementers, testers, help desk personnel, educators, end users, or + others. If there are multiple audiences being addressed in the + document, the section for each audience needs to be identified. The + goal is to help the reader discover and focus on what they have + turned to the document for, and avoid what they may find confusing, + diverting, or extraneous. + +2.4 Level of Detail + + The author should consider what level of descriptive detail best + conveys the protocol's intent. Concise text has several advantages. + It makes the document easier to read. Such text reduces the chance + for conflict between different portions of the specification. The + reader can readily identify the required protocol mechanisms in the + standard. In addition, it makes it easier to identify the + requirements for protocol implementation. A disadvantage of concise + descriptions is that a reader may not fully comprehend the reasoning + behind the protocol, and thus make assumptions that will lead to + implementation errors. + + Longer descriptions may be necessary to explain purpose, background, + rationale, implementation experience, or to provide tutorial + information. This helps the reader understand the protocol. Yet, + several dangers exist with lengthy text. Finding the protocol + requirements in the text is difficult or confusing. The same + mechanism may have multiple descriptions, which leads to + misinterpretation or conflict. Finally, it is more difficult to + comprehend, a consideration as English is not the native language of + the many worldwide readers of IETF standards. + + + + + +Scott Best Current Practice [Page 5] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + One approach is to divide the standard into sections: one describing + the protocol concisely, while another section consists of explanatory + text. The STD 3/RFC 1122/RFC 1123 and STD 54/RFC 2328 provides + examples of this method. + +2.5 Change Logs + + As a document moves along the standards track, from Proposed to Draft + or Draft to Full, or cycles in level, it will undergo changes due to + better understanding of the protocol or implementation experience. To + help implementers track the changes being made a log showing what has + changed from the previous version of the specification is required + (see Appendix). + +2.6 Protocol Versions + + Often the standard is specifying a new version of an existing + protocol. In such a case, the authors should detail the differences + between the previous version and the new version. This should + include the rationale for the changes, for example, implementation + experience, changes in technology, responding to user demand, etc. + +2.7 Decision History + + In standards development, reaching consensus requires making + difficult choices. These choices are made through working group + discussions or from implementation experience. By including the + basis for a contentious decision, the author can prevent future + revisiting of these disagreements when the original parties have + moved on. In addition, the knowledge of the "why" is as useful to an + implementer as the description of "how". For example, the + alternative not taken may have been simpler to implement, so + including the reasons behind the choice may prevent future + implementers from taking nonstandard shortcuts. + +2.8 Response to Out of Specification Behavior + + A detail description of the actions taken in case of behavior that is + deviant from or exceeds the specification is useful. This is an area + where implementers often differ in opinion as to the appropriate + response. By specifying a common response, the standard author can + reduce the risk that different implementations will come in to + conflict. + + The standard should describe responses to behavior explicitly + forbidden or out of the boundaries defined by the specification. Two + possible approaches to such cases are discarding, or invoking error- + handling mechanisms. If discarding is chosen, detailing the + + + +Scott Best Current Practice [Page 6] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + disposition may be necessary. For instance, treat dropped frames as + if they were never received, or reset an existing connection or + adjacency state. + + The specification should describe actions taken when a critical + resource or a performance-scaling limit is exceeded. This is + necessary for cases where a risk of network degradation or + operational failure exists. In such cases, a consistent behavior + between implementations is necessary. + +2.9 The Liberal/Conservative Rule + + A rule, first stated in STD 5/RFC 791, recognized as having benefits + in implementation robustness and interoperability is: + + "Be liberal in what you accept, and + conservative in what you send". + + Or establish restrictions on what a protocol transmits, but be able + to deal with every conceivable error received. Caution is urged in + applying this approach in standards track protocols. It has in the + past lead to conflicts between vendors when interoperability fails. + The sender accuses the receiver of failing to be liberal enough, and + the receiver accuses the sender of not being conservative enough. + Therefore, the author is obligated to provide extensive detail on + send and receive behavior. + + To avoid any confusion between the two, recommend that standard + authors specify send and receive behavior separately. The + description of reception will require the most detailing. For + implementations are expected to continue operating regardless of + error received. Therefore, the actions taken to achieve that result, + need to be laid out in the protocol specification. Standard authors + should concern themselves on achieving a level of cooperation that + limits network disruption, not just how to survive on the network. + The appearance of undefined information or conditions must not cause + a network or host failure. This requires specification on how to + attempt acceptance of most of the packets. Two approaches are + available, either using as much of the packet's content as possible, + or invoking error procedures. The author should specify a dividing + line on when to take which approach. + + A case for consideration is that of a routing protocol, where + acceptance of flawed information can cause network failure. For + protocols such as this, the specification should identify packets + that could have different interpretations and mandate that they be + rejected completely or the nature of the attempt to recover some + information from them. For example, routing updates that contain + + + +Scott Best Current Practice [Page 7] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + more data than the tuple count shows. The protocol authors should + consider whether some trailing data can be accepted as additional + routes, or to reject the entire packet as suspect because it is non- + conformant. + +2.10 Handling of Protocol Options + + Specifications with many optional features increase the complexity of + the implementation and the chance of non-interoperable + implementations. The danger is that different implementations may + specify some combination of options that are unable to interoperate + with each other. + + As the document moves along the standard track, implementation + experience shall determine the need for each option. Implementation + shall show whether the option should be a mandatory part of the + protocol or remain an option. If an option is not implemented as the + document advances, it must be removed from the protocol before it + reaches draft standard status. + + Therefore, options shall only be present in a protocol to address a + real requirement. For example, options can support future + extensibility of the protocol, a particular market, e.g., the + financial industry, or a specific network environment, e.g., a + network constrained by limited bandwidth. They shall not be included + as a means to "buy-off" a minority opinion. Omission of the optional + item shall have no interoperability consequences for the + implementation that does so. + + One possible approach is to document protocol options in a separate + specification. This keeps the main protocol specification clean and + makes it clear that the options are not required to implement the + protocol. Regardless of whether they appear within the specification + or in a separate document, the text shall discuss the full + implications of either using the option or not, and the case for + choosing either course. As part of this, the author needs to + consider and describe how the options are used alongside other + protocols. The text must also specify the default conditions of all + options. For security checking options the default condition is on + or enabled. + + There are occasions when mutually exclusive options appear within the + protocol. That is, the implementation of an optional feature + precludes the implementation of the other optional feature. For + clarity, the author needs to state when to implement one or the + other, what the effect of choosing one over the other is, and what + + + + + +Scott Best Current Practice [Page 8] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + problems the implementer or user may face. The choice of one or the + other options shall have no interoperability consequences between + multiple implementations. + +2.11 Indicating Requirement Levels + + The BCP 14/RFC 2119, "Key words for use in RFCs to Indicate + Requirement Level", defines several words that are necessary for + writing a standards track document. Editors of standards track + documents must not deviate from the definitions provided as they are + intended to identify interoperability requirements or limit + potentially harmful behavior. The capitalization of these words is + the accepted norm, and can help in identifying an unintentional or + unreasonable requirement. These words have been used in several RFCs + the first instances being STD 3/RFC 1122/RFC 1123. + +2.12 Notational Conventions + + Formal syntax notations can be used to define complicated protocol + concepts or data types, and to specify values of these data types. + This permits the protocol to be written without concern on how the + implementation is constructed, or how the data type is represented + during transfer. The specification is simplified because it can be + presented as "axioms" that will be proven by implementation. + + The formal specification of the syntax used should be referenced in + the text of the standard. Any extensions, subsets, alterations, or + exceptions to that formal syntax should be defined within the + standard. + + The STD 11/RFC 822 provides an example of this. In RFC 822 (Section + 2 and Appendix D) the Backus-Naur Form (BNF) meta-language was + extended to make its representation smaller and easier to understand. + Another example is STD 16/RFC 1155 (Section 3.2) where a subset of + the Abstract Syntax Notation One (ASN.1) is defined. + + The author of a standards track protocol needs to consider several + things before they use a formal syntax notation. Is the formal + specification language being used parseable by an existing machine? + If no parser exists, is there enough information provided in the + specification to permit the building of a parser? If not, it is + likely the reader will not have enough information to decide what the + notation means. In addition, the author should remember machine + parseable syntax is often unreadable by humans, and can make the + specification excessive in length. Therefore, syntax notations + cannot take the place of a clearly written protocol description. + + + + + +Scott Best Current Practice [Page 9] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + +2.13 IANA Considerations + + The common use of the Internet standard track protocols by the + Internet community requires that unique values be assigned to + parameter fields. An IETF WG does not have the authority to assign + these values for the protocol it developed. The Internet Assigned + Numbers Authority (IANA) is the central authority for the assignment + of unique parameter values for Internet protocols. The authors of a + developing protocol need to coordinate with the IANA the rules and + procedures to manage the number space. This coordination needs to be + completed prior to submitting the Internet Draft to the standards + track. + + A document is in preparation that discusses issues related to + identifier assignment policy and guidelines on specific text to task + IANA with its administration. Standard authors should obtain a copy + of it when it is finalized as an RFC. + + For further information on parameter assignment and current + assignments, authors can reference STD 2, RFC 1700, "Assigned + Numbers" (http://www.iana.org). + +2.14 Network Management Considerations + + When relevant, each standard needs to discuss how to manage the + protocol being specified. This management process should be + compatible with the current IETF Standard management protocol. In + addition, a MIB must be defined within the standard or in a companion + document. The MIB must be compatible with current Structure of + Management Information (SMI) and parseable using a tool such as + SMICng. Where management or a MIB is not necessary this section of + the standard should explain the reason it is not relevant to the + protocol. + +2.15 Scalability Considerations + + The standard should establish the limitations on the scale of use, + e.g., tens of millions of sessions, gigabits per second, etc., and + establish limits on the resources used, e.g., round trip time, + computing resources, etc. This is important because it establishes + the ability of the network to accommodate the number of users and the + complexity of their relations. The STD 53/RFC 1939 has an example of + such a section. If this is not applicable to the protocol, an + explanation of why not should be included. + + + + + + + +Scott Best Current Practice [Page 10] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + +2.16 Network Stability + + A standard should discuss the relationship between network topology + and convergence behavior. As part of this, any topology that would + be troublesome for the protocol should be identified. Additionally, + the specification should address any possible destabilizing events, + and means by which the protocol resists or recovers from them. The + purpose is to insure that the network will stabilize, in a timely + fashion, after a change, and that a combination of errors or events + will not plunge the network into chaos. The STD 34/RFC 1058, as an + example, has sections which discuss how that protocol handles the + affects of changing topology. + + The obvious case this would apply to is a routing protocol. However, + an application protocol could also have dynamic behavior that would + affect the network. For example, a messaging protocol could suddenly + dump a large number of messages onto the network. Therefore, editors + of an application protocol will have to consider possible impacts to + network stability and convergence behavior. + +2.17 Internationalization + + At one time the Internet had a geographic boundary and was English + only. The Internet now extends internationally. Therefore, data is + interchanged in a variety of languages and character sets. In order + to meet the requirements of an international Internet, a standard + must conform to the policies stated in BCP 18/RFC 2277, "IETF Policy + on Character Sets and Languages". + +2.18 Glossary + + Every standards track RFC should have a glossary, as words can have + many meanings. By defining any new words introduced, the author can + avoid confusing or misleading the implementers. The definition + should appear on the word's first appearance within the text of the + protocol specification, and in a separate glossary section. + + It is likely that definition of the protocol will rely on many words + frequently used in IETF documents. All authors must be knowledgeable + of the common accepted definitions of these frequently used words. + FYI 18/RFC 1983, "Internet Users' Glossary", provides definitions + that are specific to the Internet. Any deviation from these + definitions by authors is strongly discouraged. If circumstances + require deviation, an author should state that he is altering the + commonly accepted definition, and provide rationale as to the + necessity of doing so. The altered definition must be included in + the Glossary section. + + + + +Scott Best Current Practice [Page 11] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + If the author uses the word as commonly defined, she does not have to + include the definition in the glossary. As a minimum, FYI 18/RFC + 1983 should be referenced as a source. + +3 Specific Guidelines + + The following are guidelines on how to present specific technical + information in standards. + +3.1 Packet Diagrams + + Most link, network, and transport layer protocols have packet + descriptions. Packet diagrams included in the standard are very + helpful to the reader. The preferred form for packet diagrams is a + sequence of long words in network byte order, with each word + horizontal on the page and bit numbering at the top: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |Version| Prio. | Flow Label | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + In cases where a packet is strongly byte-aligned rather than word- + aligned (e.g., when byte-boundary variable-length fields are used), + display packet diagrams in a byte-wide format. The author can use + different height boxes for short and long words, and broken boxes for + variable-length fields: + + 0 1 2 3 4 5 6 7 + +-+-+-+-+-+-+-+-+ + | Length N | + +-+-+-+-+-+-+-+-+ + | | + + Address + + ... + + (N bytes) + + | | + +-+-+-+-+-+-+-+-+ + | | + + 2-byte field + + | | + +-+-+-+-+-+-+-+-+ + + + + + + + + +Scott Best Current Practice [Page 12] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + +3.2 Summary Tables + + The specifications of some protocols are particularly lengthy, + sometimes covering a hundred pages or more. In such cases, the + inclusion of a summary table can reduce the risk of conformance + failure by an implementation through oversight. A summary table + itemizes what in a protocol is mandatory, optional, or prohibited. + Summary tables do not guarantee conformance, but serve to assist an + implementer in checking that they have addressed all protocol + features. + + The summary table will consist of, as a minimum, four (4) columns: + Protocol Feature, Section Reference, Status, and + References/Footnotes. The author may add columns if they further + explain or clarify the protocol. + + In the Protocol Feature column, list the protocol's characteristics, + for example, a command word. We recommend grouping series of related + transactions under descriptive headers, for example, RECEPTION. + + Section reference directs the implementer to the section, paragraph, + or page that describes the protocol feature in detail. + + Status indicates whether the feature is mandatory, optional, or + prohibited. The author can use either a separate column for each + possibility, or a single column with appropriate codes. These codes + need to be defined at the start of the summary table to avoid + confusion. Possible status codes: + + M - must or mandatory + MN - must not + O - optional + S - should + SN - should not + X - prohibited + + In the References/Footnotes column authors can point to other RFCs + that are necessary to consider in implementing this protocol feature, + or any footnotes necessary to explain the implementation further. + + The STD 3/RFC 1122/RFC 1123 provides examples of summary tables. + +3.3 State Machine Descriptions + + A convenient method of presenting a protocol's behavior is as a + state-machine model. That is, a protocol can be described by a + series of states resulting from a command, operation, or transaction. + State-machine models define the variables and constants that + + + +Scott Best Current Practice [Page 13] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + establish a state, the events that cause state transitions and the + actions that result from those transitions. Through these models, an + understanding of the protocol's dynamic operation as sequence of + state transitions that occur for any given event is possible. State + transitions can be detailed by diagrams, tables, or time lines. + + Note that state-machine models are never to take the place of + detailed text description of the specification. They are adjuncts to + the text. The protocol specification shall always take precedence in + the case of a conflict. + + When using a state transition diagram, show each possible protocol + state as a box connected by state transition arcs. The author should + label each arc with the event that causes the transition, and, in + parentheses, any actions taken during the transition. The STD 5/RFC + 1112 provides an example of such a diagram. As ASCII text is the + preferred storage format for RFCs, only simple diagrams are possible. + Tables can summarize more complex or extensive state transitions. + + In a state transition table, the different events are listed + vertically and the different states are listed horizontally. The + form, action/new state, represents state transitions and actions. + Commas separate multiple actions, and succeeding lines are used as + required. The authors should present multiple actions in the order + they must be executed, if relevant. Letters that follow the state + indicate an explanatory footnote. The dash ('-') indicates an + illegal transition. The STD 51/RFC 1661 provides an example of such + a state transition table. The initial columns and rows of that table + follow as an example: + + | State + | 0 1 2 3 4 5 + Events| Initial Starting Closed Stopped Closing Stopping + ------+----------------------------------------------------------- + Up | 2 irc,scr/6 - - - - + Down | - - 0 tls/1 0 1 + Open | tls/1 1 irc,scr/6 3r 5r 5r + Close| 0 tlf/0 2 2 4 4 + | + TO+ | - - - - str/4 str/5 + TO- | - - - - tlf/2 tlf/3 + + The STD 18/RFC 904 also presents state transitions in table format. + However, it lists transitions in the form n/a, where n is the next + state and a represents the action. The method in RFC 1661 is + preferred as new state logically follows action. In addition, RFC + 904's Appendix C models transitions as the Cartesian product of two + state machines. This is a more complex representation that may be + + + +Scott Best Current Practice [Page 14] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + difficult to comprehend for those readers that are unfamiliar with + the format. We recommend that authors present tables as defined in + the previous paragraph. + + A final method of representing state changes is by a time line. The + two sides of the time line represent the machines involved in the + exchange. The author lists the states the machines enter as time + progresses (downward) along the outside of time line. Within the + time line, show the actions that cause the state transitions. An + example: + + client server + + | | + | | LISTEN + SYN_SENT |----------------------- | + | \ syn j | + | ----------------->| SYN_RCVD + | | + | ------------------| + | syn k, ack j+1 / | + ESTABLISHED |<---------------------- | + | | + +4 Document Checklist + + The following is a checklist based on the above guidelines that can + be applied to a document: + + o Does it identify the security risks? Are countermeasures for each + potential attack provided? Are the effects of the security + measures on the operating environment detailed? + o Does it explain the purpose of the protocol or procedure? Are the + intended functions and services addressed? Does it describe how it + relates to existing protocols? + o Does it consider scaling and stability issues? + o Have procedures for assigning numbers been coordinated with IANA? + o Does it discuss how to manage the protocol being specified? Is a + MIB defined? + o Is a target audience defined? + o Does it reference or explain the algorithms used in the protocol? + o Does it give packet diagrams in recommended form, if applicable? + o Is there a change log? + o Does it describe differences from previous versions, if + applicable? + o Does it separate explanatory portions of the document from + requirements? + o Does it give examples of protocol operation? + + + +Scott Best Current Practice [Page 15] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + o Does it specify behavior in the face of incorrect operation by + other implementations? + o Does it delineate which packets should be accepted for processing + and which should be ignored? + o If multiple descriptions of a requirement are given, does it + identify one as binding? + o How many optional features does it specify? Does it separate them + into option classes? + o Have all combinations of options or option classes been examined + for incompatibility? + o Does it explain the rationale and use of options? + o Have all mandatory and optional requirements be identified and + documented by the accepted key words that define Internet + requirement levels? + o Does it conform to the current internationalization policies of + the IETF? + o Are the recommended meanings for common Internet terms used? + o If not, are new or altered definitions for terms given in a + glossary? + +5 Security Considerations + + This document does not define a protocol or procedure that could be + subject to an attack. It establishes guidelines for the information + that should be included in RFCs that are to be submitted to the + standards track. In the area of security, IETF standards authors are + called on to define clearly the threats faced by the protocol and the + way the protocol does or does not provide security assurances to the + user. + +6 References + + [RFC 791] Postel, J., "Internet Protocol (IP)", STD 5, RFC 791 + September 1981. + + [RFC 904] Mills, D., "Exterior Gateway Protocol formal + specification", RFC 904, April 1984. + + [RFC 1058] Hedrick, C., "Routing Information Protocol", STD 34, + RFC 1058, June 1988. + + [RFC 1112] Deering, S., "Host extensions for IP multicasting", + STD 5, RFC 1112, August 1989. + + [RFC 1122] Braden, R., "Requirements for Internet Hosts -- + Communication Layers", STD 3, RFC 1122, October 1989. + + + + + +Scott Best Current Practice [Page 16] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + + [RFC 1123] Braden, R., "Requirements for Internet hosts -- + Application and Support", STD 3, RFC 1123, October 1989. + + [RFC 1311] Postel, J., "Introduction to the STD Notes", RFC 1311, + March 1992. + + [RFC 1350] Sollins, K., "The TFTP Protocol (Revision 2)", STD 33, + RFC 1350, July 1992. + + [RFC 1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, + RFC 1661, July 1994. + + [RFC 1662] Simpson, W., "PPP in HLDC-like Framing", STD 51, RFC 1662, + July 1994. + + [RFC 1700] Reynolds, J., and J. Postel, "Assigned Numbers", STD 2, + RFC 1700, October 1994. (http://www.iana.org) + + [RFC 1939] Meyers, J., and M. Rose, "Post Office Protocol - Version + 3", STD 53, RFC 1939, May 1996. + + [RFC 1958] Carpenter, B., "Architectural Principles of the Internet", + RFC 1958, June 1996. + + [RFC 1983] Malkin, G., "Internet Users' Glossary", FYI 18, RFC 1983, + August 1996. + + [RFC 2026] Bradner, S., "The Internet Standards Process -- Revision 3", + RFC 2026, October 1996. + + [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Level", BCP 14, RFC 2119, March 1997. + + [RFC 2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998. + + [RFC 2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", + RFC 2223, October 1997. + + [RFC 2277] Alvestrand, H., "IETF Policy on Character Sets and + Language", RFC 2277, January 1998. + + [RFC 2316] Bellovin, S., "Report of the IAB Security Architecture + Workshop", RFC 2316, April 1998. + + + + + + + + +Scott Best Current Practice [Page 17] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + +7 Acknowledgments + + Peter Desnoyers and Art Mellor began the work on this document. + Others that contributed were: + + Bernard Aboba + Harald T. Alvestrand + Fred Baker + Scott Bradner + Brian Carpenter + Robert Elz + Dirk Fieldhouse + Dale Francisco + Gary Malkin + Neal McBurnett + Thomas Narten + Craig Partridge + Vern Paxson + Mike O'Dell + Henning Schulzrinne + Kurt Starsinic + James Watt + +8 Editor's Address + + Gregor D. Scott + Director, Defense Information Systems Agency + ATTN: JIEO-JEBBC + Ft. Monmouth, NJ 07703-5613 + USA + + Phone: (732) 427-6856 + Fax: (732) 532-0853 + EMail: scottg@ftm.disa.mil + + + + + + + + + + + + + + + + + +Scott Best Current Practice [Page 18] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + +9 Appendix + +CHANGES FROM DRAFT -06 + + The following changes were made following IESG review: + + References to RFC 1543 were changed to RFC 2223 that obsoleted it. + + In section 2.1, "export control" was dropped as a valid reason for + not selecting a security mechanism. In addition, ambiguous or + conflicting sentences were removed. + + In section 2.1 reference made to RFC 2315 as an additional source of + information. + + Section 2.5 was changed to highlight the Change Log's purpose as + assistance to implementers. + + The IANA Considerations section (2.13) was rewritten to highlight + that the IANA guidelines document is work in progress but should be + used when it becomes available. + + Section 3.4 Character Sets was deleted and replaced by section 2.17 + Internationalization. + + Spelling and grammar corrections were made. + +CHANGES FROM DRAFT -05 + + A sentence pointing to a pending document that further addresses IANA + considerations was added to section 2.13. The current draft of that + document is draft-iesg-iana-considerations-02.txt. A clause stating + that the IANA established the assignment policies was removed since it + appeared to conflict with the intent of the referenced ID. + Placeholders for the BCP and RFC number have been added to the text + and reference section. + + A new section (2.5) requiring change logs as documents progress along + the standards track was added. + + References to RFC 2044 were changed to RFC 2279 that obsoleted it. + + Spelling and grammar corrections were made. + +CHANGES FROM DRAFT -04 + + A paragraph pointing to a pending document that further addresses + security was updated. + + + +Scott Best Current Practice [Page 19] + +RFC 2360 Guide for Internet Standards Writers June 1998 + + +10 Full Copyright Statement + + Copyright (C) The Internet Society (1998). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + + + + + + + + + + + + + + + + + + + + + + + + +Scott Best Current Practice [Page 20] + -- cgit v1.2.3