Re: [TLS] Comments on draft-housley-tls-authz-extns-07

[Dean Anderson <dean at av8.com>]

On Wed, 30 May 2007, Sam Hartman wrote:

> >>>>> "Dean" == Dean Anderson <dean at av8.com> writes:
> 
>     Dean> I believe the IETF announced that it would be sending this
>     Dean> draft back to the 'starting gate'.  To me, that means that
>     Dean> TLS has to do several things:
> 
> Dean, Eric has corrected your statements about where this draft is in
> the process.  

Yes. I have to say, I'm not too happy about that, and am feeling misled
yet again.  I expected more effort than just posting an email requesting
comment to the TLS working group. I understood the TLS working group was
going to do some work on the draft to find out if the patented standard
is actually worth the trouble, and __approve__ or __reject__ the draft
independently of the IESG.  What is actually happening is less even than
a rubber-stamp. (a rubber stamp is -some- approval)

It seems your rubber-stamp process does not permit enough time to come
up with an alternative, nor is there any working group to work on doing
so.  It seems the deck is stacked for no change.

>     Dean> 1) Consider non-patented alternatives in accordance with
>     Dean> RFC2418 and RFC3979.
> 
> Dean, this is an excellent idea. Anyone who wants to including you can
> discuss alternatives to the technology. The availability of other ways
> to do this--particularly when combined with information about whether
> people are willing to do the necessary work to write up and implement
> these alternatives--would be great input to the IESG. I'd appreciate
> anything you can do in this regard.

To what working group should I take this work to?  Not TLS, it hasn't
agreed (has affirmatively refused) to take on this work.

> As an example, if all the implementers say that they prefer this
> solution to alternatives they have considered, and would implement
> this solution but not those alternatives, that would be a strong
> argument in favor of publication.  If on the other hand people say
> that they would write up an alternative and that they would implement
> the alternative, that would argue against publication.

No working group will consider conducting this work.

> What you may be assuming is that we have an obligation to conduct such
> a review or that we need to block our work until such a review is
> done.  

I think that RFC3979 includes an obligation to conduct such a review
even if cursory. I rather agree that RFC3979 needs further refinement on
the effort required in general and timing of the effort required.  

But in the present cirumstances, I think the scandal imposes an
obligation to __thoroughly__ review the matter; that means some kind of
notable, significant work at review must be done.  We need more than a
whitewash.

> so if you want to propose an alternative, you should do so.  If you
> know others who want to propose an alternative you should encourage
> them.

Yes, I do. Where should I tell them to go?  This subject is off-topic
for TLS after the chair refuses to take up the subject.  You can't have
it both ways; unless you _want_ a whitewash.

You've officially asked for comments, but this group refuses to do any
work on the matter.  A convenient conundrum; A catch-22.  And when no
work gets done, you "don't have to wait around before re-approving".  
That is a charade; A sham; A debacle.

> That's why we are soliciting comments.  The ietf list discussion was
> in the minds of some inconclusive.

Actually, I think it was ended in the premise that the TLS working group
would work on the document, and there is nothing to discuss until that
is done.

> We're soliciting review here in hopes that the discussion will lead to
> a clear consensus.

And how is anyone outside the IESG to know there was a clear consensus?  
No working group has worked on the tainted document, to remove the taint
of the previous IESG scandal.

>     Dean> 3) Pass a working group last-call, per RFC2026 and RFC2418.
> 
> Not applicable because this is not a WG document.

I think it _should_be_ made a working group document, and that someone
besides the IESG should put some effort into reviewing the document,
before it submitted back to the IESG.

This process, as it is, seems to be a sham. If I knew that earlier, I
would have said that to the IETF list; but I believed that you (Sam
Hartman) would ensure a proper thorough review.  

		--Dean



-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   









_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls