RE: [TLS] Comments on draft-housley-tls-authz-extns-07

[Dean Anderson <dean at av8.com>]

On Mon, 11 Jun 2007 Pasi.Eronen at nokia.com wrote:

> Dean Anderson wrote:
> 
> > On Wed, 30 May 2007, Sam Hartman wrote:
> > > Dean, this is an excellent idea. Anyone who wants to including you
> > > can discuss alternatives to the technology. The availability of
> > > other ways to do this--particularly when combined with information
> > > about whether people are willing to do the necessary work to write
> > > up and implement these alternatives--would be great input to the
> > > IESG. I'd appreciate anything you can do in this regard.
> > 
> > To what working group should I take this work to?  Not TLS, it 
> > hasn't agreed (has affirmatively refused) to take on this work.
> 
> Dean: as you well know, most WG documents start as individual
> Internet-Drafts. This way, the WG has something concrete to read 
> when considering whether to take on the work as WG item or not.
> 
> Currently, no such draft exists. If, however, someone would write 
> such a draft, and ask the TLS WG to consider adopting it as WG 
> item, we would certainly consider it. Or yet in other words: 
> there certainly is *NO* blanket decision to refuse all work
> in this area.

One draft already exists: Housleys. And the working group will not work
on that draft, even after scandal compels interest. So why would anyone
expect it will work on another draft on the same subject? Kind of hard
to motivate people to put in work, when the group has already said it
won't take up the subject.

Most all decisions are subject to future review and reversal. But many
people look at past decisions for a clue to future decisions.

> <snip>
> > No working group will consider conducting this work.
> 
> Let's not forget that *all* work in IETF is done by people,
> not working groups. If nobody cares about this topic enough to 
> actually write a document and drive it forward, the question 
> of whether it should be WG item or not doesn't really apply.

We have one document. Maybe two.

Actually, I note that the TLS March '06 minutes for the discussion of
the housley draft say:

"A show of hands indicated that while a number of people are interested 
in this item, only two were interested enough to agree to review the 
document and comment. Thus, this item will continue as an individual 
item."

In some other groups, this would be enough interest to take up the
draft.  There's always more people on the list who make comments, than
come to meetings.  And I note this was before the scandal erupted. Now,
the scandal seems to have created an obligation to review the draft, and
it _still_ isn't a working group item. I find that objectionable.

The IESG can't remove the taint of scandal by itself. (hence the
assurance the TLS group would review the draft; wasn't much of an
assurance, it turns out).




I was also wondering about the disproportion to the fact that the TLS WG
has taken up a slew of authentication drafts, but no authorization
drafts. One seems complementary to the other.  There are some
implementations of Housley, people are interested in writing code.  Why
aren't people on the WG interested in authorization?  This seems odd to
me. Some clue here would be helpful.

		--Dean


-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   




_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls