Date: Mon, 27 Aug 2007 17:31:07 -0400 (EDT) From: Dean Anderson To: Tim Polk Subject: Re: future of tls-authz I got your message. I'll have to think about the response. It'll take a few days. Thanks, --Dean On Mon, 27 Aug 2007, Tim Polk wrote: > Dean, > > I don^Òt believe we have met, but I joined the IESG as an Area > Director for Security in March. As part of my duties as AD, I am > considering sponsor the tls-authz draft for consideration as an > Experimental track RFC. Given the complexity of the situation, I > would appreciate your input before I proceed. > > As a new AD, I would prefer not to pick up tls-authz ^Ö this job is > hard enough without seeking controversy! However, I am convinced of > the technical merits of the document, and believe it should be > published as an RFC. As the AD for TLS, the responsibility to > progress the document falls squarely on my shoulders. > > In addition to the technical contents of the document, I factored the > existence of independent implementations and the murky IPR situation > into my deliberations. Given all of the inputs, I have come to the > conclusion that tls-authz is appropriate for publication as an > experimental track RFC. To quote RFC 2026, ^ÓSuch a specification is > published for the general information of the Internet technical > community and as an archival record of the work.^Ô I believe that > the TLS working group^Òs review of the document satisfies the > requirement for ^Óadequate coordination with the standards process.^Ô > While some have advocated standards track for this specification, I > do not believe that all the properties of a proposed standard are > satisfied by the document. Specifically, it is not clear if the > document ^Óappears to enjoy enough community interest to be considered > valuable^Ô in light of the IPR issues. > > I am having a little trouble sorting out the applicable procedures > from this starting point, though. My reading of RFC 2026 indicates > two possibilities: > > (1) Under section 6.1.2, I could request IESG approval as an > Experimental RFC based on the results of the second IETF Last Call > for progression on standards track. ^ÓThe IESG could also decide to > change the publication category based on the response to a Last- > Call.^Ô This process would be most efficient, but the optics are not > optimal. > > (2) I could request a third IETF Last Call for consideration as an > experimental track document. I simply hate the idea of a third Last > Call for this document, since we haven^Òt identified any technical > issues during the first two rounds, but this would provide an > opportunity to clearly demonstrate that sufficient support for > publication in the Experimental track exists even with the IPR > situation. > > Given that alternative technical proposals have not been submitted, > and the TLS working group is not interested in taking this document > on, I don^Òt see any other mechanism to complete this work. > > I would greatly value your input on the two processes I outlined > above. Which of these processes would be most appropriate in your > opinion, given this starting point? Does an alternative process > exist that I have overlooked? I would be happy to have this > dialogue by email, or we could chat on the phone if you prefer. (My > office number is 301-975-3348.) If you prefer a phone conversation, > we should probably schedule a time and avoid playing phone tag. I am > currently available before 11:30 AM on Thursday the 30th, or anytime > on Friday the 31st. > > There is one additional issue I would like to highlight in this > email. Russ Housley and I are good friends and our families get > together socially a couple of times each year. We have co-authored a > number of IETF documents during the past decade, as well as the book > ^ÓPlanning For PKI^Ô. While this was not a factor in my consideration > of tls-authz, I would not want you to think I was hiding our friendship! > > Thanks, > > Tim Polk > > > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000