Date: Tue, 18 Sep 2007 17:28:31 -0400 (EDT) From: Dean Anderson To: Tim Polk Subject: Re: future of tls-authz It looks like you already picked a strategy; The datatracker shows that last Monday you changed the status to Experimental, Publication Requested. Since there is no community consensus supporting this document in either the TLS working group or in the larger IETF, how do you plan to show that there is an ISOC/IETF interest in advancing this draft? You do know that anything you do has to be in the interest of the IETF. Since there is no consensus supporting this document, it is difficult to see that the ISOC IETF Activity has an objective interest in promoting the patented standard, especially in light of the prior misconduct. I would also expect that since your are government employee, that your conflict of interest needs to comply with NIST/Government regulations covering conflict of interest. Do you agree? --Dean On Tue, 18 Sep 2007, Tim Polk wrote: > Hi Dean, > > I need to pick a strategy this week. I would certainly like to take > your input into account. Any chance you could send me your response > as it stands? > > Thanks, > > Tim > > On Sep 12, 2007, at 4:14 PM, Dean Anderson wrote: > > > Hi Tim, I've got a draft response just about finished. Hope to have it > > out tonight. > > > > --Dean > > > > On Fri, 7 Sep 2007, Tim Polk wrote: > > > >> Hi Dean, > >> > >> I hope you had a nice holiday - weather was terrific down here. Have > >> you had > >> any time to think about authz? I don't want to pressure you, but I > >> would like to > >> be done with this document - one way or another - before Vancouver. > >> > >> If you'd like to schedule a call, I am currently clear after 3:30 on > >> Monday, and after > >> 1:30 Tuesday and Wednesday. > >> > >> Thanks, > >> > >> Tim > >> > >> On Aug 28, 2007, at 8:58 AM, Tim Polk wrote: > >> > >>> Thanks! I appreciate you taking the time to consider my problem, > >>> and > >>> I'm looking forward to discussing it with you... > >>> > >>> Tim Polk > >>> > >>> On Aug 27, 2007, at 5:31 PM, Dean Anderson wrote: > >>> > >>>> I got your message. I'll have to think about the response. It'll > >>>> take a > >>>> few days. > >>>> > >>>> Thanks, > >>>> > >>>> --Dean > >>>> > >>>> On Mon, 27 Aug 2007, Tim Polk wrote: > >>>> > >>>>> Dean, > >>>>> > >>>>> I don^Òt believe we have met, but I joined the IESG as an Area > >>>>> Director for Security in March. As part of my duties as AD, I am > >>>>> considering sponsor the tls-authz draft for consideration as an > >>>>> Experimental track RFC. Given the complexity of the situation, I > >>>>> would appreciate your input before I proceed. > >>>>> > >>>>> As a new AD, I would prefer not to pick up tls-authz ^Ö this job is > >>>>> hard enough without seeking controversy! However, I am > >>>>> convinced of > >>>>> the technical merits of the document, and believe it should be > >>>>> published as an RFC. As the AD for TLS, the responsibility to > >>>>> progress the document falls squarely on my shoulders. > >>>>> > >>>>> In addition to the technical contents of the document, I factored > >>>>> the > >>>>> existence of independent implementations and the murky IPR > >>>>> situation > >>>>> into my deliberations. Given all of the inputs, I have come to > >>>>> the > >>>>> conclusion that tls-authz is appropriate for publication as an > >>>>> experimental track RFC. To quote RFC 2026, ^ÓSuch a > >>>>> specification is > >>>>> published for the general information of the Internet technical > >>>>> community and as an archival record of the work.^Ô I believe that > >>>>> the TLS working group^Òs review of the document satisfies the > >>>>> requirement for ^Óadequate coordination with the standards > >>>>> process.^Ô > >>>>> While some have advocated standards track for this > >>>>> specification, I > >>>>> do not believe that all the properties of a proposed standard are > >>>>> satisfied by the document. Specifically, it is not clear if the > >>>>> document ^Óappears to enjoy enough community interest to be > >>>>> considered > >>>>> valuable^Ô in light of the IPR issues. > >>>>> > >>>>> I am having a little trouble sorting out the applicable procedures > >>>>> from this starting point, though. My reading of RFC 2026 > >>>>> indicates > >>>>> two possibilities: > >>>>> > >>>>> (1) Under section 6.1.2, I could request IESG approval as an > >>>>> Experimental RFC based on the results of the second IETF Last Call > >>>>> for progression on standards track. ^ÓThe IESG could also > >>>>> decide to > >>>>> change the publication category based on the response to a Last- > >>>>> Call.^Ô This process would be most efficient, but the optics > >>>>> are not > >>>>> optimal. > >>>>> > >>>>> (2) I could request a third IETF Last Call for consideration as an > >>>>> experimental track document. I simply hate the idea of a third > >>>>> Last > >>>>> Call for this document, since we haven^Òt identified any technical > >>>>> issues during the first two rounds, but this would provide an > >>>>> opportunity to clearly demonstrate that sufficient support for > >>>>> publication in the Experimental track exists even with the IPR > >>>>> situation. > >>>>> > >>>>> Given that alternative technical proposals have not been > >>>>> submitted, > >>>>> and the TLS working group is not interested in taking this > >>>>> document > >>>>> on, I don^Òt see any other mechanism to complete this work. > >>>>> > >>>>> I would greatly value your input on the two processes I outlined > >>>>> above. Which of these processes would be most appropriate in your > >>>>> opinion, given this starting point? Does an alternative process > >>>>> exist that I have overlooked? I would be happy to have this > >>>>> dialogue by email, or we could chat on the phone if you > >>>>> prefer. (My > >>>>> office number is 301-975-3348.) If you prefer a phone > >>>>> conversation, > >>>>> we should probably schedule a time and avoid playing phone tag. > >>>>> I am > >>>>> currently available before 11:30 AM on Thursday the 30th, or > >>>>> anytime > >>>>> on Friday the 31st. > >>>>> > >>>>> There is one additional issue I would like to highlight in this > >>>>> email. Russ Housley and I are good friends and our families get > >>>>> together socially a couple of times each year. We have co- > >>>>> authored a > >>>>> number of IETF documents during the past decade, as well as the > >>>>> book > >>>>> ^ÓPlanning For PKI^Ô. While this was not a factor in my > >>>>> consideration > >>>>> of tls-authz, I would not want you to think I was hiding our > >>>>> friendship! > >>>>> > >>>>> Thanks, > >>>>> > >>>>> Tim Polk > >>>>> > >>>>> > >>>>> > >>>>> > >>>> > >>>> -- > >>>> Av8 Internet Prepared to pay a premium for better service? > >>>> www.av8.net faster, more reliable, better service > >>>> 617 344 9000 > >>>> > >>>> > >>> > >> > >> > >> > > > > -- > > Av8 Internet Prepared to pay a premium for better service? > > www.av8.net faster, more reliable, better service > > 617 344 9000 > > > > > > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000