Date: Thu, 20 Sep 2007 18:33:18 -0400 (EDT) From: Dean Anderson To: Tim Polk Subject: Re: future of tls-authz On Wed, 19 Sep 2007, Tim Polk wrote: > Dean, > > On Sep 18, 2007, at 5:28 PM, Dean Anderson wrote: > > > It looks like you already picked a strategy; The datatracker shows > > that last Monday you changed the status to Experimental, Publication > > Requested. > > > > You will also find a number of other documents in the same state. > Some of them will be progressed, and some probably will not. As I > stated in my original message, I believe that Experimental publication > is appropriate for this document. I thought that was just one option you were considering. > > Since there is no community consensus supporting this document in > > either the TLS working group or in the larger IETF, how do you plan > > to show that there is an ISOC/IETF interest in advancing this draft? > > You do know that anything you do has to be in the interest of the > > IETF. Since there is no consensus supporting this document, it is > > difficult to see that the ISOC IETF Activity has an objective > > interest in promoting the patented standard, especially in light of > > the prior misconduct. > > > > I agree that consensus does not exist for standards track publication. I haven't seen any consensus for any kind of publication. > That is why I am leaning towards yet another Last Call, to determine > if consensus exists for progression as an Experimental RFC. I notice that there is no state transition out of state "Dead". How is it that the process allows a transition from state "Dead" to state "Publication Requested"? As you have altered the state in the datatracker database, I suppose you can next go directly to "IESG Evaluation", and then to "Approved - ..." etc. Of course, this seems to violate the notion of an open process, especially after the community has rejected the document several times. > I believe that publication is in the best interest of the community, > *in spite* of the document's history. I was hoping that you could > help identify the best way to determine if the community agreed with > me... I rather think the community disagrees with you, and has expressed that lack of interest through non-support in the TLS working group, and non-support on the IETF main list, and in the comments of Sam Hartman withdrawing his support as sponsoring A.D. > > I would also expect that since your are government employee, that > > your conflict of interest needs to comply with NIST/Government > > regulations covering conflict of interest. Do you agree? > > My actions need to meet IETF process requirements, government > regulations, and my own moral compass. I believe that my own moral > compass is more restrictive than either of the others. I do not have > any personal interest in this document; to be frank, I expect that > sponsoring it will be a painful experience. The fact that it is > self-inflicted won't provide much solace. But, I took the job and > this apparently comes with the territory. Your job doesn't compel you to revive this document after after the community did not support the document and the other security A.D. withdrew his support. You have already disclosed (to me) your personal interest in your close family relationship to Housley. So, it appears that, your moral compass needs some adjustment. To help you with that, I'd like to give you a quote from the "Restatement of the Law of Agency, Second": ========================= § 394. Acting for One with Conflicting Interests Unless otherwise agreed, an agent is subject to a duty not to act or to agree to act during the period of his agency for persons whose interests conflict with those of the principal in matters in which the agent is employed. § 394 Comment a. The rule stated in this section goes beyond that stated in Section 391, which is limited to situations in which the agent acts for an adverse party in a transaction to which the principal is a party. Under the rule stated in this Section, the agent commits a breach of duty to his principal by acting for another in an undertaking which has a substantial tendency to cause him to disregard his duty to serve his principal with only his principalās purposes in mind. [...] This is true although the agent does not agree to give his full time to the principalās business and does not use the time paid for by the principal in acting for another. The danger that he will not be impartial and that he will use confidential information obtained in the business of one in the affairs of the other makes it improper for him to act for both. ========================= The "Restatement of the Law of " series is produced by the American Law Institute as a guide for lawyers to the law. Besides distilled rules, it contains and index of citations to cases establishing the rule. Most law offices will have copies, or you can find them at your local law library. Housley violated this rule by acting for Brown, while on the IESG. You are violating it for acting for Housley. This section (also under duties of loyalty) and its comments are also relevant: ======================= § 390. Acting as Adverse Party with Principalās Consent An agent who, to the knowledge of the principal, acts on his own account in a transaction in which he is employed has a duty to deal fairly with the principal and to disclose to him all facts which the agent knows or should know would reasonably affect the principalās judgment, unless the principal has manifested that he knows such facts or that he does not care to know them. § 390 Comment a. Facts to be disclosed. One employed as agent violates no duty to the principal by acting for his own benefit if he makes a full disclosure of the facts to an acquiescent principal and takes no unfair advantage of him. Before dealing with the principal on his own account, however, an agent has a duty, not only to make no misstatements of fact, but also to disclose to the principal all relevant facts fully and completely. A fact is relevant if it is one which the agent should realize would be likely to affect the judgment of the principal in giving his consent to the agent to enter into the particular transaction on the specified terms. § 390 Comment c. Fairness. The agent must not take advantage of his position to persuade the principal into making a hard or improvident bargain. ======================= Housley violated this duty by not disclosing the patent while working for Brown on the draft. This document still represents a "hard or improvident bargain" for the membership of the ISOC, the ISOC, and the ISOC IETF Activity. The IETF has no interest in document, as expressed through the TLS Working Group, the main IETF list, and Security Director Hartman's comments. No IETF rule has compelled you take up this effort; No IETF official has compelled you to take up this effort; you have taken it up on your own initiative on behalf of your friend Housley and Brown. That is ethical misconduct. I expect that the NIST has similar rules on conflict of interest. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000