Date: Tue, 18 Sep 2007 10:17:20 -0400 From: Tim Polk To: Dean Anderson Subject: Re: future of tls-authz [ The following text is in the "WINDOWS-1252" character set. ] [ Your display is set for the "ISO-8859-1" character set. ] [ Some characters may be displayed incorrectly. ] Hi Dean, I need to pick a strategy this week. I would certainly like to take your input into account. Any chance you could send me your response as it stands? Thanks, Tim On Sep 12, 2007, at 4:14 PM, Dean Anderson wrote: > Hi Tim, I've got a draft response just about finished. Hope to have it > out tonight. > > --Dean > > On Fri, 7 Sep 2007, Tim Polk wrote: > >> Hi Dean, >> >> I hope you had a nice holiday - weather was terrific down here. Have >> you had >> any time to think about authz? I don't want to pressure you, but I >> would like to >> be done with this document - one way or another - before Vancouver. >> >> If you'd like to schedule a call, I am currently clear after 3:30 on >> Monday, and after >> 1:30 Tuesday and Wednesday. >> >> Thanks, >> >> Tim >> >> On Aug 28, 2007, at 8:58 AM, Tim Polk wrote: >> >>> Thanks! I appreciate you taking the time to consider my problem, >>> and >>> I'm looking forward to discussing it with you... >>> >>> Tim Polk >>> >>> On Aug 27, 2007, at 5:31 PM, Dean Anderson wrote: >>> >>>> I got your message. I'll have to think about the response. It'll >>>> take a >>>> few days. >>>> >>>> Thanks, >>>> >>>> --Dean >>>> >>>> On Mon, 27 Aug 2007, Tim Polk wrote: >>>> >>>>> Dean, >>>>> >>>>> I don^Òt believe we have met, but I joined the IESG as an Area >>>>> Director for Security in March. As part of my duties as AD, I am >>>>> considering sponsor the tls-authz draft for consideration as an >>>>> Experimental track RFC. Given the complexity of the situation, I >>>>> would appreciate your input before I proceed. >>>>> >>>>> As a new AD, I would prefer not to pick up tls-authz ^Ö this job is >>>>> hard enough without seeking controversy! However, I am >>>>> convinced of >>>>> the technical merits of the document, and believe it should be >>>>> published as an RFC. As the AD for TLS, the responsibility to >>>>> progress the document falls squarely on my shoulders. >>>>> >>>>> In addition to the technical contents of the document, I factored >>>>> the >>>>> existence of independent implementations and the murky IPR >>>>> situation >>>>> into my deliberations. Given all of the inputs, I have come to >>>>> the >>>>> conclusion that tls-authz is appropriate for publication as an >>>>> experimental track RFC. To quote RFC 2026, ^ÓSuch a >>>>> specification is >>>>> published for the general information of the Internet technical >>>>> community and as an archival record of the work.^Ô I believe that >>>>> the TLS working group^Òs review of the document satisfies the >>>>> requirement for ^Óadequate coordination with the standards >>>>> process.^Ô >>>>> While some have advocated standards track for this >>>>> specification, I >>>>> do not believe that all the properties of a proposed standard are >>>>> satisfied by the document. Specifically, it is not clear if the >>>>> document ^Óappears to enjoy enough community interest to be >>>>> considered >>>>> valuable^Ô in light of the IPR issues. >>>>> >>>>> I am having a little trouble sorting out the applicable procedures >>>>> from this starting point, though. My reading of RFC 2026 >>>>> indicates >>>>> two possibilities: >>>>> >>>>> (1) Under section 6.1.2, I could request IESG approval as an >>>>> Experimental RFC based on the results of the second IETF Last Call >>>>> for progression on standards track. ^ÓThe IESG could also >>>>> decide to >>>>> change the publication category based on the response to a Last- >>>>> Call.^Ô This process would be most efficient, but the optics >>>>> are not >>>>> optimal. >>>>> >>>>> (2) I could request a third IETF Last Call for consideration as an >>>>> experimental track document. I simply hate the idea of a third >>>>> Last >>>>> Call for this document, since we haven^Òt identified any technical >>>>> issues during the first two rounds, but this would provide an >>>>> opportunity to clearly demonstrate that sufficient support for >>>>> publication in the Experimental track exists even with the IPR >>>>> situation. >>>>> >>>>> Given that alternative technical proposals have not been >>>>> submitted, >>>>> and the TLS working group is not interested in taking this >>>>> document >>>>> on, I don^Òt see any other mechanism to complete this work. >>>>> >>>>> I would greatly value your input on the two processes I outlined >>>>> above. Which of these processes would be most appropriate in your >>>>> opinion, given this starting point? Does an alternative process >>>>> exist that I have overlooked? I would be happy to have this >>>>> dialogue by email, or we could chat on the phone if you >>>>> prefer. (My >>>>> office number is 301-975-3348.) If you prefer a phone >>>>> conversation, >>>>> we should probably schedule a time and avoid playing phone tag. >>>>> I am >>>>> currently available before 11:30 AM on Thursday the 30th, or >>>>> anytime >>>>> on Friday the 31st. >>>>> >>>>> There is one additional issue I would like to highlight in this >>>>> email. Russ Housley and I are good friends and our families get >>>>> together socially a couple of times each year. We have co- >>>>> authored a >>>>> number of IETF documents during the past decade, as well as the >>>>> book >>>>> ^ÓPlanning For PKI^Ô. While this was not a factor in my >>>>> consideration >>>>> of tls-authz, I would not want you to think I was hiding our >>>>> friendship! >>>>> >>>>> Thanks, >>>>> >>>>> Tim Polk >>>>> >>>>> >>>>> >>>>> >>>> >>>> -- >>>> Av8 Internet Prepared to pay a premium for better service? >>>> www.av8.net faster, more reliable, better service >>>> 617 344 9000 >>>> >>>> >>> >> >> >> > > -- > Av8 Internet Prepared to pay a premium for better service? > www.av8.net faster, more reliable, better service > 617 344 9000 > >