Date: Wed, 19 Sep 2007 09:37:46 -0400 From: Tim Polk To: Dean Anderson Subject: Re: future of tls-authz [ The following text is in the "WINDOWS-1252" character set. ] [ Your display is set for the "ISO-8859-1" character set. ] [ Some characters may be displayed incorrectly. ] Dean, On Sep 18, 2007, at 5:28 PM, Dean Anderson wrote: > It looks like you already picked a strategy; The datatracker shows > that > last Monday you changed the status to Experimental, Publication > Requested. > You will also find a number of other documents in the same state. Some of them will be progressed, and some probably will not. As I stated in my original message, I believe that Experimental publication is appropriate for this document. > Since there is no community consensus supporting this document in > either > the TLS working group or in the larger IETF, how do you plan to show > that there is an ISOC/IETF interest in advancing this draft? You do > know > that anything you do has to be in the interest of the IETF. Since > there > is no consensus supporting this document, it is difficult to see that > the ISOC IETF Activity has an objective interest in promoting the > patented standard, especially in light of the prior misconduct. > I agree that consensus does not exist for standards track publication. That is why I am leaning towards yet another Last Call, to determine if consensus exists for progression as an Experimental RFC. I believe that publication is in the best interest of the community, *in spite* of the document's history. I was hoping that you could help identify the best way to determine if the community agreed with me... > I would also expect that since your are government employee, that your > conflict of interest needs to comply with NIST/Government regulations > covering conflict of interest. Do you agree? > My actions need to meet IETF process requirements, government regulations, and my own moral compass. I believe that my own moral compass is more restrictive than either of the others. I do not have any personal interest in this document; to be frank, I expect that sponsoring it will be a painful experience. The fact that it is self-inflicted won't provide much solace. But, I took the job and this apparently comes with the territory. Tim > --Dean > > On Tue, 18 Sep 2007, Tim Polk wrote: > >> Hi Dean, >> >> I need to pick a strategy this week. I would certainly like to take >> your input into account. Any chance you could send me your response >> as it stands? >> >> Thanks, >> >> Tim >> >> On Sep 12, 2007, at 4:14 PM, Dean Anderson wrote: >> >>> Hi Tim, I've got a draft response just about finished. Hope to >>> have it >>> out tonight. >>> >>> --Dean >>> >>> On Fri, 7 Sep 2007, Tim Polk wrote: >>> >>>> Hi Dean, >>>> >>>> I hope you had a nice holiday - weather was terrific down here. >>>> Have >>>> you had >>>> any time to think about authz? I don't want to pressure you, but I >>>> would like to >>>> be done with this document - one way or another - before Vancouver. >>>> >>>> If you'd like to schedule a call, I am currently clear after >>>> 3:30 on >>>> Monday, and after >>>> 1:30 Tuesday and Wednesday. >>>> >>>> Thanks, >>>> >>>> Tim >>>> >>>> On Aug 28, 2007, at 8:58 AM, Tim Polk wrote: >>>> >>>>> Thanks! I appreciate you taking the time to consider my problem, >>>>> and >>>>> I'm looking forward to discussing it with you... >>>>> >>>>> Tim Polk >>>>> >>>>> On Aug 27, 2007, at 5:31 PM, Dean Anderson wrote: >>>>> >>>>>> I got your message. I'll have to think about the response. It'll >>>>>> take a >>>>>> few days. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> --Dean >>>>>> >>>>>> On Mon, 27 Aug 2007, Tim Polk wrote: >>>>>> >>>>>>> Dean, >>>>>>> >>>>>>> I don^Òt believe we have met, but I joined the IESG as an Area >>>>>>> Director for Security in March. As part of my duties as AD, >>>>>>> I am >>>>>>> considering sponsor the tls-authz draft for consideration as an >>>>>>> Experimental track RFC. Given the complexity of the >>>>>>> situation, I >>>>>>> would appreciate your input before I proceed. >>>>>>> >>>>>>> As a new AD, I would prefer not to pick up tls-authz ^Ö this >>>>>>> job is >>>>>>> hard enough without seeking controversy! However, I am >>>>>>> convinced of >>>>>>> the technical merits of the document, and believe it should be >>>>>>> published as an RFC. As the AD for TLS, the responsibility to >>>>>>> progress the document falls squarely on my shoulders. >>>>>>> >>>>>>> In addition to the technical contents of the document, I >>>>>>> factored >>>>>>> the >>>>>>> existence of independent implementations and the murky IPR >>>>>>> situation >>>>>>> into my deliberations. Given all of the inputs, I have come to >>>>>>> the >>>>>>> conclusion that tls-authz is appropriate for publication as an >>>>>>> experimental track RFC. To quote RFC 2026, ^ÓSuch a >>>>>>> specification is >>>>>>> published for the general information of the Internet technical >>>>>>> community and as an archival record of the work.^Ô I believe >>>>>>> that >>>>>>> the TLS working group^Òs review of the document satisfies the >>>>>>> requirement for ^Óadequate coordination with the standards >>>>>>> process.^Ô >>>>>>> While some have advocated standards track for this >>>>>>> specification, I >>>>>>> do not believe that all the properties of a proposed standard >>>>>>> are >>>>>>> satisfied by the document. Specifically, it is not clear if the >>>>>>> document ^Óappears to enjoy enough community interest to be >>>>>>> considered >>>>>>> valuable^Ô in light of the IPR issues. >>>>>>> >>>>>>> I am having a little trouble sorting out the applicable >>>>>>> procedures >>>>>>> from this starting point, though. My reading of RFC 2026 >>>>>>> indicates >>>>>>> two possibilities: >>>>>>> >>>>>>> (1) Under section 6.1.2, I could request IESG approval as an >>>>>>> Experimental RFC based on the results of the second IETF Last >>>>>>> Call >>>>>>> for progression on standards track. ^ÓThe IESG could also >>>>>>> decide to >>>>>>> change the publication category based on the response to a Last- >>>>>>> Call.^Ô This process would be most efficient, but the optics >>>>>>> are not >>>>>>> optimal. >>>>>>> >>>>>>> (2) I could request a third IETF Last Call for consideration >>>>>>> as an >>>>>>> experimental track document. I simply hate the idea of a third >>>>>>> Last >>>>>>> Call for this document, since we haven^Òt identified any >>>>>>> technical >>>>>>> issues during the first two rounds, but this would provide an >>>>>>> opportunity to clearly demonstrate that sufficient support for >>>>>>> publication in the Experimental track exists even with the IPR >>>>>>> situation. >>>>>>> >>>>>>> Given that alternative technical proposals have not been >>>>>>> submitted, >>>>>>> and the TLS working group is not interested in taking this >>>>>>> document >>>>>>> on, I don^Òt see any other mechanism to complete this work. >>>>>>> >>>>>>> I would greatly value your input on the two processes I outlined >>>>>>> above. Which of these processes would be most appropriate in >>>>>>> your >>>>>>> opinion, given this starting point? Does an alternative process >>>>>>> exist that I have overlooked? I would be happy to have this >>>>>>> dialogue by email, or we could chat on the phone if you >>>>>>> prefer. (My >>>>>>> office number is 301-975-3348.) If you prefer a phone >>>>>>> conversation, >>>>>>> we should probably schedule a time and avoid playing phone tag. >>>>>>> I am >>>>>>> currently available before 11:30 AM on Thursday the 30th, or >>>>>>> anytime >>>>>>> on Friday the 31st. >>>>>>> >>>>>>> There is one additional issue I would like to highlight in this >>>>>>> email. Russ Housley and I are good friends and our families get >>>>>>> together socially a couple of times each year. We have co- >>>>>>> authored a >>>>>>> number of IETF documents during the past decade, as well as the >>>>>>> book >>>>>>> ^ÓPlanning For PKI^Ô. While this was not a factor in my >>>>>>> consideration >>>>>>> of tls-authz, I would not want you to think I was hiding our >>>>>>> friendship! >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Tim Polk >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> Av8 Internet Prepared to pay a premium for better service? >>>>>> www.av8.net faster, more reliable, better service >>>>>> 617 344 9000 >>>>>> >>>>>> >>>>> >>>> >>>> >>>> >>> >>> -- >>> Av8 Internet Prepared to pay a premium for better service? >>> www.av8.net faster, more reliable, better service >>> 617 344 9000 >>> >>> >> >> >> > > -- > Av8 Internet Prepared to pay a premium for better service? > www.av8.net faster, more reliable, better service > 617 344 9000 > >