On 27 Oct 2020, at 12:48, Michael Thomas wrote:
The most recent was with the STIR wg. I found some problems and
brought it up on the working group list and was ignored. This was
after they had issued RFC 8226 so I interpreted it at the time as just
not wanting revisit anything. I started writing a blog post about the
things I found, but ended giving up because there were so many things
wrong/underspecified. I then went through the wg archives and saw that
Dave Crocker had written a list of about 100 things that were
wrong/questionable at last call almost all of which were ignored.
Worse: there wasn't much intersection between our lists. So that reads
to me as a wg that isn't interested in hearing about problems. The
same thing happened to me commenting on OAUTH which caused the then
editor to go ballistic. None of this should be especially surprising:
nobody likes somebody attacking (literally in the case of security)
their baby.
So I presume you walked through the conflict resolution and appeals
process, in the case of STIR starting with the STIR Chair, the ART Area
Director, and/or the IESG as per RFC 2026 6.5.1, and in the case of
OAUTH with the OAUTH Chair, the SEC Area Director and/or the IESG?
6.5.1 Working Group Disputes
An individual (whether a participant in the relevant Working Group
or
not) may disagree with a Working Group recommendation based on his
or
her belief that either (a) his or her own views have not been
adequately considered by the Working Group, or (b) the Working Group
has made an incorrect technical choice which places the quality
and/or integrity of the Working Group's product(s) in significant
jeopardy. The first issue is a difficulty with Working Group
process; the latter is an assertion of technical error. These two
types of disagreement are quite different, but both are handled by
the same process of review.
A person who disagrees with a Working Group recommendation shall
always first discuss the matter with the Working Group's chair(s),
who may involve other members of the Working Group (or the Working
Group as a whole) in the discussion.
If the disagreement cannot be resolved in this way, any of the
parties involved may bring it to the attention of the Area
Director(s) for the area in which the Working Group is chartered.
The Area Director(s) shall attempt to resolve the dispute.
If the disagreement cannot be resolved by the Area Director(s) any
of
the parties involved may then appeal to the IESG as a whole. The
IESG shall then review the situation and attempt to resolve it in a
manner of its own choosing.
If the disagreement is not resolved to the satisfaction of the
parties at the IESG level, any of the parties involved may appeal
the
decision to the IAB. The IAB shall then review the situation and
attempt to resolve it in a manner of its own choosing.
The IAB decision is final with respect to the question of whether or
not the Internet standards procedures have been followed and with
respect to all questions of technical merit.
Particularly in the case of OAUTH, if a document editor is misbehaving,
then that needs to be dealt with. All it takes is an email message to
start.
Unless you actually engaged with the process and actually made
leadership aware that something was going pear-shaped, I'm not terribly
sympathetic.
People seem very unwilling to walk through the conflict resolution and
appeals process, and it's absolutely essential to the good functioning
of the IETF that people use it from time to time. Again, the start of it
is simply an email message to the chair saying "My comments are being
ignored" or "The WG screwed up and made a bad technical choice". If you
don't like the answers you get, well that's a different thing, but if
you haven't actually engaged, you have only yourself to blame.
pr
--
Pete Resnick https://www.episteme.net/
All connections to the world are tenuous at best
