Re: RFC 8252 is a complete joke

Michael Thomas <mike@xxxxxxxx> · Wed, 5 Jul 2023 08:51:42 -0700



    On 7/5/23 7:58 AM, Chris Box wrote:

    
        On Wed, 5 Jul 2023 at 09:12, Rob Wilton (rwilton)
          <rwilton=40cisco.com@xxxxxxxxxxxxxx>
          wrote:

        
                  SECDISPATCH would seem like a
                    reasonable starting place, or maybe SAAG if you
                    wanted to present more generally on the perceived
                    problem space.  If you already know that this is a
                    bigger problem that you are trying to solve then
                    perhaps side meetings to try gather some interest
                    then a BOF.
                
              
          And thanks to Roman for answering my moderator's question
            on the best venue for this type of discussion.
          I'll repeat his message here for those who have messages
            arranged by subject line:
          

              This discussion on RFC8252 continues
                to expand.  The charter of the IETF Discuss mailing list
                per RFC9245 is as follows:
            
          
                 The Internet Engineering Task
                Force (IETF) discussion mailing list
            
          
                 furthers the development and
                specification of Internet technology
            
          
                 through the general discussion of
                technical, procedural, operational,
            
          
                 and other topics for which no
                dedicated mailing lists exist.
            
          
              RFC8252/OAuth is the product of a
                robust and very active WG which has all of the
                supporting processes to discuss the work.  Please use
                the associated mailing list for OAuth to discuss OAuth
                related technologies -- https://www.ietf.org/mailman/listinfo/oauth.
            
          
          So please move discussion of this topic away from the
            IETF list, either to OAUTH, SECDISPATCH or SAAG as
            appropriate.
          

    As I stated from the very beginning, this was a complete process
      failure of the IESG. So, yes it is very pertinent to the IETF
      list. It is even worse than I thought at first as two AD's noticed
      the same idiocy as I did except that they voted not to block the
      BCP. This discussion belongs here, not anywhere else as they were
      not security AD's. The keyword here is "procedural". Also: "no
      dedicated mailing lists exist". Failures of the IESG in general
      have nothing to do with any of the lists you cite.

    
    There has also been discussion about how to get beyond OAUTH and
      the use of passwords in general. The keywords here are "technical"
      and "operational". 

    
    Mike, ban me if you feel like it but at least make it public so
      others will know what's going on