On Wed, 5 Jul 2023 at 16:52, Michael Thomas <mike@xxxxxxxx> wrote:
As I stated from the very beginning, this was a complete process failure of the IESG. So, yes it is very pertinent to the IETF list. It is even worse than I thought at first as two AD's noticed the same idiocy as I did except that they voted not to block the BCP. This discussion belongs here, not anywhere else as they were not security AD's. The keyword here is "procedural". Also: "no dedicated mailing lists exist". Failures of the IESG in general have nothing to do with any of the lists you cite.
There has also been discussion about how to get beyond OAUTH and the use of passwords in general. The keywords here are "technical" and "operational".
Mike, ban me if you feel like it but at least make it public so others will know what's going on
I apologise if I was not clear. Hopefully this is better:
- IETF Process failures -> appropriate for this list
- Authentication problems and possible solutions -> not appropriate, please move to OAUTH, SECDISPATCH or SAAG
The thread started with the former but when I posted the recent discussion had mostly been about the latter. I recognise having three possible destinations risks fragmenting the interested participants, so once you settle on the right place it would be a good idea to follow up on this thread letting people know where it is being taken.
You prominently quoted the security AD about taking this
conversation to the OAUTH wg and nothing else. The second bullet
has absolutely nothing whatsoever to do about them. Nothing. The
chairs would rightfully tell me to go away since it has nothing to
do with their charter.
And since when is speaking of "technical" and "operational"
issues facing the internet out of bounds? Is it illegal to discuss
serious problems facing the internet and potential new ways to
think about it? It's not even clear that the security area would
be the appropriate home. Apps might be the right venue assuming
anybody cares at all which is also not clear. It started as an
offhand comment which some people found interesting from
completely normal thread drift, yet it's being gatekeeped. Even if
there is a more appropriate venue, not everybody knows what that
venue might be (including me) yet here you are saying that it is
illegal to find out how to navigate that. You know, "procedural"
questions.
What is the goal here, anyway? There are tons of things this list
talks about that are uninteresting to me. You know what I do? I
just scroll past them. For a literal handful of comments on the
second bullet to invoke this kind of heavy handed treatment speaks
volumes.
Mike