On Wed, Jul 12, 2023 at 6:47 PM Chris Box <chris.box.ietf@xxxxxxxxx> wrote:
This is a very valuable discussion on authentication and identity, and one with big implications for the Internet. But I have to say again: the IETF list is not the right venue to discuss it.When this thread discusses IETF and IESG process, that's fine.
It is important to discuss the big picture and the specific picture both together, I think it is wrong to discuss only process without the RFC that was passed by that WG. Therefore, please add (discuss IESG process with IETF_WG process ). This thread is saying also that the WG has failed its process as well.
When it discusses the authentication problem, it is out of scope because this list is defined as being the one for which no other better list exists.In this case we have a choice of better lists: OAUTH, SAAG and SECDISPATCH. In case it helps you choose, this paragraph of Rob's might be useful:
The WG has already discussed in many years and we may now discussing the result of their discussions related to one RFC_process within IETF.
But IETF does have a process for rectifying problems – i.e., follow the same IETF process as how the original RFC was published. E.g., write a draft indicating the problems with RFC 8252 and marking that RFC as historic. But you would still need to achieve rough consensus to publish, which means that you need to convince a significant proportion of the IETF security community that this is the right thing to do. If you can convince the OAUTH folks then that would probably be the easiest path, but if you can’t then trying to bring it to SAAG or SECDISPATH seems like the alternative path. But it is still possible, that despite its flaws that RFC 8252 still has IETF consensus as a BCP.I hope you can see the logic in moving this off the general IETF list. If you disagree on the scope question, please email moderators@xxxxxxxx.
I don't mind that process changing or scoping but will that strategy help the IETF_Processes overall, but I think it does not give chance to IETF to discuss IETF_WGs process failures. The big picture is that WG_process and IESG_process are discussed on this list by one participant tha already was discussing in that IETF_WG but they did not listen any more, so they need to be involve else where may be here they all should discuss, I would like to listen. Please tell me why moving to one small list after they failed to discuss there before?
I will not discuss other than process but the WG participants MUST discuss else where which is here so we all can see the process problem. Furtheremore, we SHOULD let that one participant to decide where to discuss his concerns because he was not given a chance WITHIN IETF_PROCESS, so if he decides here I think it is the right place for ALL participants to complain against IETF_WGs, and IETF_Processes.
AB
AB
I
AB
Thank you,Chris
