--On Saturday, 14 October, 2006 09:05 +0200 Eliot Lear <lear@xxxxxxxxx> wrote: > Ned, > > I am torn with the proposal. On the one hand, I am > sympathetic to DDOS attacks on the process. On the other > hand, I agree with you that serious contributors need a way to > appeal decisions. In particular, I don't like the need to > require support from additional serious members, and I would > only support that if other avenues failed. > > If we look by analogy at the legal system (always a hazardous > thing), we see that there are often special rules in place > when it comes to access to the courts for those who have been > judged vexatious litigants. We could do something similar. > While that alone doesn't prevent me from creating an anonymous > email address and filing an appeal, some rule around that plus > some indication of previous participation would be useful. So > I would include a very liberal set of people, like those who > have ever attended an IETF or produced an RFC or have been > published in ACM, IEEE, USENIX, SAGE, and or some other list > of credited networking organizations. If you've shown that > you've contributed to the community in some meaningful way > then we should give you the benefit of the doubt. Eliot, It seems to me that, if there is a "right track" here --and that is not obvious to me-- that you are on it or at least on a parallel one. I suggest that implies several changes to the draft, YMMD: (1) The "supporter" procedure/requirement should be triggered only is someone shows symptoms of being a vexatious appellant. People who are entering their first appeals don't trigger it. People whose last appeal was successful, even in part (that would need to be defined, of course, and that might not be easy) don't trigger it. The only folks who need to look for supporters are those who have appealed before and whose appeals have been rejected as without merit. (2) The definition of someone permitted to be a "supporter" must, as several people have pointed out (Ned, IMO, most eloquently), be broad enough to include active IETF contributors who don't attend meetings. One class of action that might need appealing would be a procedural decision that would [further] impede the ability of those people to effectively get work done in the IETF and they _must_ have standing to appeal such measures by themselves or in conjunction with others who are similarly impacted. I would have no problem with a requirement that someone actually be a human being with some active interest or involvement in the IETF -- what some other standards bodies describe as a "materially concerned party". But requiring meeting attendance as proof of that seems to violate all sorts of IETF principles. (3) The idea that, if someone successfully appeals, or supports an appeal, on one action, they should be permanently barred from supporting similar appeals in the future is seriously broken. It could only have a chilling effect on the generation of appeals, legitimate ones as well as bogus ones, because one would want to save endorsements for important-enough occasions. It is also at variance with a principle that has been discussed recently on the IETF list wrt mailing list behavior and complaints: how an appeal is processed and considered should depend on its substance and merits, not on the identity of the submitter. This is particular important if someone who is relatively more familiar with IETF processes and fluent in English is asked to prepare an appeal on behalf of someone who is not -- a situation that, if anything, we want to encourage since I believe that well-drafted appeals tend to take less IESG and IAB time than ones in which those bodies have to spend time figuring out what the real problem is or what is wanted. Now, clearly, the above has the implication of "one free appeal per customer". If the bad guys whom Olaf is trying to protect against got themselves organized into a cabal, they could manage a denial of service attack. But I'm not sure that is a real, as distinct from theoretical risk and, more important, I think it is a risk we have to run if we want to have a viable appeals process. However, as I read the above, I wonder if the model of the I-D is backwards and your observation about "vexatious litigants" should be carried a bit further. Suppose we consider this situation as somewhat more like the mailing list abuse issue than one in which we assume that every person filing an appeal is the enemy until proven otherwise. If we adopt a model of that sort, then: We change the possible responses to an appeal from, broadly, "yes" or "no" to "yes", "no", and "no, and this is irrational and/or obviously totally without merit". The latter, which could itself be appealed but not by the subject (only by someone else on his, her, or its behalf), would imply something analogous to posting restrictions: a period in which the person was barred from appealing, or needed supporters, or something else. Similar to posting restrictions, the requirements/ barriers could be escalated if they needed to be applied additional times. That is obviously just an outline with a number of details that would need filling in, but it seems to me it has the important property of shifting the balance from "everyone who considers filing an appeal is presumed to be an attacker on the process" to "those who abuse the appeals process get their leashes shortened". Since I believe that the ability to easily appeal silly or inappropriate actions is a key part of our process model --one that wards off the need for much more heavyweight and complex procedures-- it seems to me that is the right way to balance things. john p.s. for those who have had in-the-hall discussions with me about appeals and prevention of DoS attacks in the last few years. Yes, I have changed my mind. Making things harder for those who use the appeals mechanisms to insist that the IETF follow its own procedures and conventions about proper review does not seem to me to be in the community's best interest. And, of course, if the IETF leadership --the IESG in particular-- wants to avoid appeals of that variety, that can be accomplished by the rather simple expedient of following the procedures. One might even assume that the relative sparseness of such appeals indicates that they mostly do that... or that the barrier to appeals is already too high. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf