> Hmm... I'm still not sure what you're trying to say. My point > is that there shouldn't be any consensus calls by anyone on > the ietf-http-auth mailing list. Why not? Does the IETF have a patent on IETF processes? > It's not a WG. Why not? Of course, you probably mean that any consensus calls on the ietf-http-auth mailing list would not be considered IETF consensus calls because that list is not formally an IETF WG and is not formally following all IETF processes. In any case, a WG is not supposed to be formed unless there is already some work done and that work has reached some consensus among interested parties. One would expect that people working on a draft would try to use some of the IETF process in order to get to the point of either publishing a draft or forming a WG. Unless of course, the IETF has some exclusive intellectual rights in running WGs and having consensus calls... > I have no problem with Sam soliciting opinions in his > document on any forum of his choice. What I object to is the > notion--again implied in your above comments--that this > document has some formal standing. As I said initially, this > is an individual submission that failed to obtain consensus. > As such it doesn't need shepherding or shepherding ADs, any > more than any other individual ID. Really, this is irrelevant. Either there is or is not a group of people who have done some work and reached some consensus that the work needs to be completed in the IETF. If there is work and consensus, then even if it was published and rejected as an individual draft, there is no reason for the work to stop and the people to go away. It makes more sense to channel the work appropriately rather than rejecting it and castigating the group. We all know that the Internet has many security issues made worse by the immense scale of the network in this day and age. There is an entire IETF area decicated to Security with 17 or 18 WGs in it. It seems to me that we should be advising the people working on this draft to take their work to the Security ADs and see if it fits into an existing WG or whether a new AD could be created. The process nits are entirely irrelevant to the work and do not advance the IETF in any way. Personally, I would like to see some more criticism of the fact that this draft is about Phishing, a symptom of security problems, rather than about strengthening a weakness in Internet security. It is entirely possible to "solve" the phishing problem without strengthening the network, and possibly even introducing new weaknesses. Being too focused on one symptom is not a good way to approach security. Indeed, it is entirely possible that the solution to phishing lies with the banking system, not with the Internet or IETF. --Michael Dillon _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf