Re: Third Last Call: draft-housley-tls-authz-extns

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Simon,

I appreciate your thoughtful response. One overall comment: this Last Call reflects my personal opinion that the document merits publication, and no decision or opinion should be inferred with respect to other members of the
IESG.  My further comments/responses are inline...

On Sep 25, 2007, at 21:50, Simon Josefsson wrote:

The IESG <iesg-secretary@xxxxxxxx> writes:

The IESG is considering approving this draft as an experimental track
RFC with knowledge of the IPR disclosure from Redphone Security.

There are two other relevant IPR disclosures:

https://datatracker.ietf.org/ipr/808/

https://datatracker.ietf.org/ipr/806/

The IESG solicits final comments on whether the IETF community has
consensus to publish draft-housley-tls-authz-extns as an experimental
standard given the IPR claimed. Comments can be sent to ietf@xxxxxxxx
or exceptionally to iesg@xxxxxxxxx Comments should be sent by
2007-10-23.

I was negative to publication during the earlier last calls, and I
continue to be so.  The primary reason remains the uncertainty of the
IPR situation. It is not clear to me that I can implement this protocol
freely without the burden of patent licenses.  I'm speaking as a free
software implementer of this document (see GnuTLS, <www.gnutls.org>).

As the sponsoring AD, I would like to explain why I support publication
as an Experimental RFC.  To quote RFC 2026, “Such a specification is
published for the general information of the Internet technical community and as an archival record of the work.” Given the technical merits of the
document and the existence of independent implementations, I believe
it is in the interest of the community to have an archival record of this work.

I am not a lawyer, so any comments I might offer with respect to the
applicability of the various IPR disclosure statements filed on authz would be useless. However, I do not believe the uncertainty of the IPR situation
precludes publication as an Experimental RFC.


Further, as far as I could determine, there was a lack of consensus to
support this document when it was discussed here and in the TLS WG
earlier.  I encourage the IESG to review those discussions.

There was consensus *supporting* publication of this document as a Proposed Standards in its first Last Call. That consensus evaporated once the IPR issues
surfaced, but the discussions focused solely on the IPR and the process.

The TLS WG declined to pick up authz as a working group deliverable,
but did not recommend against publication as conflicting work. The wg had only minor comments on the technical content. No alternatives were proposed
or considered.


RFC 2026 says:

To ensure that the non-standards track Experimental and Informational
   designations are not misused to circumvent the Internet Standards
Process, the IESG and the RFC Editor have agreed that the RFC Editor
   will refer to the IESG any document submitted for Experimental or
   Informational publication which, in the opinion of the RFC Editor,
may be related to work being done, or expected to be done, within the
   IETF community.  The IESG shall review such a referred document
   within a reasonable period of time, and recommend either that it be
   published as originally submitted or referred to the IETF as a
   contribution to the Internet Standards Process.

What was the IESG's recommendation after that review?


Given that the TLS wg declined to pursue work in this area, I do not
see any conflict between authz and work being done, or expected to be
done, within the IETF community.

This document was not submitted to the RFC Editor for publication,
so the IESG did not perform that review.

Given that the initial last call was to put the document on the
standards track, my impression would be that this last call request for
the experimental track is indeed intended to circumvent the normal
process.


I am not a expert on process (in the IETF or anywhere else) but I believe that considering the document for publication as Experimental after a failed
Last Call for standards track publication is permitted.

In fact, my reading of RFC 2026 indicated two possibilities:

(1) Under section 6.1.2, I could request IESG approval as an Experimental
RFC based on the results of the second IETF Last Call for progression on
standards track.  “The IESG could also decide to change the publication
category based on the response to a Last-Call.”

(2) I could request a third IETF Last Call for consideration as an experimental
track document.

Frankly, neither option was ideal. Going straight to the IESG would have been most efficient, but it didn't feel right to me. Having a third Last Call seems kind of pointless, since we haven’t identified any technical issues during the first two
rounds.

I chose to pursue the second path since it provides an opportunity to clearly determine whether sufficient support for publication in the Experimental track
exists even with the IPR situation.

FYI, RFC 2026 continues:

   If (a) the IESG recommends that the document be brought within the
IETF and progressed within the IETF context, but the author declines
   to do so, or (b) the IESG considers that the document proposes
   something that conflicts with, or is actually inimical to, an
   established IETF effort, the document may still be published as an
Experimental or Informational RFC. In these cases, however, the IESG
   may insert appropriate "disclaimer" text into the RFC either in or
   immediately following the "Status of this Memo" section in order to
   make the circumstances of its publication clear to readers.

Will the document have an IESG note?

While this document *is* being processed within the IETF context as an AD
sponsored submission, and I do not see any conflict with existing work,
the IESG could choose to insert a note if they desired. I have not proposed
attaching a note at this time.


/Simon

Thanks,

Tim Polk
_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]