Dave, while I applaud your efforts and the efforts of the posters you cite, the fact remains that security rules the IETF these days, and so the security directorate rules the IESG. There is consensus because the security directorate has decreed there is consensus. So, this document, which concerns security, will get published. There is no remaining oversight. Thus, there is little point in standing in front of the security steamroller for this particular document. Our one remaining hope is that this document, like so many other IETF RFCs, is simply ignored by the larger outside world. And that goes for any other security document getting fast-tracked through. A better question would be how to bring more oversight to and use of feedback in the larger process that produces these documents - but that's a governance issue, and likely also a lost cause. Lloyd Wood http://about.me/lloydwood ________________________________________ From: ietf <ietf-bounces@xxxxxxxx> on behalf of Dave Crocker <dhc@xxxxxxxxxxxx> Sent: Sunday, 31 August 2014 4:04 AM To: Stephen Farrell; IETF Discussion; iesg Subject: Opportunistic Lost (was Re: draft-dukhovni-opportunistic-security-04) Folks, On 8/27/2014 2:58 AM, Stephen Farrell wrote: > Your "blanket dismissal" point is nonsense. There were > literally hundreds of mails about this draft, many of them > from you and many responding to you. This fails to distinguish between activity and substance response. In fact, Stephen's note here is a good example of this continuing problem. He can count it as a response, but it ignores or dismisses all of the substantive points I raised. That's been the pattern throughout the development and discussion of this document. Stephen has posted quite a number of notes that similarly dismiss concerns and assert consensus, in spite of no management effort to track and resolve concerns that are raised. And there remain some very basic issues with the document: 1. The latest version (-04) has almost literally no text in common with the previous (-03). It's likely that 90-95% of the text is different: https://www.ietf.org/rfcdiff?url1=draft-dukhovni-opportunistic-security-03&difftype=--hwdiff&submit=Go!&url2=draft-dukhovni-opportunistic-security-04 By itself, that should warrant re-issuing a last call and requiring thoughtful comments on it. No matter how the changes were made, classing that amount of new text as merely 'editorial' as Stephen has done, is absurd. And for at least the last two versions of the document, the author provided no audit of what prompted the changes, relative to the comments he received. Rather, those with concerns were each left to do their own audit. Each time. 2. Just in this recent versions, there has been a range of substantive concerns raised. None has received substantive responses, and especially not from the document author. Stephen is classing these as nitpicking. Others got fond of classing them as bikeshedding. All of this serves to marginalize serious comments from serious participants. Again, it's been the pattern throughout the life of this document. A brief list of pointers to exemplar messages is at the end of this note. (And these are only drawn from the latest rounds with the draft, but the pattern extends to its beginning.) 3. The author and quite a few others continue to demonstrate very basic confusion about use of the term. If even they cannot use it consistently and provide an explanation that matches that use, then what is the benefit of the term? The author's use of the term "opportunistic DANE" is an example of the confusion. "Opportunistic TLS" probably makes sense. Opportunistic DANE does not. Suggestion: Merely as a basic exercise to create some semblance of legitimate IETF constructive discussion, I suggest that the author be directed to respond to at least the list of postings provided below and to engage meaningfully in resolving the concerns expressed in them. d/ - - - - - - - - Comments and questions that have been ignored, just on the latest drafts: IETF list: Eliot Lear: https://mailarchive.ietf.org/arch/msg/ietf/2so5XvtE92x-JxeXoThJuhGn3pk Paul Wouters: https://mailarchive.ietf.org/arch/msg/ietf/ZNn9XD8uIUnC7eVrFr-jkCI82D8 Benjamin Kaduk: https://mailarchive.ietf.org/arch/msg/ietf/NOe_YK4mBkL2J9DvZdZxRlBTk-Y Bernard Aboba: https://mailarchive.ietf.org/arch/msg/ietf/nGXy1kOYaNCZWvstaBTE3Rznrxw Dave Crocker: https://mailarchive.ietf.org/arch/msg/ietf/aXmkdlsmc-n-vJMWTk5RAnZdOsk Paul Wouters: https://mailarchive.ietf.org/arch/msg/ietf/wgYWDEG_9DVEBpEjwJnzO4tyPCY Michael Richardson: https://mailarchive.ietf.org/arch/msg/ietf/gVMFfaIcPJYxMKLICA6UEwc2vXg SAAG list: Eliot Lear: http://www.ietf.org/mail-archive/web/saag/current/msg05534.html Dave Crocker: http://www.ietf.org/mail-archive/web/saag/current/msg05536.html Steve Kent: http://www.ietf.org/mail-archive/web/saag/current/msg05418.html Eliot Lear: http://www.ietf.org/mail-archive/web/saag/current/msg05464.html -- Dave Crocker Brandenburg InternetWorking bbiw.net