Re: [art] Call for Consensus: Re: On BCP 190
John C Klensin <john-ietf@jck.com> Tue, 20 August 2019 18:34 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE9C21207FE for <art@ietfa.amsl.com>; Tue, 20 Aug 2019 11:34:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c0TYkpE2PGhX for <art@ietfa.amsl.com>; Tue, 20 Aug 2019 11:34:02 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7DBD120046 for <art@ietf.org>; Tue, 20 Aug 2019 11:34:01 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1i08xA-000LE3-A4; Tue, 20 Aug 2019 14:33:56 -0400
Date: Tue, 20 Aug 2019 14:33:49 -0400
From: John C Klensin <john-ietf@jck.com>
To: Adam Roach <adam@nostrum.com>, Mark Nottingham <mnot@mnot.net>
cc: Jacob Hoffman-Andrews <jsha@letsencrypt.org>, ART Area <art@ietf.org>, Devon O'Brien <devon.obrien@gmail.com>
Message-ID: <C4BE71284D3C8DCA4F8F2187@PSB>
In-Reply-To: <80bb60b7-cdc7-0df8-6a33-726839b15dfe@nostrum.com>
References: <58BF6171-03BB-4F83-940F-3A101EFDD67F@mnot.net> <CAN3x4Q=Jo1uBvfCG6CSrociYgdG+E4jq+4cB1txPjgboth2q9g@mail.gmail.com> <372FA049-7B33-4981-A0E0-41BD454CB770@mnot.net> <CAN3x4QmJsfx48MdhcBB+XWX+vfv=skSR2Z6kNPBWGVobvzNuFA@mail.gmail.com> <004601d5450d$62b33220$28199660$@acm.org> <CAN3x4Q=XR+=ugv6HEmOgsA6v64GkQ+4u-Hk+OBQ0Lp9jn-Cy=A@mail.gmail.com> <D154BA24-5027-4FAF-8779-CBA5533D24A1@mnot.net> <3000e948-14e6-80d2-e8e6-766d309c361c@nostrum.com> <ed64dc0e-5b71-63ec-cbac-85673c51109a@nostrum.com> <301DF34E4C5601BCA4D2BCBF@PSB> <A27BC0BC-B60A-44AD-B75B-859C71B0706A@mnot.net> <E02E5D4BA18EF0155B0EAE95@PSB> <80bb60b7-cdc7-0df8-6a33-726839b15dfe@nostrum.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/UtZhtWTqYY5_Z86ounzPc1_fXaI>
Subject: Re: [art] Call for Consensus: Re: On BCP 190
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Aug 2019 18:34:04 -0000
--On Tuesday, August 20, 2019 12:14 -0500 Adam Roach <adam@nostrum.com> wrote: > On 8/20/19 5:55 AM, John C Klensin wrote: >> * For Adam, there is some question in my mind about whether it >> is desirable to clear a Discuss based on a plan about a >> document that has not been written yet, that has no firm >> schedule, etc. > > > I agree that it's not ideal. I'm having to balance the > possibility that the end result of community discussion will > result in not removing this restriction against delaying the > TRANS document until we're 100% certain. Given that we've done > a reasonable shaking of the trees over the past month, and no > one has dropped out to strongly defend the specific provision > in question, it appears likely that the end result will work > out. Is this perfect? No. Is it pragmatic? Yes; and you've > been championing pragmatism in this thread, so I would expect > you to be on board. I am on board (a bit more explanation in my response to Ben). I don't think we are far apart, so let me try saying this in a different way. I think there is at least rough consensus that parts of RFC 7320 were a mistake, whether because their were overly prescriptive or for some other reason. I don't think there is consensus about which parts or what the right remedy for them is. The best way to deal with that problem is exactly what you and Mark have proposed -- get a new, replacement, I-D up and focus on it rather than on picking 7320 apart. In a more perfect world, I'd like to see 7320 deprecated, with the focus on that new document and no actual or apparent conflict between CT and anything. If that were proposed now, I'd oppose it because it would hold the other work up by at least four weeks to no good purpose. On the other hand, while I don't think it is important enough to hold things up either, I'd be happier with a statement from you that, instead of saying that you are clearing the Discuss because Mark is working on a revision, said something closer to that you are clearing the Discuss because there is a plan about a revision but, if that doesn't happen, you will open a discussion about deprecating 7320. Don't waste time with it now, but I believe that thinking about the difference might inform future actions and might better explain what I'm objecting to. Also... >... > I suspect that part of the problem is that you're too close to > ART technologies to see the forest for the trees, and so > assume a level of expertise in ART technologies across the > entirety of the IETF that is somewhat higher than actually > exists. I actually don't think so in this case. FWIW, remember that I'm spending most of my IETF time these days on Internationalization, a topic area that has been rooted in Apps and now ART but that his implications in many IETF areas. It would it would be quite difficult to underestimate the level of expertise across the entirety IETF or even in ART as a whole. So I am reasonably familiar with that problem. > This might become clearer if we hypothesize an identical > situation with the players reversed: if an ART working group > had specified the population of an initialization vector for > an encryption algorithm in a way that had been documented by > the SEC area as problematic, I would hope that the SEC ADs > wouldn't write that off as simply representing "newer > thinking" about cryptography, and that they would insist that > the document conform to documented security practices; or, > failing that, at least involve the SEC community in a > discussion about whether the specific use of security > technology was, in fact, problematic. Agreed. But not quite an identical problem. If this had been about, e.g., an issue with calendaring, I'd say "nearly identical problem". If there were reasonably high confidence that the active participants in the WG understood the issues (and, btw, there were more than three or four of them), I would also expect that most of us would be comfortable going forward within in-depth review from elsewhere in the IETF. However, that is much less true of things like URIs or some other web-associated technologies, especially when the IETF is considering foo-over-HTTP protocols and XML and JSON as general, and perhaps mandatory, data representation structures. Similar comments can be made about i18n because, while much of the action is in ART, there are issues about identifiers and other issues in multiple areas --Security and Internet being obvious examples-- that the IETF is in trouble if all of the expertise is in ART and others become inclined to just let things go (especially given how little expertise there actually appears to be in ART). There is another difference. In the example you used, it would be reasonable to assume that the documentation in the SEC area actually represented consensus in the area and among experts (I think, at least historically, almost the same thing in SEC, although not quite) about the problems. I don't believe that is the case about 7320 across the ART area, as some of the discussion _among active participants in ART_ in the various recent threads about BCP 190 illustrates. I don't believe it was the case five years ago either, but that would be hard to prove at the time. That suggests an intra-ART problem and is closely connected to why I've felt from the beginning of this discussion that the IETF had a BCP 190 problem and not a problem with the CT work. So, should ART have flagged this? Absolutely. But then I think we should have figured out, much more quickly than we have, that there are fundamental problems with BCP 190, started addressing those problems a month or two ago, and figured out how to Do the Right Thing and move on -- both to clear the CT work to progress and to start cleaning up 7320. > If you think that would be the wrong outcome, then I believe > we simply have an irreconcilable difference of opinion. I > will, of course, consider input from the community on this > topic and act accordingly, but I suspect that most people > will, after careful consideration, agree that these kinds of > backstops are actually useful. I think that is the right outcome. I also think that at least part of that outcome is tied up with what we (at least used to) call cross-area review. I don't think the IETF is doing nearly as well about that as we used to. That is mostly a separate topic, but I think it calls for extra caution. best, john
- [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Adam Roach
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Adam Roach
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Melinda Shore
- Re: [art] On BCP 190 Leif Johansson
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Melinda Shore
- [art] Is CT single-use origins or not? (Re: On BC… Adam Roach
- Re: [art] Is CT single-use origins or not? (Re: O… Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] Is CT single-use origins or not? (Re: O… Adam Roach
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Tony Finch
- Re: [art] On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Tony Finch
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Larry Masinter
- Re: [art] On BCP 190 Carsten Bormann
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] On BCP 190 Mark Nottingham
- [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] On BCP 190 Jacob Hoffman-Andrews
- Re: [art] Call for Consensus: Re: On BCP 190 Carsten Bormann
- Re: [art] Call for Consensus: Re: On BCP 190 Mark Nottingham
- Re: [art] On BCP 190 Stephen Farrell
- Re: [art] Call for Consensus: Re: On BCP 190 Rob Sayre
- Re: [art] On BCP 190 Tony Finch
- Re: [art] Call for Consensus: Re: On BCP 190 Rob Stradling
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Melinda Shore
- Re: [art] Call for Consensus: Re: On BCP 190 Mark Nottingham
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Ben Campbell
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 Adam Roach
- Re: [art] Call for Consensus: Re: On BCP 190 John C Klensin
- Re: [art] Call for Consensus: Re: On BCP 190 Larry Masinter