Re: [babel] WG adoption call for draft-do-babel-hmac (7/19 - 8/6)

[Donald Eastlake <d3e3e3@gmail.com>]

Denis,

On Thu, Aug 9, 2018 at 6:48 AM, Denis Ovsienko <denis@ovsienko.info> wrote:
>
> Hello Donald.
>
> Please find more comments below. I am sorry, but I am still unhappy about how my request to the WG chairs was handled. Having provided the information you asked for, I consider you in a position to review it again.

I would be interested in exactly what your "request" is. You post a
lot of questions, many of which seem to be of relatively little
relevance to the BABEL WG meeting its Charter goals, which is the
purpose of the WG. Is your request that all of your questions be
answered to your satisfaction? If so, that seems like an inherently
open ended and unreasonable request.

>  ---- On Wed, 08 Aug 2018 05:58:15 +0100 Donald Eastlake <d3e3e3@gmail.com> wrote ----
>  > Hi Denis,
>  >
>  > On Tue, Aug 7, 2018 at 6:59 AM, Denis Ovsienko <denis@ovsienko.info> wrote:
>  > > Thank you for a detailed response Donald.
>  > >
>  > > I have commented on the points that look the most pressing to me.
>  > >
>  > >  ---- On Mon, 06 Aug 2018 21:24:28 +0100 Donald Eastlake <d3e3e3@gmail.com> wrote ----
>  > >  > Hi Denis,
>  > >  >
>  > >  > Thanks for responding to this WG draft adoption call.
>  > >  >
>  > >  > On Sun, Aug 5, 2018 at 5:59 PM, Denis Ovsienko <denis@ovsienko.info> wrote:
>  > >  > >  ---- On Thu, 19 Jul 2018 13:46:37 +0100 Donald Eastlake <d3e3e3@gmail.com> wrote ----
>  > >  > >  > This message begins a WG adoption call for draft-do-babel-hmac.
>  > >  > >  > Since this starts during an IETF meeting, it is running for a bit
>  > >  > >  > longer than usual, through August 6th. Please indicate whether you
>  > >  > >  > think this draft should be adopted. Comments on the draft also
>  > >  > >  > welcome.
>  > >  > >
>  > >  > > I object to the adoption of this document for the following reasons, which should be well-known to anybody who has been on the Babel WG mailing list, but if it takes to rub it in to action, I will rub it in.
>  > >  > >
>  > >  > > 1. Questionable attribution of authorship.
>  > >  > >
>  > >  > > The document lists Clara Do as its first author. Clara Do has never ever sent a single message, at all, however short or long, to the Babel WG mailing list. She has never presented anything at a Babel WG meeting, whether in person or remotely. In other words, this person has never participated in this working group.
>  > >  > >
>  > >  > > The document lists Weronika Kolodziejak as its second author. Weronika had sent 1 (one) message to the Babel WG mailing list, but made no other contributions (in the IETF sense of the term).
>  > >  >
>  > >  > A person who has produced text with the intent that it end up in a
>  > >  > Babel Internet Draft and that actually ends up in such an Internet
>  > >  > Draft, even if in an edited form, is a contributor to the WG and a
>  > >  > participant in the WG.
>  > >  >
>  > >  > > The document lists Juliusz Chroboczek as its third author. Juliusz in the past couple months had sent an incredible amount of messages to the Babel WG mailing list. Most of those were related to the HMAC-based method of Babel security,
>  > >  >
>  > >  > I'll take the above statements as true although I haven't actually
>  > >  > checked who posted how often.
>  > >  >
>  > >  > >                   which the Babel WG had already decided it will not use. Despite the obvious fact, Juliusz kept bringing the matter up again and again and again and again, most of the text in the proposed document has been committed by him, and at IETF-102 he proposed to adopt this draft shortly after it was first created.
>  > >  >
>  > >  > I don't think that the Babel WG has decided it will not use HMAC-based
>  > >  > Babel security. It also seems reasonable that, considering how long
>  > >  > previous documents have been available and how much discussion has
>  > >  > been held on the topic, that a new HMAC-based Babel security document
>  > >  > could be considered fairly quickly.
>  > >  >
>  > >  > > This way, the document looks mainly a product of very recent efforts of Juliusz Chroboczek. Hence when Juliusz at IETF-102 in his HMAC slides stated "I am just the janitor here", that statement was false.
>  > >  >
>  > >  > I'm not sure what being "the janitor" means. Also, while there is some
>  > >  > correlation, I don't think how much someone has contributed to a
>  > >  > document can be determined by how often they posted to the mailing
>  > >  > list or did commits. It seems reasonable that someone could produce
>  > >  > major contributions to a document by reading previous documents and
>  > >  > reading the comments on the mailing list. To the extent that "janitor"
>  > >  > means someone who cleans things up, it seems reasonable that such
>  > >  > contributions might go through someone who cleaned up some minor
>  > >  > formatting or language issued before merging the contribution into a
>  > >  > document -- but, of course, I don't actually know what the work flow
>  > >  > was and I don't think you do either. So I just don't see any
>  > >  > foundation for your claim that Juliusz's statement was false and I
>  > >  > think that statement was inappropriate.
>  > >
>  > > I am sorry that you do not like the language I have to use, but I do not currently see better means to get to the point: who is the actual author(s) of draft-do-babel-hmac?
>  > >
>  > > This question is both appropriate and relevant. An author is the person responsible for the technical contents of the document. Who exactly is responsible for the technical contents of this routing protocol security mechanism proposed to be adopted for Standards Track work? Who exactly has the responsibility to answer the question in point 2 of this objection?
>  > >
>  > > Are you saying it is Juliusz? I have already asked him and got no sound technical answer.
>  > >
>  > > Are you saying it is Clara or Weronika? I am looking forward to study any comments they make, if they do.
>  > >
>  > > I appreciate your willingness to discuss what other participants could mean, but on this occasion I do not see other means to achieve clarity other than the participants speaking for themselves, rather than someone making interpretations on their behalf.
>  >
>  > Those listed on the title page are asserting that they are the
>  > authors. Juliusz in a separate answer has confirmed they are the
>  > authors. You have not, in my opinion, as I have previously stated,
>  > cited any good evidence that any of those listed on the title page are
>  > not authors. Yet you are attacking their integrity and honest.
>
>
> Donald, when somebody else attacked my integrity and honesty on the list first, both you and Russ White were fine with that. Hence I am asking you not to discriminate.

If you are going to complain your integrity and honesty were attacked
on the list, provide the URL to the message(s) you are referencing. WG
mail archives are available in a couple places including here
https://www.ietf.org/mail-archive/web/babel/current/maillist.html

> I raise the same questions about this document:
>
> 1. Who exactly is responsible for the technical contents of this routing protocol security mechanism proposed to be adopted for Standards Track work?

This has been clarified by the message here
https://www.ietf.org/mail-archive/web/babel/current/msg01470.html

> 2. Which specific technical problems does this document solve that have not been solved before?

Why do you believe the answer to the above question is important? Why
is it worth the time of the WG at this point to discuss this question?
Since draft-do-babel-hmac-00.txt has been adopted, wouldn't examining
it for technical flaws be a lot more important?

> If participants find those questions inconvenient and do not answer them clearly, this is not a problem of the messenger.

I do not agree that you are entitled to have your questions answered
to your satisfaction. To the extent that (1) you find the answers to
one of your questions unclear and (2) getting agreement on the answer
to that problem is not necessary for the BABEL WG to advance, then I
think that, to a significant extent, the unclarity that you see is
your problem.

>  > >  > > Juliusz Chroboczek had previously commented that Clara Do and Weronika Kolodziejak are his interns. I understand this as they are not independent in their actions, so as a minimum it would be fair to let them speak freely for themselves and to confirm the reasons for appearing on the list of authors for a document that was written mostly by another person.
>  > >  >
>  > >  > If they want to post something to the mailing list, they are welcome
>  > >  > to do so, but there is no requirement for them to. Until the draft is
>  > >  > adopted by the WG, the WG has no authority over the author list shown
>  > >  > on the title page.
>  > >  >
>  > >  > > It would also be very useful to hear about their experience in the areas of network protocols design, implementation and security, and how much time they plan to spend on this project, as this is a Standards Track work and it may be very demanding regardless of what other plans people have in life.
>  > >  >
>  > >  > Well, I don't recall anyone else posting a resume to the list. I know I haven't.
>  > >  >
>  > >  > > 2. What problem does this document solve that has not been solved before?
>  > >  > >
>  > >  > > The Babel WG has already had an opportunity to adopt a HMAC-based solution to fulfill the requirements of its charter, and the WG decided not to adopt. This decision was not rooted in the technical merits of the proposed solution. As far as the WG adoption call materials go, draft-ovsienko-babel-rfc7298bis was good enough and had no unaddressed technical issues, I had already clarified this before.
>  > >  >
>  > >  > Adoption of the draft was determined not to have consensus due to
>  > >  > insufficient support and one objection.
>  > >  >
>  > >  > > I had asked, twice, Juliusz Chroboczek about the technical merits of his new HMAC project, and, unfortunately, he had not provided an answer that would be sound and true. Given this input, I have to conclude this document does _not_ solve a problem that would not be solved already.
>  > >  >
>  > >  > The WG has the right to choose which draft will be the starting point
>  > >  > for the WG draft efforts.
>  > >
>  > >
>  > > Thank you for providing the above comments, but they do not answer the question, so let me get back to the point again.
>  > >
>  > > Juliusz Chroboczek maintains that draft-do-babel-hmac addresses unresolved problems of my Babel security contributions. This statement is false by omission (Juliusz keeps comparing with RFC 7298, whereas he has seen that the input I had contributed during the adoption call of 7298bis I-D had addressed all known issues). Hence the two requests below.
>  >
>  > See Juliusz response and the WG mailing list. There is clearly a
>  > difference of opinion here. You are entitled to your opinion that
>  > 7298bis addressed all known issues. Those who disagree with you are
>  > also entitled to their opinion.
>
> I have seen that response, and it repeats what Juliusz had stated before (on the mailing list and at IETF-102), and that is what I take as a deliberate personal insult. I am asking you to mind where you direct me.

I think a statement by someone that they see a technical flaw in a
draft is generally not a personal insult.

>  > > * I take repeated false statements about the quality of my contributions to the Babel WG as ongoing deliberate annoyance. I accept the chairs may be unaware because of not following the WG mailing list, but I do not see it as a valid reason for this annoyance to continue. Now I am asking the working group chairs to acknowledge this statement and to handle this annoyance within the scope of their powers and duties in IETF.
>  >
>  > "Quality" is a subjective judgement about which people can reasonably
>  > differ. It has many dimensions. If you are going to complaint about
>  > "repeated false statements", you need to provide pointers to the
>  > specific statements.
>
> Fine, let me explain one more time and spell the details to make it portable for any required escalation.
>
> One of the contributions I have made to the Babel WG in 2018 started at IETF-101, where I proposed my I-D for the WG adoption. The contribution consisted of draft-ovsienko-babel-rfc7298bis-00 and related in-depth discussion on the mailing list during the I-D adoption call, which lasted for more than 2 months. Although the I-D was not adopted by the WG, to the best of my knowledge this contribution (the I-D and the mailing list discussion) had addressed all the questions and problems raised before and during the call.
>
> Juliusz Chroboczek, a participant to the Babel WG, about the time of the WG decision about my I-D started a very similar work, which ended up as draft-do-babel-hmac. Juliusz keeps claiming that his work solves design problems in my contribution, specifically, in RFC 7298 (published in 2014) or in 7298bis (-00 published on 5 March 2018) or the attack described in his message to the list dated 10 May 2018.

I've just read over a lot of the mailing list discussion. Juliusz did
discuss your proposed changes to protect against the attacks he
described. I do not agree with your characterization of what Juliusz
has written.

> I take that statement as false by deliberate omission. The discussion about the 7298bis adoption lasted up to 28 May 2018. Among other things, the problem stated by Juliusz on 10 May was discussed with him on the list on 11 May, 13 May, 15 May, and eventually I published the solution on 23 May. Juluisz had seen the message with the solution and replied to it, and referred to that solution later on the list.

Right. So Juliusz pointed out a problem and you posted a proposed
solution. Presumably you wouldn't have posted a solution if you didn't
agree there was a problem. People can differ about how good your
solution is. In any case, there wasn't a WG consensus to adopt your
draft. You could have modified your draft based on the comments about
it that you had accepted and/or your solution and ask for another
adoption call, but you did not. So how was the WG, which did have a
lot of interest in an HMAC-based scheme, supposed to progress after
the adoption failure for your draft?

> I have done a lot of work to deliver what I have delivered.

I agree with that.

> I accept that other IETF participants may have no interest in my work.

I do not agree that other IETF participants have no interest in your work.

> I do not accept another IETF participant again and again deliberately presenting my work as if it had a "fatal flaw" (sic) and using that as the only ground to endorse their own document. I take it as a deliberate personal insult, and I am asking you to stop this.

I do not see URLs to messages you are complaining about. I'm not going
to do your research for you. I don't understand why you think there
would be any further comments on your 7298bis draft, positive or
negative, (that is, I don't see why you think there would be anything
to stop) if you didn't keep bringing it up.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 1424 Pro Shop Court, Davenport, FL 33896 USA
 d3e3e3@gmail.com

>  > > * I am asking the person(s) responsible for the technical contents of draft-do-babel-hmac to answer the same crucial question. Which specific technical problems does this document solve that have not been solved before?
>  >
>  > See Juliusz response the WG mailing list.
>  >
>  > In any case, there was no consensus to adopt 7298bis but there is
>  > consensus to adopt do-babel-hmac.
>
> I have seen the participants voting.
>
> --
>     Denis Ovsienko