IETF Logo Mail Archive

Re: [Ietf-http-auth] Next step on web phishing draft (draft-hartman-webauth-phishing-05.txt)

Alexey Melnikov <alexey.melnikov@isode.com> Sun, 09 September 2007 18:29 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IURXC-0001IK-4t; Sun, 09 Sep 2007 14:29:26 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1IURXB-0001I9-2w for discuss-confirm+ok@megatron.ietf.org; Sun, 09 Sep 2007 14:29:25 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IURXA-0001I1-PM for discuss@apps.ietf.org; Sun, 09 Sep 2007 14:29:24 -0400
Received: from rufus.isode.com ([62.3.217.251]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IURX9-0003HN-8A for discuss@apps.ietf.org; Sun, 09 Sep 2007 14:29:24 -0400
Received: from [172.16.1.99] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <RuQ7fwBOxmru@rufus.isode.com>; Sun, 9 Sep 2007 19:29:20 +0100
Message-ID: <46E43BA9.3080407@isode.com>
Date: Sun, 09 Sep 2007 19:30:01 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: Eric Rescorla <ekr@networkresonance.com>
Subject: Re: [Ietf-http-auth] Next step on web phishing draft (draft-hartman-webauth-phishing-05.txt)
References: <46E2E54A.2050406@isode.com> <20070908205337.82EC933C39@delta.rtfm.com>
In-Reply-To: <20070908205337.82EC933C39@delta.rtfm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc: ietf-http-auth@osafoundation.org, discuss@apps.ietf.org, saag@mit.edu, ietf@ietf.org, ietf-http-wg@w3.org
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

Eric Rescorla wrote:

>Alexey wrote:
>  
>
>>This message is trying to summarize recent discussions on 
>>draft-hartman-webauth-phishing-05.txt.
>>
>>Several people voiced their support for the document (on IETF mailing 
>>list and in various other off-list discussions). Ekr doesn't think that 
>>the document should be published in the current form and he has some 
>>good technical points that need to be addressed. At least one more 
>>revision is needed to addressed recent comments from Ekr and SecDir review.
>>
>>It is quite clear that some people got confused about intended status of 
>>this document and whether it represents IETF consensus. Sam has 
>>clarified what was his intention, but another consensus call is needed 
>>to make sure people agree with Sam.
>>
>>Subsequent discussions and consensus calls on the document would happen 
>>on <ietf-http-auth@osafoundation.org>.
>>
>>Alexey,
>>in my capacity of shepherd for draft-hartman-webauth-phishing
>>    
>>
>I object to this procedure.
>
>This document has already had an IETF Last Call, where it failed to
>achieve consensus.
>
Ekr, I have to disagree with you.
One objection about the document and one objection about the intended 
status doesn't constitute "failed consensus", considering there are at 
least 8 other people who are in favor of publishing the document. I can 
publish the list of reviewers, if you insist.

>At this point, it doesn't need additional last
>calls to "make sure that people agree with Sam", but rather to go back
>to the authors to try to build support in the community.
>
I was probably not clear enough in my previous message:
1). The document needs more work.
2). The document needs more reviews. Discussions of future revisions 
should happen on ietf-http-auth@osafoundation.org
3). The document was effectively reset to pre-IETF LC state.

>Not liking the result of the previous Last Call is not a sufficient basis for
>issuing another one.
>  
>
This statement taken in isolation is certainly correct. However if the 
original LC didn't ask the right question, don't you think this makes 
answers meaningless?

>At some point in the future, it may be appropriate to issue another
>consensus call, but since this is not a WG mailing list--indeed, the
>IESG has twice declined to charter a WG in this area--nor are you the
>chair, it doesn't seem to me that you have standing to do that. When
>that time comes, I would expect the IESG to designate an appropriate
>time and place.
>  
>
I have support of the shepherding AD.
Do you think this is insufficient?

v2.23.0 | Report a Bug | By Email