Re: Fourth Last Call: draft-housley-tls-authz-extns

[Bernard Aboba <bernard_aboba@hotmail.com>]

I do not support publication of this document as a Proposed Standard, for
several reasons:

a.  I believe that the subject of this document (TLS authorization) is of
fundamental importance to a number of IETF WGs, and therefore it should
not be handled via AD-sponsorship, but rather within a WG.  If the TLS 
WG does not wish to deal with the document, then the IETF should
consider formation of a new WG to deal with this and other TLS extensions. 

b.  This document has become a lightening rod for attacks on the integrity
of the IETF and IESG.  Rather than ignoring the concerns that have been
raised, I believe that the IETF needs to tackle them head on, by initiating
reforms in the areas of affiliation disclosure and conflict of interest within
the IESG.  Given the current controversy, approving this document could
be interpretted as a lack of concern about those issues.  

c. I'm not convinced that the latest Redphone IPR disclosure represents
a substantive rather than a cosmetic change from previous disclosures. 
> -----Original Message-----
> From: ietf-announce-bounces at ietf.org 
> [mailto:ietf-announce-bounces at ietf.org] On Behalf Of The IESG
> Sent: 14 January 2009 16:18
> To: IETF-Announce
> Subject: Fourth Last Call: draft-housley-tls-authz-extns
> 
> On June 27, 2006, the IESG approved "Transport Layer Security 
> (TLS) Authorization Extensions," 
> (draft-housley-tls-authz-extns) as a proposed standard. On 
> November 29, 2006, Redphone Security (with whom Mark Brown, a 
> co-author of the draft is affiliated) filed IETF IPR disclosure 767. 
> 
> Because of the timing of the IPR Disclosure, the IESG 
> withdrew its approval of draft-housley-tls-authz-extns.  A 
> second IETF Last Call was initiated to determine whether the 
> IETF community still had consensus to publish  
> draft-housley-tls-authz-extns as a proposed standard given 
> the IPR claimed.  Consensus to publish as a standards track 
> document was not demonstrated, and the document was withdrawn 
> from IESG consideration.
> 
> A third IETF Last Call was initiated to determine whether the 
> IETF community had consensus to publish 
> draft-housley-tls-authz-extns as an experimental track RFC 
> with knowledge of the IPR disclosure from Redphone Security.  
> Consensus to publish as experimental was not demonstrated; a 
> substantial segment of the community objected to publication 
> on any track in light of the IPR terms.
> 
> Since the third Last Call, RedPhone Security filed IETF IPR 
> disclosure 1026.  This disclosure statement asserts in part 
> that "the techniques for sending and receiving authorizations 
> defined in TLS Authorizations Extensions (version 
> draft-housley-tls-authz-extns-07.txt) do not infringe upon 
> RedPhone Security's intellectual property rights".  The full 
> text of IPR disclosure 1026 is available at:
> 
> 	https://datatracker.ietf.org/ipr/1026/
> 
> This Last Call is intended to determine whether the IETF 
> community had consensus to publish  
> draft-housley-tls-authz-extns as a proposed standard given 
> IPR Disclosure 1026.
> 
> The IESG is considering approving this draft as a standards 
> track RFC. The IESG solicits final comments on whether the 
> IETF community has consensus to publish 
> draft-housley-tls-authz-extns as a proposed standard. 
> Comments can be sent to ietf at ietf.org or exceptionally to 
> iesg at ietf.org. Comments should be sent by 2009-02-11.
> 
> A URL of this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-housley-tls-authz-extns-07.txt