Re: [OAUTH-WG] We appear to still be litigating OAuth, oops
Justin Richer <jricher@mit.edu> Wed, 24 February 2021 15:18 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AFD13A16EF; Wed, 24 Feb 2021 07:18:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fyzR0xOJzT6Z; Wed, 24 Feb 2021 07:18:30 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75FAF3A16EE; Wed, 24 Feb 2021 07:18:29 -0800 (PST)
Received: from [192.168.1.22] (static-71-174-62-56.bstnma.fios.verizon.net [71.174.62.56]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 11OFIMwk030722 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 24 Feb 2021 10:18:23 -0500
From: Justin Richer <jricher@mit.edu>
Message-Id: <E84B4446-5F74-402B-8071-A1164EF0B02C@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_836960DE-9A94-44F8-BE83-DFD79296D11D"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Subject: Re: [OAUTH-WG] We appear to still be litigating OAuth, oops
Date: Wed, 24 Feb 2021 10:18:22 -0500
In-Reply-To: <121f52be-4747-45f3-ad75-79fa2f693d75@beta.fastmail.com>
Cc: Warren Parad <wparad@rhosys.ch>, Phillip Hallam-Baker <phill@hallambaker.com>, "oauth@ietf.org" <oauth@ietf.org>, ietf@ietf.org
To: Bron Gondwana <brong@fastmailteam.com>
References: <CAMm+LwgbK3HYDjSHnTN3f6hWSQCQrEjHLNn6z0JpfY7hdxaQpg@mail.gmail.com> <A8128346-B557-472F-B94F-8F624F955FCE@manicode.com> <eb2eaaa7-7f7e-4170-ab87-1cc1fdd3359b@www.fastmail.com> <CAJot-L0PS_3LxEkC-jd1aqXDdYF+z8BajSs4Rhx3LgRPn6wkdQ@mail.gmail.com> <DAB127D7-809F-4EC2-A043-9B15E2DB8E07@tzi.org> <CAJot-L1e8GegjXjADRQ87tGqnSREoO4bEKLX+kPkZFsQpevGQA@mail.gmail.com> <66be0ffe-a638-45a0-ba05-1585ea02e6bf@www.fastmail.com> <CAJot-L2KO2dOzZQJJeB1kbk6_KTQwUYUsoJOoRt=9maynS1jZg@mail.gmail.com> <121f52be-4747-45f3-ad75-79fa2f693d75@beta.fastmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/gegSUl_xobqRk7cKkkgJhjXRSkE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2021 15:18:34 -0000
I agree that the NxM problem is the purview of the whole IETF, but it’s something that we’re particularly interested in over in GNAP. As the editor of OAuth’s dynamic registration extension and the GNAP core protocol, I hope I can add to this conversation. From a technical standpoint, OAuth’s dynamic client registration lets arbitrary clients talk to an AS, but the trust isn’t there in practice. On top of that I think this problem is exacerbated by a fundamental protocol design element of OAuth: the client_id that’s required. That field means there’s an assumption that a relationship was set up between the pieces of software, implied to be trusted by admins at the AS. Sure you can get that client_id under special circumstances, but there’s still a special weight handed to that and the dynamic stuff feels like you’re giving up control as an AS. In GNAP, the relationship is inverted, and it’s designed as “dynamic-first”, with pre-registered clients being an optimization on top of that. Does this solve the NxM problem? No, because companies are still going to decide that they only talk to keys or identifiers that they know ahead of time. But the protocol puts the dynamic case forward as baseline and fits in much better with the likes of JMAP than OAuth ever could: - {The Bat} creates a key pair. - {User} enters their email address into {Bat}, {Bat} does discovery (maybe that’s a JMAP thing? Webfinger?) and finds the JMAP server and the GNAP endpoint for authentication as an option. - {Bat} talks to the GNAP AS at {ISP} and presents the key it just made up. {ISP} has never seen this key, but knows how to talk GNAP and get the user to authorize {Bat} to access email. - {User} does this using GNAP and gets back an access token that’s tied to the key {Bat} made back at the beginning. That token is tied (at the {ISP}) to the user’s account. Yes, you can do all of this today with OAuth (and people have done so), but OAuth’s basic model of “go do discovery and registration first and THEN talk to me” is a trust impediment more than it is a technical impediment. The “negotiation” part of the GNAP name comes from the philosophy of “start talking first and figure out what you need as you go”. Instead of jumping through hoops to get something you can trust, you just start in and then decide how much you trust it. A corporate rollout could use its own key distribution mechanism and static registration to limit which client instances talk back to the company server, regardless of which accounts would authorize access on top of that. An internet-facing service is going to be more likely to take a TLS approach, of “I’ll talk to you in a secure fashion without caring who you are right now”. We really are trying to make GNAP a consistent protocol at its core and learn from problems with OAuth in the wild, all while letting GNAP address a wider variety of use cases. I agree that GNAP could be clearer about specific use cases, and we’re working on the spec still so any help here is appreciated. — Justin > On Feb 24, 2021, at 7:15 AM, Bron Gondwana <brong@fastmailteam.com> wrote: > > > > On Wed, Feb 24, 2021, at 23:09, Warren Parad wrote: >> (I tend to trend lightly in the pronoun area, mostly because I'm shocked that openid included gender but not pronouns) >> >> I hadn't heard that to be called the NxM problem, so that definitely cleared up the potential confusion (at least for me). >> >> I think GNAPs lack of clarity is a non sequitur for the handling or not of the multitrust arbitrary-client with arbitrary-service, however it's lack of clarity for me prevents me from knowing whether GNAP actually seeks to solve this problem. So from an OAuth WG perspective we can still ask: >> >> Is this or should this problem be left to GNAP to solve, or is an OAuth WG responsibility? > > Honestly I think the problem space is the whole ietf's responsibility. Protocols that allow an end user to safely transfer data between two parties that don't have a pre-existing trust relationship are a key part of enabling user freedom and user choice. > > Bron. > >> >> >> Warren Parad >> Founder, CTO >> Secure your user data with IAM authorization as a service. Implement Authress <https://authress.io/>. >> >> >> On Wed, Feb 24, 2021 at 12:39 PM Bron Gondwana <brong@fastmailteam.com <mailto:brong@fastmailteam.com>> wrote: >> >> On Wed, Feb 24, 2021, at 22:04, Warren Parad wrote: >>> I would prefer Bron to answer that question, as they are the one who started this email thread. >> >> You can also use he when talking about me, or she for that matter - I do enough group fitness classes where it's roughly assumed that the entire class is female, and I have an ambiguous enough name that I'm used to it. Most people use "he" most of the time. >> >>> However let's look at GNAP, I've honestly been struggling to understand at least one fully documented case that GNAP supports. It seems in every document the only thing that is clear is GNAP wants to allow "everything", doesn't actually talk about an example. >> >> That's my biggest fear for GNAP - it too will try to be everything to everybody and wind up being nothing to nobody because the super flexible "everything protocol" is the same as no protocol at all, since you have to special-case everybody you talk to anyway. >> >>> By NxM, I assume we mean that the end user or client is free to select whichever AS they want, in a way which the RS can verify the AS credential and the user identity, without the RS having to (and really without the ability to limit) which AS are allowed. >> >> Let's get down to use cases then, rather than talking in abstracts. >> >> I'm an end user with a copy of {The Bat email client} and I want to connect it to {Gmail} + {Yahoo} + {My ISP}. It supports {POP3}, a widely popular open standard. I want to be able to authenticate to each of those services without saving my plaintext passwords on my hard disk where the next {Windows ME} virus will exfiltrate them to {Noextraditionistan} and all my {Dogecoin} will then be exfiltrated from my {Paybuddy} account, leaving me destitute. >> >> But, {The Bat} doesn't have a trusted client cert from my isp, because who does - so there's no good protocol for me - it's either plaintext auth, or it's some architecture astronaut multi-party nonsense that's massively over specified and doesn't work half the time. So I write a plain text password on a post-it note which is lying in the dust under my monitor because the glue has gone bad, and I hope I never accidentally click "remember me" when I type it in. >> >> That's been the reality of the end user experience for very many years. >> >> NxM means that you can authenticate an arbitrary client against an arbitrary server so long as they are both speaking a known public protocol, without needing to build a trust relationship between the client vendor and the server vendor first. >> >> Any "trust relationship" is made through a user both who trusts the client and trusts the server, and it's not transitive over to other users of the same client and the same server. The client author doesn't need to get a signed "I trust you" from every single server, and the server author doesn't have to go identify every single client. >> >> That's what NxM means to a user, the ability to use arbitrary clients with arbitrary servers so long as they both implement a documented protocol. Interoperability. >> >> OAuth has not given interoperability in the NxM sense outside some simple web use cases. They're nice and all, but they don't tend to be useful with open protocols - OAuth gets used for accessing proprietary API endpoints after getting an access key for a single provider. At least you get Nx1 or 1xM out of it depending who's the N and who's the M, and maybe some of your code can rhyme so you're not doing everything from scratch each time. >> >> This is the sorry story of real open protocols. The floor for true interoperability is still username + password over cleartext, over hopefully a TLS tunnel that's providing some level of protection. Most so than a few years ago when Fastmail wrote our "starttls considered harmful"[1] objection to the IETF's habit at the time of putting a "STARTTLS" upgrade into an initially plaintext protocol, where an active intercepter could just strip the "I support STARTTLS" indicator from the protocol and convince the client to send the credentials in the clear. >> >> We're a little better mostly these days, but it's still a tirefire, and in my heart I do hold the OAuth working group's squatting on this area of the landscape while failing to address this burning need partially responsible. The result (as Phillip pointed out upthread) has been a consolidation towards a few big players - because NxM becomes tractable when you reduce the N and M to small enough numbers. >> >> Bron. >> >> [1] https://www.fastmail.help/hc/en-us/articles/360058753834-SSL-TLS-and-STARTTLS <https://www.fastmail.help/hc/en-us/articles/360058753834-SSL-TLS-and-STARTTLS> >> >> -- >> Bron Gondwana, CEO, Fastmail Pty Ltd >> brong@fastmailteam.com <mailto:brong@fastmailteam.com> >> >> > > -- > Bron Gondwana, CEO, Fastmail Pty Ltd > brong@fastmailteam.com <mailto:brong@fastmailteam.com> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
- Diversity and Inclusiveness in the IETF Fernando Gont
- Re: Diversity and Inclusiveness in the IETF Bron Gondwana
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- Re: Diversity and Inclusiveness in the IETF Dominique Lazanski
- Re: Diversity and Inclusiveness in the IETF Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Dominique Lazanski
- Re: Diversity and Inclusiveness in the IETF Carsten Bormann
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- Re: Diversity and Inclusiveness in the IETF Bron Gondwana
- Re: Diversity and Inclusiveness in the IETF Rifaat Shekh-Yusef
- Re: Diversity and Inclusiveness in the IETF Bron Gondwana
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- Re: [Gendispatch] Diversity and Inclusiveness in … Stephen Farrell
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Dan Harkins
- RE: Diversity and Inclusiveness in the IETF Roman Danyliw
- Re: Diversity and Inclusiveness in the IETF Kathleen Moriarty
- Re: Diversity and Inclusiveness in the IETF Donald Eastlake
- Re: Diversity and Inclusiveness in the IETF Fernando Gont
- Re: Diversity and Inclusiveness in the IETF Carsten Bormann
- Making headway in the IETF [was Diversity and Inc… Brian E Carpenter
- Re: Making headway in the IETF [was Diversity and… Keith Moore
- Re: Diversity and Inclusiveness in the IETF Brian E Carpenter
- Re: Diversity and Inclusiveness in the IETF Mark Nottingham
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- Re: [OAUTH-WG] Diversity and Inclusiveness in the… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Diversity and Inclusiveness in the… Bron Gondwana
- Re: [Gendispatch] Diversity and Inclusiveness in … Mary Barnes
- Re: [Gendispatch] Diversity and Inclusiveness in … Bill Woodcock
- Re: Diversity and Inclusiveness in the IETF Tim Bray
- Re: [OAUTH-WG] Diversity and Inclusiveness in the… Eric Rescorla
- Re: [OAUTH-WG] Diversity and Inclusiveness in the… Bron Gondwana
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- Re: Diversity and Inclusiveness in the IETF Jim Fenton
- Re: Diversity and Inclusiveness in the IETF Phillip Hallam-Baker
- Building Real Internet Platforms Mark Nottingham
- RE: Diversity and Inclusiveness in the IETF Larry Masinter
- Re: [OAUTH-WG] Diversity and Inclusiveness in the… Jim Manico
- Re: Diversity and Inclusiveness in the IETF Carsten Bormann
- We appear to still be litigating OAuth, oops Bron Gondwana
- Re: Diversity and Inclusiveness in the IETF S Moonesamy
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- RE: [Gendispatch] Diversity and Inclusiveness in … Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- Re: [Gendispatch] Diversity and Inclusiveness in … Vittorio Bertola
- coders in IETF (was: Diversity and Inclusiveness … Keith Moore
- Re: [OAUTH-WG] We appear to still be litigating O… Carsten Bormann
- RE: [Gendispatch] Diversity and Inclusiveness in … Hannes Tschofenig
- Re: [OAUTH-WG] We appear to still be litigating O… Bron Gondwana
- Re: coders in IETF (was: Diversity and Inclusiven… Bron Gondwana
- Re: [OAUTH-WG] We appear to still be litigating O… Bron Gondwana
- Re: [OAUTH-WG] We appear to still be litigating O… Neil Madden
- Re: [OAUTH-WG] We appear to still be litigating O… Aaron Parecki
- Re: [OAUTH-WG] We appear to still be litigating O… Jim Willeke
- Re: Diversity and Inclusiveness in the IETF Phillip Hallam-Baker
- Re: [OAUTH-WG] We appear to still be litigating O… Justin Richer
- Re: [OAUTH-WG] We appear to still be litigating O… Aaron Parecki
- Re: [Gendispatch] Diversity and Inclusiveness in … Mary Barnes
- Re: coders in IETF (was: Diversity and Inclusiven… Phillip Hallam-Baker
- Re: [OAUTH-WG] We appear to still be litigating O… Tim Bray
- Re: [Gendispatch] Diversity and Inclusiveness in … Christian Huitema
- Re: [OAUTH-WG] We appear to still be litigating O… Warren Parad
- Re: [OAUTH-WG] We appear to still be litigating O… Warren Parad
- Re: [OAUTH-WG] We appear to still be litigating O… Warren Parad
- Re: [OAUTH-WG] We appear to still be litigating O… Michael Richardson
- Re: [OAUTH-WG] We appear to still be litigating O… Phillip Hunt
- Re: [Gendispatch] Diversity and Inclusiveness in … Phillip Hallam-Baker
- Re: Diversity and Inclusiveness in the IETF Michael Thomas
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- Re: [Gendispatch] Diversity and Inclusiveness in … Vittorio Bertola
- Re: Diversity and Inclusiveness in the IETF Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Michael Thomas
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: coders in IETF (was: Diversity and Inclusiven… Christian Hopps
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [OAUTH-WG] We appear to still be litigating O… Bron Gondwana
- Re: coders in IETF (was: Diversity and Inclusiven… Christian Huitema
- Re: [Gendispatch] Diversity and Inclusiveness in … Jen Linkova
- Academia (Re: Diversity and Inclusiveness in the … Theresa Enghardt
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Dan Harkins
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Theresa Enghardt
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Christian Huitema
- Re: Diversity and Inclusiveness in the IETF S Moonesamy
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Fernando Gont
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Fernando Gont
- RE: [Gendispatch] Diversity and Inclusiveness in … Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF Hannes Tschofenig
- RE: Diversity and Inclusiveness in the IETF S Moonesamy
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Theresa Enghardt
- Re: [OAUTH-WG] We appear to still be litigating O… Warren Parad
- Re: [OAUTH-WG] We appear to still be litigating O… Seán Kelleher
- Re: [OAUTH-WG] We appear to still be litigating O… Seán Kelleher
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Lars Eggert
- RE: [Gendispatch] Diversity and Inclusiveness in … Andrew Campling
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Marc Petit-Huguenin
- document writing/editing tools used by IETF Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: Diversity and Inclusiveness in the IETF Brian E Carpenter
- Re: [Gendispatch] Diversity and Inclusiveness in … Marc Petit-Huguenin
- Re: [Gendispatch] Diversity and Inclusiveness in … Eric Rescorla
- Re: [Gendispatch] Diversity and Inclusiveness in … Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Brian E Carpenter
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Keith Moore
- Re: [Gendispatch] Diversity and Inclusiveness in … Eric Rescorla
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Brian E Carpenter
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Salz, Rich
- Re: [Gendispatch] Diversity and Inclusiveness in … Keith Moore
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: document writing/editing tools used by IETF Joel M. Halpern
- RE: document writing/editing tools used by IETF Larry Masinter
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Keith Moore
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: Diversity and Inclusiveness in the IETF S Moonesamy
- RE: document writing/editing tools used by IETF Larry Masinter
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Lars Eggert
- Re: document writing/editing tools used by IETF Ladislav Lhotka
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Lars Eggert
- Re: document writing/editing tools used by IETF Julian Reschke
- Re: [Gendispatch] Diversity and Inclusiveness in … Lars Eggert
- Re: [Gendispatch] Diversity and Inclusiveness in … Lars Eggert
- Re: [Gendispatch] Diversity and Inclusiveness in … Fernando Gont
- Re: [Gendispatch] Diversity and Inclusiveness in … Lars Eggert
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Colin Perkins
- Re: document writing/editing tools used by IETF Andrew McConachie
- Re: [Gendispatch] Diversity and Inclusiveness in … Vittorio Bertola
- Re: [Gendispatch] Diversity and Inclusiveness in … Bill Woodcock
- Re: document writing/editing tools used by IETF Behcet Sarikaya
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: [OAUTH-WG] We appear to still be litigating O… Justin Richer
- Re: document writing/editing tools used by IETF Ladislav Lhotka
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: [OAUTH-WG] We appear to still be litigating O… Tim Bray
- Re: [OAUTH-WG] We appear to still be litigating O… Aaron Parecki
- How to tell people... Was: We appear to still be … Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Keith Moore
- Re: How to tell people... Was: We appear to still… Keith Moore
- Re: document writing/editing tools used by IETF Julian Reschke
- Re: document writing/editing tools used by IETF Carsten Bormann
- RE: document writing/editing tools used by IETF STARK, BARBARA H
- Re: [OAUTH-WG] We appear to still be litigating O… Christian Huitema
- Re: [OAUTH-WG] We appear to still be litigating O… Michael Thomas
- Re: [OAUTH-WG] We appear to still be litigating O… David Waite
- Re: [OAUTH-WG] We appear to still be litigating O… Aaron Parecki
- Re: coders in IETF (was: Diversity and Inclusiven… Charles Eckel (eckelcu)
- Re: [OAUTH-WG] We appear to still be litigating O… Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF John Levine
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: document writing/editing tools used by IETF Michael Richardson
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: document writing/editing tools used by IETF Keith Moore
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: document writing/editing tools used by IETF Brian E Carpenter
- Re: How to tell people... Was: We appear to still… Michael Richardson
- Re: How to tell people... Was: We appear to still… Phillip Hallam-Baker
- Re: document writing/editing tools used by IETF John Levine
- Re: document writing/editing tools used by IETF Keith Moore
- Re: document writing/editing tools used by IETF Michael Richardson
- Re: document writing/editing tools used by IETF Christian Huitema
- Re: document writing/editing tools used by IETF Carsten Bormann
- Re: [Gendispatch] Academia (Re: Diversity and Inc… John Wroclawski
- Re: document writing/editing tools used by IETF John Levine
- Re: [OAUTH-WG] We appear to still be litigating O… Bron Gondwana
- Re: [Gendispatch] Diversity and Inclusiveness in … Bron Gondwana
- HTML for email (was: Re: document writing/editing… Keith Moore
- Re: [OAUTH-WG] We appear to still be litigating O… Vittorio Bertola
- Re: HTML for email (was: Re: document writing/edi… Phillip Hallam-Baker
- Re: [OAUTH-WG] We appear to still be litigating O… Warren Parad
- Re: [OAUTH-WG] We appear to still be litigating O… Jeff Craig
- Re: document writing/editing tools used by IETF Behcet Sarikaya
- Re: HTML for email tom petch
- RE: HTML for email Larry Masinter
- Re: document writing/editing tools used by IETF Salz, Rich
- RE: document writing/editing tools used by IETF STARK, BARBARA H
- Re: HTML for email Keith Moore
- Re: HTML for email Benjamin Kaduk
- Re: HTML for email (was: Re: document writing/edi… Viktor Dukhovni
- Re: HTML for email Nico Williams
- Re: HTML for email Nico Williams
- Re: HTML for email Nico Williams
- Re: HTML for email Benjamin Kaduk
- Re: HTML for email Keith Moore
- Re: HTML for email Benjamin Kaduk
- Re: HTML for email Bron Gondwana
- Re: HTML for email John Levine
- RE: HTML for email Larry Masinter
- Re: HTML for email Brian E Carpenter
- Re: HTML for email Phillip Hallam-Baker
- Re: HTML for email tom petch
- Re: HTML for email tom petch
- Re: HTML for email ned+ietf
- Re: HTML for email Nick Hilliard
- Re: HTML for email Keith Moore
- Re: HTML for email ned+ietf
- Re: HTML for email tom petch
- Re: HTML for email Nick Hilliard
- Re: HTML for email Nico Williams
- Re: HTML for email tom petch
- Re: HTML for email Nico Williams
- Re: HTML for email Phillip Hallam-Baker
- Re: HTML for email Keith Moore
- RE: HTML for email Larry Masinter
- Re: HTML for email Phillip Hallam-Baker
- Re: HTML for email Keith Moore
- Re: HTML for email Phillip Hallam-Baker
- Re: HTML for email Keith Moore
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Phillip Hallam-Baker
- Re: [Gendispatch] Academia (Re: Diversity and Inc… Wes Hardaker