IETF Logo Mail Archive

Re: Diversity and Inclusiveness in the IETF

Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> Tue, 23 February 2021 12:41 UTC

Return-Path: <rifaat.s.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F7C13A2AA1; Tue, 23 Feb 2021 04:41:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XUkL3nUigeBU; Tue, 23 Feb 2021 04:40:58 -0800 (PST)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57A4E3A2AB2; Tue, 23 Feb 2021 04:40:57 -0800 (PST)
Received: by mail-lj1-x22c.google.com with SMTP id u4so17352258lja.3; Tue, 23 Feb 2021 04:40:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VNSni7m8/7EHuLLjlbIlpvcZcUzuXlOMHXPQB/AC7Yo=; b=jgMiWouP8qStV6KknVYcCmI7oXtIuMeRzYP7hBGfm06BY/z8w5pUOmcN8uJHmEAPLW dwzsG0jQ9ayfthwLgfeWH4PyxL3jSzh3eutVQssfMy5dIKVvOaAJizna9neSERzDId5D gV0F1kcGkW8ZNVAPvGYAIr79PrCjn5kVCOBzezRsx2QzNB3kvWBbbI/gR5mDumjbJ4a0 UHCNFbq7L16ScKBmvi6umwk2fmUMj77n6ezYP6MBFagtKRKJufoRCytZrQAZiUAN8MEE tazlG84lJWgQOr2c6FBUQezAqSrvGIU9kPANQOt42OgZlK0lgrSpUl/yr99Gkz88npIU IqRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VNSni7m8/7EHuLLjlbIlpvcZcUzuXlOMHXPQB/AC7Yo=; b=mHYiGgeiYTTKbtJgnm/XMh8o0CGUmBOmv0l/B7jOTeakRsgiaF9NOiJCiAZzLInKA3 5jaj674ZWmAJRcs7RloB1Bsf55N7ksXdgx0AzIRX+MWy3BGrKSlL/dNDu8fdunAmcFk4 74Sy71FWTrxzultGspHsAchtx3zc4X69GtFgiCHpaU3QrRZbNcHlIOeOhFH6w09h4VQI o24MTeTYacgFaGVqpeQuRBWQCTDH/ltzl+c8cyTpa3YmmFawxTLTqbK890nqqY62H5lZ DnDuklzOU1s1Nu9kF40i0n1i1ZtkFWziwawvy2n+/+QId8lqw8DktVSAdyPYw+foKVDj Ohpw==
X-Gm-Message-State: AOAM533I5fzxhiElVs2BVw1ytUAfsOFuDCUG7iz20wlE2tzEz+VjNLXp gam1O1JOazT0nCVl9h78PhtgphQe/ds1WO9VUx4=
X-Google-Smtp-Source: ABdhPJzc0GOKRsk2CSVRGaIvGWYTnvpiqLS5C+6UAZi/hafYV0au5EdBHSCHZdHUPRt4ljRznk71iyZ8h8v0oQLPKbY=
X-Received: by 2002:a05:651c:552:: with SMTP id q18mr17344543ljp.278.1614084055173; Tue, 23 Feb 2021 04:40:55 -0800 (PST)
MIME-Version: 1.0
References: <37eecb9b-f0eb-e21c-b162-b1f0339e4981@si6networks.com> <3c2d646d-f18d-4d88-b458-29dbd486432b@beta.fastmail.com> <AM0PR08MB371669108E9CEA561BEC9EF6FA809@AM0PR08MB3716.eurprd08.prod.outlook.com> <d6648437-332b-4668-a1c7-591f2c287539@dogfood.fastmail.com>
In-Reply-To: <d6648437-332b-4668-a1c7-591f2c287539@dogfood.fastmail.com>
From: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Date: Tue, 23 Feb 2021 07:40:43 -0500
Message-ID: <CADNypP8GKTY-Jhpb6AEfcpXOihwLap7OrrByNemGc2GNvZLeog@mail.gmail.com>
Subject: Re: Diversity and Inclusiveness in the IETF
To: Bron Gondwana <brong@fastmailteam.com>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "ietf@ietf.org" <ietf@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bf0e2a05bc003a16"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/ojeAR3GWqu2cvOwHqzrmPS0l-ts>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2021 12:41:00 -0000

So you have never reached out to us to try to bring any work to the WG, and
based on attending one meeting and hearing from a few people, you formed a
strong opinion and declared that "nothing would get done"? that seems odd.

For your information, last year we published 4 RFCs, and we already have 3
documents with the IESG and more to come.

If you have anything you want to bring to the OAuth WG, Hannes and I would
be happy to discuss this with you or anyone that wants to bring work to the
OAuth WG.

Regards,
 Rifaat



On Tue, Feb 23, 2021 at 6:52 AM Bron Gondwana <brong@fastmailteam.com>
wrote:

> Without wishing to litigate the entire issue here (happy to remove the
> wider IETF list and just talk on the OAuth group), we never brought any
> work to the OAuth group because everybody who we spoke to warned us that
> nothing would get done.
>
> There's a term "missing stair" https://en.wikipedia.org/wiki/Missing_stair
> which describes this phenomenon, where "everybody knows" something, but new
> participants are forced to discover it through either having someone tell
> them quietly, or just notice it for themselves.
>
> ...
>
> Just as an anecdote, the last time I bothered to attend an OAuth meeting
> in person I had this to say about it on our internal slack channel when
> asked:"they can't agree about what they don't agree on".
>
> The topic that had taken basically the entire meeting and had been totally
> unproductive - was a particular key in a JSON Web Token going to clash with
> a reserved word in either javascript itself or one of the other
> environments in which this token had to be evaluated.  There were people
> saying "this won't work, just rename the key" and others saying "I like
> this name and insist upon us keeping it".  No progress was made that day.
>
> In fact, here's the extract of my report on the OAuth meeting at IETF102
> (a detailed long email with pictures of poutine, icecream, and a report on
> every session I attended).  Names extracted to protect the others involved,
> but other text left exactly as it was, complete with typoes:
>
> *Thursday 19th: (Aug 2018)*
>
> *9:30am* OAUTH
> <https://datatracker.ietf.org/meeting/102/materials/agenda-102-oauth-03>:
> Fecking OAUTH as they say.  I came out of this saying "they can't even
> agree about what they don't agree on".  <Name redacted> says it was even
> worse in the past.  What a fustercluck.  Don't expect anything workwhile
> out of this group unfortunately.  <Other name redacted> and I were just
> looking at each other like WTF the entire time.
>
>
> Maybe it's become heaps better since then.  But I wouldn't want to have
> been a new participant trying to get anything done in that session.
>
> ...
>
> The authentication flow as originally put into JMAP (before it came to the
> IETF) can be seen in the initial draft here if you're interested:
>
> https://www.ietf.org/archive/id/draft-jenkins-jmap-00.txt
>
> But we decided in the interests of expediency to just drop it rather than
> trying to progress that work anywhere at the IETF.
>
> Regards,
>
> Bron.
>
> On Tue, Feb 23, 2021, at 22:00, Hannes Tschofenig wrote:
>
> Hi Bron,
>
>
>
> I have to respond to your statements about the OAuth working group below.
>
>
>
> While we do not pay attention to keeping the charter page up-to-date, we
> have been able to advance our documents, produce many implementations, and
> got those deployed all over the Internet.
>
>
>
> The bar for acceptance of new work varies among working group in the IETF.
> Some working groups develop technology that got widely deployed and hence
> randomly changing specs isn’t such a great idea because you have to
> consider the deployment situation as well. This is a situation many IETF
> working groups face. Reaching (widespread) deployment is great on one hand
> and a pain on the other.
>
>
>
> There are other groups, which are early in their lifecycle. In those
> groups you do not need to worry about deployments, backwards compatibility
> or even any source code.
>
>
>
> In general, Rifaat and I are always open for anyone in the IETF (and
> outside) to reach out to us, if they want to bring new work forward to the
> group. Sometimes proposed work fits into the group and sometimes it does
> not. The work on JOSE, for example, was put into a separate working group
> even though it was initially developed for use with JSON Web Tokens.
>
>
>
> I don’t recall having chatted with you or with someone from the JMAP
> community on the use of OAuth. Sorry if my memory does not serve me well
> today.  Typically, applications just use OAuth and therefore there is no
> need to reach out to the OAuth working group.
>
>
>
> Ciao
>
> Hannes
>
>
>
> *From:* ietf <ietf-bounces@ietf.org> *On Behalf Of * Bron Gondwana
> *Sent:* Tuesday, February 23, 2021 5:20 AM
> *To:* ietf@ietf.org
> *Subject:* Re: Diversity and Inclusiveness in the IETF
>
>
>
> Thanks Fernando,
>
>
>
> I would add to this document something about inertia, backwards
> compatibility and existing dysfunction.
>
>
>
> Many ideas are shut down because they aren't in the right place, or don't
> fit comfortably into the existing corpus of IETF documents.
>
>
>
> When we brought JMAP to the IETF it was after a long process of
> socialisation, and still there was significant work in the first couple of
> meetings just to convince people that "this is worth doing, the existing
> work the IETF has done in this neighborhood is not sufficient".
>
>
>
> JMAP also had an authentication scheme in it originally.  It was a good
> authentication scheme, but applications don't do authentication schemes,
> that's the bailiwick of OAUTH, where ideas go to die (in my experience,
> that working group has been dysfunctional for my entire time at IETF -
> exhibit 'A' being the "Milestones" section of the about page, which lists 6
> items all due in 2017)
>
>
>
> So we just removed all mention of authentication method and handwaved "the
> connection will be authenticated", because we wanted to publish something
> during the decade with years starting '201'.
>
>
>
> ... all that to say.  One of the biggest barriers to entry in the IETF is
> stumbling across an area in which no work is able to progress due to
> entrenched issues within that area.
>
>
>
> And I'm not arguing for "no barriers to entry", because there needs to be
> a sanity check that we're actually producing high quality specifications,
> and that our specifications are compatible with each other so the entirety
> of the IETF's work product is a coherent whole.  But it's hard to get
> started if you don't already have the connections to have your work
> sponsored by somebody who already knows their way around the IETF's
> idiosyncrasies.  I'm doing some of that sponsoring myself now for the
> people from tc39 who are trying to get the IETF to look at defining an
> extended datetime format.
>
>
>
> Cheers,
>
>
>
> Bron.
>
>
>
> On Tue, Feb 23, 2021, at 11:07, Fernando Gont wrote:
>
> Folks,
>
>
>
> We have submitted a new I-D, entitled "Diversity and Inclusiveness in
>
> the IETF".
>
>
>
> The I-D is available at:
>
> https://www.ietf.org/archive/id/draft-gont-diversity-analysis-00.txt
>
>
>
> We expect that our document be discussed in the gendispatch wg
>
> (https://datatracker.ietf.org/wg/gendispatch/about/). But given the
>
> breadth of the topic and possible views, we'll be glad to discuss it
>
> where necessary/applicable/desired.
>
>
>
> As explicitly noted in our I-D, we're probably only scratching the
>
> surface here -- but we believe that our document is probably a good
>
> start to discuss many aspects of diversity that deserve discussion.
>
>
>
> Thanks!
>
>
>
> Regards,
>
> --
>
> Fernando Gont
>
> SI6 Networks
>
> e-mail: fgont@si6networks.com
>
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
>   Bron Gondwana, CEO, Fastmail Pty Ltd
>
>   brong@fastmailteam.com
>
>
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>
>
> --
>   Bron Gondwana, CEO, Fastmail Pty Ltd
>   brong@fastmailteam.com
>
>
>

v2.23.0 | Report a Bug | By Email