IETF Logo Mail Archive

RE: Backdoor standards?

Larry Masinter <LMM@acm.org> Thu, 13 January 2022 00:44 UTC

Return-Path: <masinter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D66A33A0657 for <ietf@ietfa.amsl.com>; Wed, 12 Jan 2022 16:44:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m0y9nUPDBRY3 for <ietf@ietfa.amsl.com>; Wed, 12 Jan 2022 16:44:03 -0800 (PST)
Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B036B3A0650 for <ietf@ietf.org>; Wed, 12 Jan 2022 16:44:03 -0800 (PST)
Received: by mail-pl1-x62b.google.com with SMTP id t18so7073139plg.9 for <ietf@ietf.org>; Wed, 12 Jan 2022 16:44:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=e3BpIicyaDveFy9sLOba70DaKX9ILlRfsVc9a2QaLpw=; b=Q0831COs7xeLVwPCLq7Trxnl1ZTgFxwkWqB9HgT9ccdt3KyJTsdx+qe+mBbCXpXVFX 2XtKF7VtzPEazbPMxKxd0Sf/2PIVIvUUxS9fSw/Hks5b5sgtdRMSjnn+Vep91Kn7zG/d Vmyf8w2AQEPPdsvjORzSQWwttFL+1qHJH2qPxrTp9L/A1Ig2o4G8IKb7sqqOoUq6Z5TS mAzSdQET1i6NyrRbDKMq4O2tUGQjawF+mwulz8cnjLYbqzYa6fpVFbg+FePqeUe9SG6c msbzOf7mwJx2X2rcDGW5nxm49lHf2g+RjieePZh6n9lGJeMANI5+zmvuVkH7WBiY/Qb8 soxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:references:in-reply-to:subject :date:message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=e3BpIicyaDveFy9sLOba70DaKX9ILlRfsVc9a2QaLpw=; b=HUA+LoZt73HOuRMHepCRiwDjRVJLutdsviztT3j2xalmyAxaWCL7wCUYftaHfkatMO QcWx9BwqoQbWdDpU7TmozL6DlsdYuv6W2PHQrGjU+7rR7Kwz0T0GlLYl5n+VMdn1GLFq WLlCYY5faw0IDsvUcjcX9BRv6U1S1WeccdNwny3zMGQ7ZBg3EV6NXo2TJY0YKKJZpL/I 4+SdrHoOAWX9pp/8TEPY2vDWNVezjROcORxx1SO8SIC5hlAtfzpMk9dY0Dq61/qOz0eQ 3EtJRrk6KAfvPEX301PvboxaGyW9+c/DkZiPNWwUnLxRiZK8igmUDOhE3KVuPCNzVWfB QYvA==
X-Gm-Message-State: AOAM530EJ9JMmPpZr2Q5BkTiPKDHJwaEklr6/NETitWMNUmjVg7Gu5R+ I2ErEhK3klmaO4yNIQFvXpdgAV2JEJM=
X-Google-Smtp-Source: ABdhPJxu3G4Gh3Gost0Vm7cZGnoevsN8zBipEq08pazEKM2fBKYAj0mNgQxzuwC0rRjwTvlkI0TWcQ==
X-Received: by 2002:a17:90b:4b41:: with SMTP id mi1mr12074331pjb.213.1642034641194; Wed, 12 Jan 2022 16:44:01 -0800 (PST)
Received: from TVPC (c-73-158-116-21.hsd1.ca.comcast.net. [73.158.116.21]) by smtp.gmail.com with ESMTPSA id a17sm6670376pjh.11.2022.01.12.16.44.00 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jan 2022 16:44:00 -0800 (PST)
Sender: Larry Masinter <masinter@gmail.com>
From: Larry Masinter <LMM@acm.org>
X-Google-Original-From: "Larry Masinter" <lmm@acm.org>
To: ietf@ietf.org
Cc: 'John Kunze' <jak@ucop.edu>
References: <85191ed3-5fc1-67da-888a-8af7bf9064f8@comcast.net> <39E40B7D-0E51-41A9-A8A3-026A0013F032@sobco.com> <9C232BA5452C4F0F9DD26674@PSB>
In-Reply-To: <9C232BA5452C4F0F9DD26674@PSB>
Subject: RE: Backdoor standards?
Date: Wed, 12 Jan 2022 16:44:00 -0800
Message-ID: <003701d80816$a85ab810$f9102830$@acm.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIxE2l9Ft3n6ACF0LRjKqHKrVbgfgJCAkGgAj6bY1yrifTsYA==
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/yF5_y94PrIDSbFOi4sz2jpvK-_I>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jan 2022 00:44:08 -0000

draft-masinter-dated-uri-00.txt

only has 8 versions but was produced as a response.

It's useful to have a stable reference to the concepts -- so I and others
can cite it.
But more of a thought experiment than a technical proposal that I care that
people implement one way or another.

* Anything you can describe, you can have a URL for! 
* No, it isn't hard to give everyone permanent unique IDs by adding a short
date to temporarily unique IDs.
* No other distinguishing metadata is as good as a date.

Why bother the RFC editor?  

If there is some kind of abuse you are aiming to quell, some examples might
be helpful.
--
https://LarryMasinter.net https://interlisp.org

> -----Original Message-----
> From: ietf <ietf-bounces@ietf.org> On Behalf Of John C Klensin
> Sent: Wednesday, January 12, 2022 3:11 PM
> To: Scott O. Bradner <sob@sobco.com>; Mike StJohns
> <mstjohns@comcast.net>; Fred Baker <fredbaker.ietf@gmail.com>
> Cc: John Kunze <jakkbl@gmail.com>; ietf@ietf.org
> Subject: Re: Backdoor standards?
> 
> Mike,
> 
> First, to what Scott and Fred said, yes.
> 
> Prior to when we made them readily available after the nominal six months,
> they were still available to anyone who showed up with a subpoena or, IIR,
a
> small wad of cash to cover presumed Secretariat expenses to dig them out,
> but my recollection (which Scott can probably confirm and recalibrate) is
that
> just became too much trouble... for us and the Secretariat, not (just) the
> lawyers.
> 
> Partially for the reasons you identify (which may not apply to this draft
-- see
> below) I've wondered whether we could make drafts moderately easy for
> the lawyers to identify and find but destabilize URLs pointing to them.
For
> example, instead of having expired drafts with stable URLs, we could move
> them to this-year.datatracker.ietf.org, then move then again to last-
> year.datatracker.ietf.org, and so on, maybe making them still possible to
find
> via the Data Tracker, but making stable references to the URLs impossible
> and getting to them a bit difficult or annoying, but not terribly so.  Or,
as a
> different example, we could get rid of the equivalent to a stable
> https://datatracker.ietf.org/doc/draft-whatever-whateverElse/
> and, after six months, change the file names to draft-screech-whatever and
> set the tracker up so that, instead of supplying a clickable-URL, we
simply
> supplied the equivalent of "screech-whatever" as text and made people
> copy that string and paste it in somewhere.  The obvious question is
whether
> the tooling to support such a scheme would be worth the trouble.
> My impression is that, in the past, the answer has been "no"
> but, as we review and rewrite various tools, that decision may be worth
> reviewing.
> 
> That said, this document, however evolved, may be a poor example of your
> concern.  We do so say (see the first paragraph of
> https://www.ietf.org/standards/ids/ ) "Other groups may also distribute
> working documents as Internet-Drafts." so we are explicitly authorizing
the
> behavior with which you are concerned.  And John Kunze (copied) is a long-
> time and very constructive IETF participant -- see RFCs including 1625,
1736,
> 2056, 2413, 2731, 5013, 5791, 8493, and 8574 -- who perfectly
> well knows what the rules are.    If I had to make a somewhat
> educated guess (I hope he will confirm or correct as needed), what is
going
> on is exactly what the Abstract says is going on, i.e., that this is a
gradually
> developing and evolving spec in a different group (remember, we said such
> groups could use I-Ds for that purpose), that it is valuable to both them
and
> us to have the IETF community be aware of the work, and, I hope that, when
> it is stable, they will either bring it to us for standardization or bring
a stable
> and approved version to the IETF or ISE for informational publication as a
> standard from another SDO.
> 
> The ARK Identifier scheme is another variation on the idea, mentioned in
RFC
> 3986, of document identifiers/ names rather than locators.  I think or at
least
> hope, that we gave up on the "one name system to rule them all" theme.
> More familiar variations on that theme (with different design assumptions
> and success criteria) are URNs (RFC 8141) and DOIs.
> 
> John (Kunze), anything to add?
> 
> best,
>    john (klensin)
> 
> 
> 
> 
> --On Wednesday, January 12, 2022 13:24 -0800 Fred Baker
> <fredbaker.ietf@gmail.com> wrote:
> 
> > The primary reason that drafts remain available after six months is,
> > I'm told, that lawyers want to be able to look up IPR. I suspect that
> > your suggestion, which I otherwise support, would run afoul of that.
> > What might be good would be to describe a mechanism that would allow
> > the draft to vanish in six months but somehow remain available to an
> > IPR search.
> 
> 
> --On Wednesday, January 12, 2022 16:20 -0500 "Scott O. Bradner"
> <sob@sobco.com> wrote:
> 
> > leave it be
> >
> > having the old versions accessible is very useful for IPR disputes
> >
> > and I'm not sure we could write a ruleset that said no 3rd party
> > standards repository that would not impact our own work
> >
> > Scott
> >
> >> On Jan 12, 2022, at 4:12 PM, Michael StJohns <mstjohns@comcast.net>
> >> wrote:
> >>
> >> Hi -
> >> I got curious when I saw a draft being published with a version
> >> number of -33 -
> >> https://datatracker.ietf.org/doc/html/draft-kunze-ark-33.  I got even
> >> more curious when I noticed that -00 of that ID had been uploaded
> >> back in 2001.  So I read the intro in the -33 version and found this:
> >>
> >>
> >>
> >>> This is a transitional draft.  The ARK Alliance Technical Working
> >>> Group ( https://wiki.lyrasis
> >>> .org/display/ARKs/Technical+Working+Group)
> >>>    is in the process of revising the ARK spec via a series
> >>>    of Internet- Drafts.  While the spec is in transition,
> >>>    new implementors should follow
> >>> https://datatracker.ietf.org/doc/html/draft-kunze-ark-18.
> >>
> >>  -18 having been uploaded in 2013.
> >> I'm not sure there's anything that can or should be done, but IDs are
> >> supposed to be transient documents that either go away or lead to an
> >> RFC.  Looking at the update history for this document, I'm pretty
> >> sure the draft system has been co-opted to be a standards repository
> >> for this specification.
> >> AFAICT, this draft has never been submitted - in 20 years! - to any
> >> RFC stream for publication and that's at least a violation of the
> >> spirit of the ID system.  I.e. a violation
> >> of:
> >>
> >>
> >>> It is inappropriate to use Internet-Drafts as reference
> >>>    material or to cite them other than as "work in progress.
> >>>
> >>
> >> Perhaps we may want to think about making URL references to previous
> >> (or long expired) versions quite a bit less stable to avoid gaming of
> >> the system like this?  Or prohibit updates of draft chains once a
> >> draft has been expired for a year?
> >>
> >> Or leave it be?
> >>
> >> Mike
> >>
> >>
> >>
> >>
> >
>

v2.23.0 | Report a Bug | By Email