Re: [kitten] Proposal for tracking document reviews and skipping WGLC

Jeffrey Altman <> Tue, 21 June 2016 16:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E1CA412D9E9 for <>; Tue, 21 Jun 2016 09:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uwcjyQAgHzJN for <>; Tue, 21 Jun 2016 09:05:44 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 91C1612D9C7 for <>; Tue, 21 Jun 2016 09:05:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; s=MDaemon; t=1466525111; x=1467129911;; q=dns/txt; h=VBR-Info:Subject:To: References:From:Openpgp:Organization:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type; bh=beuqRkgtk2P/pEtBgYU4oa blstlVD84o72LB968rtRs=; b=LQ8WSa2JO4jn13D0v+avvdArGVCCV2ez/mkOS+ 6hKVbs/IZH31InQLjwpCbWfw5fT8KP7UNAr0HWGMfCS+re7YUwjRg1yXasmiz+6q FJ9b8VaE3+MK4xMsfmlHixQEFlReKB7PORhmkh/emEkn2GbureDLJN8aZKdbPua6 hSLPU=
X-MDAV-Result: clean
X-MDAV-Processed:, Tue, 21 Jun 2016 12:05:11 -0400
X-Spam-Processed:, Tue, 21 Jun 2016 12:05:09 -0400
Received: from [x.x.x.x] by (Cipher TLSv1:AES-SHA:256) (MDaemon PRO v16.0.2) with ESMTPSA id md50001106672.msg for <>; Tue, 21 Jun 2016 12:05:09 -0400
VBR-Info:; mc=all;;
X-MDArrival-Date: Tue, 21 Jun 2016 12:05:09 -0400
To: Stephen Farrell <>,
References: <> <>
From: Jeffrey Altman <>
Openpgp: id=FA444AF197F449B24CF3E699F77A735592B69A04; url=
Organization: Secure Endpoints Inc.
Message-ID: <>
Date: Tue, 21 Jun 2016 12:05:05 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms090907090305010903090602"
Archived-At: <>
Subject: Re: [kitten] Proposal for tracking document reviews and skipping WGLC
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 21 Jun 2016 16:05:46 -0000

On 6/21/2016 5:03 AM, Stephen Farrell wrote:
> Just for the record: I think this is a fine thing to try
> for a while, and thanks to the chairs for being willing.
> I hope the WG are also willing to give it a shot as I figure
> we need to make IETF stuff easier for WGs like kitten that
> maintain important protocols through what will sometimes
> be relatively "low energy" periods.
> S.


I will point out that even when documents complete WGLC they do not
necessarily move forward.  For example,

which has been waiting for a write-up for five months.  This is a
document that not only passed WGLC but has two independent interoperable
implementations blocked waiting for assignment of ETYPE and SUMTYPE
values by IANA.

As a former Kitten chair, the lack of available resources to work on
protocol design, documents, and implementations is not new.  The
GSS/Kerberos community has suffered with resource starvation for
decades.  Although GSS, Kerberos and other authentication technologies
are critical to the functioning of non-web network communications there
has never been sufficient funding available to complete even 10% of the
work that needs to be accomplished.  This is a key factor in the time it
takes to get things done.

When the WG Chairs and key participants are not funded to work on
GSS/Kerberos it is very hard for them to prioritize the work.  In the
end, none of us are independently wealthy and few of participant's
employers pay the participants for this work.

As someone who funded one of the independent implementations of

I can tell you that there is little incentive for me to spend those
funds in the future if it is going to take 9 months to a year post the
expenditure to see the benefits.

It makes me appreciate why a company like Microsoft might decide to stop
investing in core GSS/Kerberos and instead layer additional complexity
on top of what is already standardized.  The current development work
cycle is well under a year.  If we can't standardize a protocol
extension in six months it won't be possible to ship products that
utilize the functionality.

While tooling might help, the underlying issue is lack of qualified
developer and reviewer time.  In the end, like anything else, that is
going to have to be paid for by someone.

Thanks for listening.

Jeffrey Altman