[nfsv4] Some important history re bis effort

[David Noveck <davenoveck@gmail.com>]

When you previously said that you sent a review which I had ignored, I
scanned the wg list archive and got a better sense of the discussion over
the last few years:

   - I did not find any review from you about my documents at the time the
   interim meetings started, which I believe was July 2023.

If I have missed your review somehow, please let us know.  If there was
such a review, the issues it raises would need to be addressed now, if they
have not been addressed before.


   - I did find some mail that is relevant to the history of the adoption
   process for the security document. This is of particular interest given the
   need to resolve the adoption question for the security document.

The only relevant material I wound up  finding was some mail about my
documents that you sent in October 2022 and my responses to that mail.  If
that was what you were alluding to, then that clears up some of the mystery
here, although I'm still unclear about some things.  Although I  still
haven't found any of your mail that I ignored, perhaps my responses did not
satisfactorily address the matter from your point of view.  If so, we need
to address any lingering issues as part of the forthcoming adoption call
for the security document that Chris has undertaken to begin at IETF120 or
before.

The mail in question concerned an adoption call for the security document
that began in October 2022.   Although the document was not adopted, we
never got a clear explanation about why.  Since I had responded to your
comments and there were no specific issues that I could address, the
adoption issue was never satisfactorily addressed and we will have to
resume our discussion as part of the new adoption call for the security
document that Chris intends to start soon.

In your mails, you raised two issues  regarding prospective document
adoption.   Instead of trying to navigate a forest of greater-than signs,
let me summarize them and my responses below:

   - You felt my document somehow forced existing implementations to change
   and that it was inappropriate for  it to do so.

My response was that the document was carefully written to not require
changes in existing implementations and that I had seen no specifics
regarding the claim that this was not the case.  The document allowed
existing practices to continue while not pretending, as previous
specifications had, that this had no negative consequences


As I received no specifics in response, I considered the matter closed,
although your view of the situation might be different.


   - You pointed to a lack of implementation experience with the favored
   approach to avoiding the negative security consequences of using AUTH_SYS
   in the clear.

At that time, work in this area was starting, although Rick reported on his
work in some mail sent about that time. Nevertheless, I felt that making
document adoption contingent on further implementation would be an
unnecessary obstacle and that the working group, having put effort into
making rpc-with-tls a Proposed Standard, did not really have the option of
sticking with the existing insecure approach to security.

In any case, the working group did not have a discussion of this matter at
the time as it might have had if the chairs had followed up on the adoption
call with a summary of the discussion.  As things turned out, Brian was not
able to do that at the time and the issue was never handed over to Chris
when he became a co-chair soon thereafter.


If this issue is still relevant, 21 months later,  the implementation
situation would be different and there is little reason for the group to
wait for further implementation efforts  before adoption.


If you feel that my summary is not accurate or needs supplementation,
please send any necessary corrections/clarifications to wg list.

If people think these issues still need to be discussed, we can do so as
part of the adoption  call, if they have not been resolved before then.