IETF Logo Mail Archive

Re: [OPSAWG] draft-ietf-opsawg-tacacs-?? overview of significant changes over the last year

Alan DeKok <aland@deployingradius.com> Fri, 20 April 2018 13:38 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDBF912751F for <opsawg@ietfa.amsl.com>; Fri, 20 Apr 2018 06:38:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jzZt4mFtg1dd for <opsawg@ietfa.amsl.com>; Fri, 20 Apr 2018 06:38:28 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id 97B69127136 for <opsawg@ietf.org>; Fri, 20 Apr 2018 06:38:28 -0700 (PDT)
Received: from [192.168.20.48] (CPEf4cc55220745-CM64777ddff610.cpe.net.cable.rogers.com [99.248.225.186]) by mail.networkradius.com (Postfix) with ESMTPSA id 3E88A198F; Fri, 20 Apr 2018 13:38:27 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <20180420112616.55FE416EDA@mta2.toshio.eu>
Date: Fri, 20 Apr 2018 09:38:26 -0400
Cc: Douglas Gash <dcmgash@cisco.com>, Thorsten Dahm <thorstendlux@google.com>, opsawg@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <A3EB12A3-99CE-4623-83A3-4FC17A73D511@deployingradius.com>
References: <20180418184951.0506116A73@mta2.toshio.eu> <057F06CD-875F-440F-9BF8-EBA3250F2AA5@deployingradius.com> <20180420112616.55FE416EDA@mta2.toshio.eu>
To: Andrej Ota <andrej@ota.si>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/01tFP7ruMhOcycl-hMSv3tGbrSg>
Subject: Re: [OPSAWG] draft-ietf-opsawg-tacacs-?? overview of significant changes over the last year
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2018 13:38:31 -0000

On Apr 20, 2018, at 7:26 AM, Andrej Ota <andrej@ota.si> wrote:
> On the topic of the current authorship acknowledgment:
> 
> We have added the acknowledgment in -08 in section 10 which currently (revision -10) reads:

  That's nice, thanks.

> I'm providing an explanation here. Please do not take it as an excuse but rather as what we see to be an honest and certainly not a flattering sequence of our choices. I hope to save others from repeating our mistakes in future.
> 
> We (the authors) have made a series of decisions immediately preceding -06 and following -06 which lead to breakdown in communication and generated significant frustration in others. The ones I'm aware of are:
> 1) We used the text you suggested verbatim in -06 without adding an attribution at the same time. This was a big negligence on our part. We thought this would show responsiveness by aggregating verbiage of others, but in this we neglected that any significant addition requires and equally significant acknowledgment.

  What I saw was no response by the authors to my message.  It doesn't really matter what else is going on, a simple message of "oops, we're sorry" shouldn't take a year to write.

  As for showing responsiveness, a simple 5-minute email would be best.  Ignoring multiple messages for a year demonstrates total unresponsiveness to the issue.

> 2) By the time of Scott's mail, we already committed ourselves to do more research into vulnerabilities to expand on what you already provided and for that reason we left the mail unanswered at the time.

  That's not a valid reason for failing to respond to my message.  I'm surprised that this would be presented as an excuse, to be honest.

  As for additional research, you have resources that have been ignored: the working group.  Perhaps there could be a *discussion* on the WG mailing list about the security issues?  A discussion that many people were requesting?  After all, that's what the WG is for.

  This attitude again shows a closed attitude towards the document.  The authors go off in private, do work, and update the document.  All without significant WG interaction.

  The worst part is that it's still clear you don't know *why* WG interaction is important.  Many years into the process, and after multiple messages telling you what to do, you still show a lack of awareness about it.

> 3) The work proved to be more time consuming than we expected and this was reflected in barely keeping up with expiration deadlines. There was only -07 in August and -08, the first version which included an attribution, last February.

  That's not true.  It acknowledged I had *reviewed* the document.  There was *no* acknowledgement that "Sections X through Y were written by Alan DeKok.

> Almost a full year after -06. I can only imagine how your frustration must have been growing as months were passing while we were completely unresponsive and acknowledgment nowhere to be seen. This was another big negligence on our part.

  It comes across like the document is a private document, and that the WG opinions and reviews are completely unimportant.

  If you can spend time researching things, you can spend time interacting with the WG.  Which is the whole purpose of a WG.

  The IETF doesn't (or shouldn't) rubber-stamp documents written in privacy.  Yet that has been the process so far.

> 6) In the meantime we neglected to update the WG with information on:
>   6.a) What work we were doing. This robbed the WG of the chance to set us on a better course of action.
>   6.b) What were the intermediate results of the work even if not yet captured in a draft update.
>   6.c) Overall progress of the work related to the draft between the sparse updates.
> 
> Even for this list I do not claim a perfect hindsight. If I missed more mistakes that we've made along the way, it would be good to repeat what it was even if it's probably frustrating to repeat what was already said or written.

  You were CC'd two days ago on my message saying I was OK with using the text, but wanted attribution.  Your response to that message apologized for misunderstanding my intent, that I didn't want the text used.

  That message could not have been more clear.  The charitable conclusion is that my message was simply not read.

  Which again shows the problem.

  There have been many promises over the years to "interact more with the WG".  It hasn't really happened.  I welcome it, if it happens.  But you've given me no reason to believe what you say.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email