[TLS]Re: Consensus call for RFC8773bis Formal Analysis Requirement

[Deirdre Connolly <durumcrustulum@gmail.com>]

> I think if this is truly a problem it is symptomatic to participation in
a working group as a whole and should be addressed across the board for
everyone.

I agree that it is a problem and should be addressed across the IETF.
Unfortunately we keep making changes to TLS 1.3 in the meantime, so. I was
talking to more than one cryptographer at CRYPTO this week who have sworn
off all participation in the IETF after the curve flamewares in the past,
etc

On Sun, Aug 25, 2024 at 4:51 PM Bob Beck <beck@obtuse.com> wrote:

>
>
> On Aug 25, 2024, at 13:56, Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
> wrote:
>
> 
>
> I am opposed. Anonymous email recommendations are not how the IETF
> operates.
>
>
> I would also count myself as opposed. While I understand and am
> sympathetic to a reviewer possibly not wanting to get deluged in email or
> opinions unrelated to the task at hand, I think if this is truly a problem
> it is symptomatic to participation in a working group as a whole and should
> be addressed across the board for everyone. Anonymous reviewers have a
> number of problems as Rich has pointed out.
>
>
>
> Attached below is a note I wrote a month ago to the Chairs.  None of the
> points written there – and MOST of them were a summary of WG discussion –
> were addressed.
>
>
>
>
>
>
> * From: *Rich Salz <rsalz@akamai.com>
> *Date: *Tuesday, July 30, 2024 at 1:49 PM
> *To: *"tls-chairs@ietf.org" <tls-chairs@ietf.org>
> *Subject: *Rethinking the formal analysis triage
>
>
>
> TLS Chairs,
>
>
>
> I wasn’t sure whether to send this to you or the entire WG. I let another
> person read this and they suggested the Chairs.  So here you go.
>
>
>
> I re-read all the messages in the archive [1] and re-watched the 119 and
> 120 segments on the triage panel.  I believe that, as currently set up, it
> is so flawed that it should be taken down and rebuilt from scratch.
>
>
>
> After the idea was proposed in March, the two most common feedback
> suggestions were
>
>     • Collaborate with UFMRG
>
>     • Make all communications open and on the mailing list
>
> Neither of these were done. In fact, there was no response from the Chairs
> on either point.
>
>
>
> From the beginning, the stated intent was the that one thing the panel
> would provide is an estimate of how much work any suggested analysis would
> take. The one review that was done so far did not include that, other than
> “feasible.”
>
>
>
> Many people have already commented that collating all responses is a bad
> idea. I want to add one point that I have not seen before: if a subset of
> the triage reviewers recommends analysis, the WG has no information about
> the qualifications of those making the recommendation and no way to
> evaluate how to accept it.
>
>
>
> This brings up a related point. Anonymous evaluations are against the very
> nature of the IETF. How can we assess the value of someone’s contributions
> when we don’t know who they are? Will “Reviewer 1” always be the same
> person? If the entire panel did not do a review, are WG members expected to
> treat all members as equally competent and qualified?
>
>
>
> The WG is strongly in favor of more formal analysis. The Chairs tried to
> do too much and failed. Start over, respond to the feedback you got from
> the WG, and pick something easier.
>
>
>
> [1]  https:/mailarchive.ietf.org/arch/browse/tls/?q=triage
>
>
>
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>