[TLS] Re: Complaint to chairs regarding false claim of consensus to issue an RFC for draft-ietf-tls-mldsa

[Jacob Appelbaum <jacob@appelbaum.net>]

Hello Paul,

On 5/5/26 20:14, Paul Wouters wrote:
> On Tue, 5 May 2026, Jacob Appelbaum wrote:
> 
> 
>> Hello Paul,
> 
> The below is fairly long message where you reason that the onus is 
> on the IETF rejecting its core principles in favour of a single 
> individual not playing along with the core principles, where in fact 
> the least friction solution is not for the IETF to ignore or change 
> it rules, but for that participant to simply remove its bogus 
> Derivative Clause.

No, that is not my argument, and it is not an accurate characterization
of what I wrote.

Reducing the objections of around a dozen people to one individual is
not a reasonable characterization of the situation. And given that this
kind of moderation is itself relatively new, I do not think "core
principles" can simply be assumed in the way you suggest here.

When moderation affects a complaint about moderation during a live
consensus process, the burden is on the process owners to act promptly
and transparently, regardless of the separate dispute you want to
foreground. This is thankless work, to be sure, but declaring
"consensus" without a visible explanation for the unresolved objections
and requests for clarification is not persuasive.

> You are blaming the messenger and the receiver, instead of talking 
> to the entity causing what you deem to be a major issue.

I am not blaming the messenger. Part of my objection is that there was
no message and there has been very little transparency about the
handling of the matter.

> Have you talked to them on why their derivative clause is more 
> important than your grave concerns that this author's discussion 
> points are not being heard by the TLS WG?

They were directly CC'd on the email in question. Have I missed a reply?

The derivative-rights dispute and the moderation issue are distinct.
Both are also distinct from the consensus call itself.

Even if one assumes the disclaimer language is improper, it does not
follow that a complaint about moderation, or a complaint about
consensus, should simply disappear into moderation without any
acknowledgement during WGLC.

Stephen requested clarification about consensus and explicitly
questioned whether rough consensus had been reached. Do you see that
reasonable request being addressed? I do not. Did I miss a message? If
so, I would welcome a link to the email that I missed.

> 
> I have nothing further to say on this (somewhat off)topic, so I'll 
> step back again to prevent further noise from distracting from the 
> on-topi discussions.
> 
> Paul

Understood. Thank you for taking the time to reply to emails that you 
deem as fairly long.

The process point remains: the moderation complaint was not
promptly acknowledged or posted, and there was no visible response to
the consensus concerns that were raised, including about the
consensus call itself.

In terms of IETF core principles, rough consensus is among the most
important. I do not see evidence here that the underlying rough
consensus concerns have been resolved or that the principle is being
honored here. I see unresolved objections, requests for clarification,
and a continued shift away from the process and results questions raised
by roughly a dozen people.

Kind regards,
Jacob Appelbaum

>> On 5/5/26 16:35, Paul Wouters wrote:
>>> On Mon, 4 May 2026, Jacob Appelbaum wrote:
>>> 
>>>> I am even more surprised that your complaint hasn't been 
>>>> acknowledged, nor has it been released from list moderation in 
>>>> the ~ five days since you sent it.
>>> 
>>> Based on your quoted message, it seems djb once again added this
>>> erroneous and misleading disclaimer to the message. So I am
>>> surprised you are surprised.
>> 
>> It is a choice of when and how to enforce rules, and that 
>> enforcement can fairly be perceived as having a problematic 
>> appearance.
>> 
>>> Also, note that you violated DJB's "no derivative" clause when 
>>> your mail client modified djb's content when republishing it.
>> 
>> My legal counsel disagrees; but thank you for your perspective and 
>> your concern.
>> 
>>> You should also not be the delivery vehicle for djb's moderated 
>>> messages by quoting his message verbatim in a list reply as
>>> this also contains djb's bogus "no derivative" clauses that
>>> violate RFC5387.
>> 
>> This is beside the point.
>> 
>> My point was not to endorse any disclaimer language. My point was 
>> that a complaint about moderation of dissent in an active WGLC 
>> appears to have been left unacknowledged and unposted for days. 
>> That is a process issue regardless of anyone's views on 
>> derivative- rights language.
>> 
>>> 
>>> https://datatracker.ietf.org/doc/rfc5387/
>> 
>> I assume you meant RFC 5378, not RFC 5387 ("Problem and 
>> Applicability Statement for Better-Than-Nothing Security (BTNS) 
>> RFC 5387").
>> 
>>> 
>>> For an enourmously detailed response of the IETF community to 
>>> djb, see:
>>> 
>>> https://datatracker.ietf.org/group/iesg/appeals/artifact/232 
>>> https:// datatracker.ietf.org/group/iesg/appeals/artifact/220 
>>> https:// datatracker.ietf.org/group/iesg/appeals/artifact/129 
>>> https:// datatracker.ietf.org/doc/statement-iesg-statement-on- 
>>> clarifying- derivative-works-rights/ https:// 
>>> datatracker.ietf.org/group/iab/ appeals/artifact/229 https:// 
>>> datatracker.ietf.org/group/iab/appeals/ artifact/228 https:// 
>>> datatracker.ietf.org/group/iab/appeals/ artifact/140
>> 
>> Those older disputes do not answer the narrower point I raised 
>> here.
>> 
>> Note that there isn't unanimity that the IESG has primacy over 
>> BCPs, RFCs, etc., as Simon and Rob have discussed as recently as 
>> today on the ietf list:
>> 
>> - https://mailarchive.ietf.org/arch/msg/ 
>> ietf/1hzXylWOjyrwErIKO67uE2P5cno/
>> 
>> Moderating a complaint about list moderation during and directly 
>> after a live consensus process remains a serious matter.
>> 
>>>> Moderating your complaint seems plainly and directly related 
>>>> to your views on hybrid cryptography, and to the views of 
>>>> others who were ignored in the consensus call.
>>> 
>>> It does not. Simply read the above links for context instead of 
>>> jumping to conclusions of ill intend of the TLS WG.
>> 
>> Intent is not the issue; results are the point. Intent is often 
>> hard to establish, but the result here is directly observable.
>> 
>>> 
>>> I'm not responding to the rest of the message, as it is 
>>> responding to quoted text from a message that contains bogus and 
>>> misleading derivative rights statements. If that message is 
>>> posted by the original author without such restrictions, it can 
>>> be discussed on its merit.
>>> 
>>> Paul
>> 
>> That is your choice, and it does not resolve the underlying 
>> concern. Consensus was not reached, and delaying the message 
>> further suppresses dissent while again placing the burden on those 
>> who raised unresolved concerns.
>> 
>> If the TLS WG wants to show that moderation here was unrelated to 
>> the substance of the complaint, the straightforward way to do that 
>> is to acknowledge the complaint and release it, or clearly explain 
>> the basis for not doing so.
>> 
>> Kind regards, Jacob Appelbaum
>>