IETF Logo Mail Archive

[TLS] Re: Complaint to chairs regarding false claim of consensus to issue an RFC for draft-ietf-tls-mldsa

Paul Wouters <paul@nohats.ca> Tue, 05 May 2026 18:14 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BC803E96B6C5 for <tls@mail2.ietf.org>; Tue, 5 May 2026 11:14:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1778004851; bh=05zbVz05INiDyEqzEpiWnCgZDzODASRlZ2V0705baWg=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=AQjyxcJnG9O4onQM6JAIErKE/RJ5uxrw1YVucS5CSuMZatyELjjSYO9RZDfJvtBf6 CA2NgEu7jO+BIE6gQHGdBRny2CayPCdgnDVioLjwVTkaINXVu4e442n8doZATEa9Kr eW+q4x5psgoS4k2nD1gkviyw7hHpXvz8rwr7MrwY=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JLKhLUp6QsfF for <tls@mail2.ietf.org>; Tue, 5 May 2026 11:14:11 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id DF54AE96B6C0 for <tls@ietf.org>; Tue, 5 May 2026 11:14:10 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4g968y12vsz297; Tue, 5 May 2026 20:14:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1778004850; bh=Y5LOgWdSKWkesA1fV8LpGHjTUviscyZpC8sZ6+JXl0Y=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=qsv+20Dv177BiFGCU2BJfTIy1ULIE+ti1JlVPQ5quDQFOSOlqNxBxjZn92wRcOmhm ZdWKXvdhc5j4QR3JVaF1EV67tb6D+3yzn++h8CMdVAu4YkXmnNLvCOjIkUyq8x6GVz fjdzR4Sk1ZUckJl4vjipss8HkJuDf850LUhnxZcY=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id SNDqDGA7bTAe; Tue, 5 May 2026 20:14:08 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 5 May 2026 20:14:08 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id C02C018E80E0; Tue, 05 May 2026 14:14:07 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id BC45518E80DF; Tue, 05 May 2026 14:14:07 -0400 (EDT)
Date: Tue, 05 May 2026 14:14:07 -0400
From: Paul Wouters <paul@nohats.ca>
To: Jacob Appelbaum <jacob@appelbaum.net>
In-Reply-To: <12ab8d7f-3399-4fab-bce9-6276b783a666@appelbaum.net>
Message-ID: <d290036a-a8d8-ef8a-74e5-78274ea66f44@nohats.ca>
References: <20260429044928.2398455.qmail@cr.yp.to> <97642d33-2e18-4742-97c5-d2a98f4f30fd@appelbaum.net> <03fc87ad-9776-947a-c2c4-c2c7c14df9e4@nohats.ca> <12ab8d7f-3399-4fab-bce9-6276b783a666@appelbaum.net>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Message-ID-Hash: 66XIH2FVSUNR2ZLH45HMIPCRYURMB6K4
X-Message-ID-Hash: 66XIH2FVSUNR2ZLH45HMIPCRYURMB6K4
X-MailFrom: paul@nohats.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dstainton415@gmail.com, Fabiana.DA-PIEVE@ec.europa.eu, ludovic.perret@epita.fr, nic.tuv@gmail.com, tanja@hyperelliptic.org, thomas.bellebaum@aisec.fraunhofer.de, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Complaint to chairs regarding false claim of consensus to issue an RFC for draft-ietf-tls-mldsa
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Mxlmf3oIdLfsbxPjqzCSlnQilV8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Tue, 5 May 2026, Jacob Appelbaum wrote:


> Hello Paul,

The below is fairly long message where you reason that the onus is on
the IETF rejecting its core principles in favour of a single individual
not playing along with the core principles, where in fact the least
friction solution is not for the IETF to ignore or change it rules, but
for that participant to simply remove its bogus Derivative Clause.

You are blaming the messenger and the receiver, instead of talking to the
entity causing what you deem to be a major issue. Have you talked to them
on why their derivative clause is more important than your grave concerns
that this author's discussion points are not being heard by the TLS WG?

I have nothing further to say on this (somewhat off)topic, so I'll step
back again to prevent further noise from distracting from the on-topi
discussions.

Paul

> On 5/5/26 16:35, Paul Wouters wrote:
>>  On Mon, 4 May 2026, Jacob Appelbaum wrote:
>>
>>>  I am even more surprised that your complaint hasn't been
>>>  acknowledged, nor has it been released from list moderation in the
>>> ~ five days since you sent it.
>>
>>  Based on your quoted message, it seems djb once again added this erroneous
>>  and misleading disclaimer to the message. So I am
>>  surprised you are surprised.
>
> It is a choice of when and how to enforce rules, and that enforcement
> can fairly be perceived as having a problematic appearance.
>
>>  Also, note that you violated DJB's "no derivative" clause when your
>>  mail client modified djb's content when republishing it.
>
> My legal counsel disagrees; but thank you for your perspective and your
> concern.
>
>>  You should also not be the delivery vehicle for djb's moderated messages
>>  by quoting his message verbatim in a list reply as this
>>  also contains djb's bogus "no derivative" clauses that violate
>>  RFC5387.
>
> This is beside the point.
>
> My point was not to endorse any disclaimer language. My point was that a
> complaint about moderation of dissent in an active WGLC appears to have
> been left unacknowledged and unposted for days. That is a process issue
> regardless of anyone's views on derivative-rights language.
>
>>
>>  https://datatracker.ietf.org/doc/rfc5387/
>
> I assume you meant RFC 5378, not RFC 5387 ("Problem and Applicability 
> Statement for Better-Than-Nothing Security (BTNS) RFC 5387").
>
>>
>>  For an enourmously detailed response of the IETF community to djb,
>>  see:
>>
>>  https://datatracker.ietf.org/group/iesg/appeals/artifact/232 https://
>>  datatracker.ietf.org/group/iesg/appeals/artifact/220 https://
>>  datatracker.ietf.org/group/iesg/appeals/artifact/129 https://
>>  datatracker.ietf.org/doc/statement-iesg-statement-on-clarifying-
>>  derivative-works-rights/ https://datatracker.ietf.org/group/iab/
>>  appeals/artifact/229 https://datatracker.ietf.org/group/iab/appeals/
>>  artifact/228 https://datatracker.ietf.org/group/iab/appeals/
>>  artifact/140
>
> Those older disputes do not answer the narrower point I raised here.
>
> Note that there isn't unanimity that the IESG has primacy over BCPs, RFCs, 
> etc., as Simon and Rob have discussed as recently as today on the ietf list:
>
> - https://mailarchive.ietf.org/arch/msg/ietf/1hzXylWOjyrwErIKO67uE2P5cno/
>
> Moderating a complaint about list moderation during and directly after a live 
> consensus process remains a serious matter.
>
>>>  Moderating your complaint seems plainly and directly related to
>>>  your views on hybrid cryptography, and to the views of others who
>>>  were ignored in the consensus call.
>>
>>  It does not. Simply read the above links for context instead of jumping to
>>  conclusions of ill intend of the TLS WG.
>
> Intent is not the issue; results are the point. Intent is often hard to
> establish, but the result here is directly observable.
>
>>
>>  I'm not responding to the rest of the message, as it is responding
>>  to quoted text from a message that contains bogus and misleading
>>  derivative rights statements. If that message is posted by the
>>  original author without such restrictions, it can be discussed on
>>  its merit.
>>
>>  Paul
>
> That is your choice, and it does not resolve the underlying concern.
> Consensus was not reached, and delaying the message further suppresses
> dissent while again placing the burden on those who raised unresolved
> concerns.
>
> If the TLS WG wants to show that moderation here was unrelated to the
> substance of the complaint, the straightforward way to do that is to
> acknowledge the complaint and release it, or clearly explain the basis
> for not doing so.
>
> Kind regards,
> Jacob Appelbaum
>

v2.43.4 | Report a Bug | By Email | System Status