[TLS] Re: Third Last Call: draft-housley-tls-authz-extns

I cannot post to the IETF list (because of prior misconduct by Housley
and others regarding my previous complaints of failures to file IPR
disclosures on other drafts). I would appreciate it if someone would
repost this to the ietf list.

---------- Forwarded message ----------
Date: Fri, 21 Sep 2007 15:04:56 -0400 (EDT)
From: Dean Anderson <dean@av8.com>
To: Tim Polk <tim.polk@nist.gov>
Cc: Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: future of tls-authz

I have cc'd Sam Hartman on this so that he can comment on the assert by
Tim Polk that Hartman believes the technical content merits publication.

On Fri, 21 Sep 2007, Tim Polk wrote:

> 
> On Sep 20, 2007, at 6:33 PM, Dean Anderson wrote:
> 
> > On Wed, 19 Sep 2007, Tim Polk wrote:
> >
> >> Dean,
> >>
> >> On Sep 18, 2007, at 5:28 PM, Dean Anderson wrote:
> >>
> >>> It looks like you already picked a strategy; The datatracker shows
> >>> that last Monday you changed the status to Experimental, Publication
> >>> Requested.
> >>>
> >>
> >> You will also find a number of other documents in the same state.
> >> Some of them will be progressed, and some probably will not.  As I
> >> stated in my original message, I believe that Experimental  
> >> publication
> >> is appropriate for this document.
> >
> > I thought that was just one option you were considering.
> >
> 
> I think my original email was clear wrt my intentions, and the rationale
> for doing so.  I was asking for guidance on process.  You chose not to
> provide any input.

Not so. You took action before I could respond. While you reported you
were waiting until 9/13 for my input, you acted on 9/10. That doesn't
seem quite straight.

I trust there will have been no decisions or discussions relevant to
Redphone Security that will have been affected by your unilateral and
surprising action on September 10th.

> >>> Since there is no community consensus supporting this document in
> >>> either the TLS working group or in the larger IETF, how do you
> >>> plan to show that there is an ISOC/IETF interest in advancing this
> >>> draft? You do know that anything you do has to be in the interest
> >>> of the IETF.  Since there is no consensus supporting this
> >>> document, it is difficult to see that the ISOC IETF Activity has
> >>> an objective interest in promoting the patented standard,
> >>> especially in light of the prior misconduct.
> >>>
> >>
> >> I agree that consensus does not exist for standards track
> >> publication.
> >
> > I haven't seen any consensus for any kind of publication.
> >
> 
> The community has not been asked about publication as Experimental  
> Track.

They were asked if they support the document.  People said they didn't
support the patented protocol.  Your motion does not address any 
objection that if addressed, would create consensus supporting the 
document.

> >> That is why I am leaning towards yet another Last Call, to determine
> >> if consensus exists for progression as an Experimental RFC.
> >
> > I notice that there is no state transition out of state "Dead". How
> > is it that the process allows a transition from state "Dead" to
> > state "Publication Requested"?  As you have altered the state in the
> > datatracker database, I suppose you can next go directly to "IESG
> > Evaluation", and then to "Approved - ..." etc.  Of course, this
> > seems to violate the notion of an open process, especially after the
> > community has rejected the document several times.
> >
> 
> Resurrecting a "Dead" ID requires manual processing by the IETF
> Secretariat. I initiated the process with an email request.  I do not
> know why they don't include state transition information.

Possibly, this state transition is not shown because it is a violation
of process???

Does the IETF Secretariat enforce the process rules against improper
state changes by an IESG member?  If they do not enforce process rules,
then the fact that they just did what you asked does not imply that what
you asked for was proper.

> What part of this process is not open?  I am the sponsor, and I am
> initiating another Last Call to gauge consensus for Experimental
> track. As I understand the IETF process, I could have taken the
> document straight to the IESG, and asked them to approve as
> experimental based on the results of the second Last Call.  I chose
> not to do so - I elected the *most* open process of those available to
> me...

That is just about the same as what Sam Hartman and Eric Rescorla did:

===================================
Date: Mon, 28 May 2007 11:38:51 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: tls@ietf.org
Subject: [TLS] Comments on draft-housley-tls-authz-extns-07

Folks,

We have a request from the IESG re draft-housley-tls-authz-extns-07.

The IESG is considering publication of this document as a Proposed
Standard. The IESG has requested that the TLS WG provide input
(positive or negative) on this proposal. Please post comments to the
list before Monday June 11.

-Ekr
===================================

The comments were negative; people didn't want to support a patented
proposed standard. A patented experimental standard doesn't seem to be
any different.

> >> I believe that publication is in the best interest of the
> >> community, *in spite* of the document's history.  I was hoping that
> >> you could help identify the best way to determine if the community
> >> agreed with me...
> >
> > I rather think the community disagrees with you, and has expressed
> > that lack of interest through non-support in the TLS working group,
> > and non-support on the IETF main list, and in the comments of Sam
> > Hartman withdrawing his support as sponsoring A.D.
>
> The TLS working group declined to take this work on.  That is
> different from not supporting publication.

The above isn't a true statement.  The name of the draft
"draft-housley-tls-authz-extns" contains the name of the working group,
a fact that indicates it is a working group document.  After the fraud
by Housley was discovered, and the approval was removed, the TLS Working
Group was asked, but no longer supported the protocol because of the
patent.  See Rescorla's message, quoted above.

> Many, many documents declined by WGs are published as individual
> submissions. Sam determined that consensus to publish as standards
> track did not exist, but still believes the technical content merits
> publication.

I haven't seen such a statement from Sam Hartman saying that he believes
the document merits publication. The statements I've seen from Hartman
seem to imply or state just the opposite belief.

> >>> I would also expect that since your are government employee, that
> >>> your conflict of interest needs to comply with NIST/Government
> >>> regulations covering conflict of interest. Do you agree?
> >>
> >> My actions need to meet IETF process requirements, government
> >> regulations, and my own moral compass.  I believe that my own moral
> >> compass is more restrictive than either of the others.  I do not
> >> have any personal interest in this document; to be frank, I expect
> >> that sponsoring it will be a painful experience.  The fact that it
> >> is self-inflicted won't provide much solace.  But, I took the job
> >> and this apparently comes with the territory.
> >
> > Your job doesn't compel you to revive this document after after the
> > community did not support the document and the other security A.D.
> > withdrew his support. You have already disclosed (to me) your
> > personal interest in your close family relationship to Housley.  
> > So, it appears that, your moral compass needs some adjustment. To
> > help you with that, I'd like to give you a quote from the
> > "Restatement of the Law of Agency, Second":
> >
> 
> I believe it was my responsibility to take on tls-authz, and stated as
> much in my first email.  The reasons have nothing to do with any
> personal relationships.

See below.

> Since we have never met, I believed you might be one of the few
> IETFers that was not aware Russ and I were friends.  It is irrelevant
> to any actions I have taken or will take in my posiiton on the IESG.  
> However, I did not want you to believe that I hid this fact; that
> would have undermined my attempts for constructive dialogue.  So, I
> noted that fact up front.

It was good to disclose this. However, it is relevant to whether you are 
acting impartially in the interests of the IETF and NIST.

> > =========================
> > § 394. Acting for One with Conflicting Interests
> >
> > Unless otherwise agreed, an agent is subject to a duty not to act or
> > to agree to act during the period of his agency for persons whose
> > interests conflict with those of the principal in matters in which
> > the agent is employed.
> >
> > § 394 Comment a. The rule stated in this section goes beyond that
> > stated in Section 391, which is limited to situations in which the
> > agent acts for an adverse party in a transaction to which the
> > principal is a party. Under the rule stated in this Section, the
> > agent commits a breach of duty to his principal by acting for
> > another in an undertaking which has a substantial tendency to cause
> > him to disregard his duty to serve his principal with only his
> > principalâs purposes in mind. [...]
> >
> > This is true although the agent does not agree to give his full time
> > to the principalâs business and does not use the time paid for by
> > the principal in acting for another. The danger that he will not be
> > impartial and that he will use confidential information obtained in
> > the business of one in the affairs of the other makes it improper
> > for him to act for both. 
> > =========================
> >
> > The "Restatement of the Law of <X>" series is produced by the
> > American Law Institute as a guide for lawyers to the law. Besides
> > distilled rules, it contains and index of citations to cases
> > establishing the rule.  Most law offices will have copies, or you
> > can find them at your local law library.
> >
> > Housley violated this rule by acting for Brown, while on the IESG.
> > You are violating it for acting for Housley.
> >
> 
> I am not a lawyer, and will not debate such issues.  I will note that
> I am not "acting for Housley".

The law has been quoted to you. The law is quite plain. Ignorance is not
a defense.

Your assertion that you are not influenced by your close family friend
lacks credibility.

> > This section (also under duties of loyalty) and its comments are also
> > relevant:
> >
> > =======================
> > § 390. Acting as Adverse Party with Principalâs Consent
> >
> > An agent who, to the knowledge of the principal, acts on his own
> > account in a transaction in which he is employed has a duty to deal
> > fairly with the principal and to disclose to him all facts which the
> > agent knows or should know would reasonably affect the principalâs
> > judgment, unless the principal has manifested that he knows such
> > facts or that he does not care to know them.
> >
> > § 390 Comment a. Facts to be disclosed. One employed as agent
> > violates no duty to the principal by acting for his own benefit if
> > he makes a full disclosure of the facts to an acquiescent principal
> > and takes no unfair advantage of him. Before dealing with the
> > principal on his own account, however, an agent has a duty, not only
> > to make no misstatements of fact, but also to disclose to the
> > principal all relevant facts fully and completely. A fact is
> > relevant if it is one which the agent should realize would be likely
> > to affect the judgment of the principal in giving his consent to the
> > agent to enter into the particular transaction on the specified
> > terms.
> >
> > § 390 Comment c. Fairness. The agent must not take advantage of his
> > position to persuade the principal into making a hard or improvident
> > bargain. 
> > =======================
> >
> > Housley violated this duty by not disclosing the patent while working
> > for Brown on the draft.
> >
> > This document still represents a "hard or improvident bargain" for the
> > membership of the ISOC, the ISOC, and the ISOC IETF Activity.
> >
> > The IETF has no interest in document, as expressed through the TLS
> > Working Group, the main IETF list, and Security Director Hartman's
> > comments.  No IETF rule has compelled you take up this effort; No IETF
> > official has compelled you to take up this effort;  you have taken  
> > it up
> > on your own initiative on behalf of your friend Housley and Brown.
> 
> Let's be clear: I took this up on my initiative, to fulfill my
> responsibilities as a member of the IESG.  This action is not on
> behalf of anyone.

Your statement is untrue: There is no obligation for an IESG member to
revive a document in state "Dead".  There is no responsibility goes
unfilled if this is not performed. I do not think that you really
believe there is such an obligation.  Your asserted motive is a false
motivation to hide a true motivation;  this statement demonstrates
deception.

You've also acknowledged that reviving this document will be a painful 
experience. There must be a corresponding motivation for enduring that 
pain.

Repeating that your close personal family friend has no influence still
lacks credibility.

> > That is ethical misconduct.  I expect that the NIST has similar
> > rules on conflict of interest.
> >
> > 		--Dean
> >
> >
> >
> > -- 
> > Av8 Internet   Prepared to pay a premium for better service?
> > www.av8.net         faster, more reliable, better service
> > 617 344 9000
> >
> >
> >
> 
> 
> 

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls