IETF Logo Mail Archive

Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC

Dean Anderson <dean@av8.com> Fri, 27 June 2008 19:56 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CB6D028C1DF; Fri, 27 Jun 2008 12:56:12 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1DE4628C1DF; Fri, 27 Jun 2008 12:56:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.335
X-Spam-Level:
X-Spam-Status: No, score=-2.335 tagged_above=-999 required=5 tests=[AWL=0.264, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yBRzuxA8oLSA; Fri, 27 Jun 2008 12:56:10 -0700 (PDT)
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) by core3.amsl.com (Postfix) with ESMTP id 1194428C1DB; Fri, 27 Jun 2008 12:56:09 -0700 (PDT)
Received: from citation2.av8.net (citation2.av8.net [130.105.12.10]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id m5RJu6D4018558 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Fri, 27 Jun 2008 15:56:09 -0400
Date: Fri, 27 Jun 2008 15:56:06 -0400
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@citation2.av8.net
To: Eric Rescorla <ekr@networkresonance.com>
In-Reply-To: <20080627173509.DDB69509AA@romeo.rtfm.com>
Message-ID: <Pine.LNX.4.44.0806271534430.545-100000@citation2.av8.net>
MIME-Version: 1.0
Cc: iesg@ietf.org, tls@ietf.org, rms@gnu.org
Subject: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

On Fri, 27 Jun 2008, Eric Rescorla wrote:

> 
> This paragraph only refers to documents which did not go through
> the IETF process, as implied by the first sentence of 4.2.3.

Indeed. And this document indeed did not properly follow the IETF
process because it did not disclose IPR in accordance with RFC3979 and
because it did not discuss non-patented alternatives, also in accordance
with RFC3979.  The intent of 4.2.3 is to prevent the circumvention of
the rules, and the IETF rules are not being followed.

>    Unless they are the result of IETF Working Group action, documents
>    intended to be published with Experimental or Informational status
>    should be submitted directly to the RFC Editor.
> 
> This document was a TLS WG document, so had already been
> coordinated with the IETF community.

That is precisely the point: it has NOT been properly coordinated with
the internet community: Not all the pertinent facts were disclosed to
the internet community.  

I think the recent events surrounding TLS-Authz at least indicate that
the internet community is keenly interested in facts of patent
encumbrance. These facts were apparently known to IESG managers and
those managers also knew these facts would be important to the
community, but kept the community in the dark, made false 
representations in the draft, and failed to follow IETF policy.

The following paragraph in the 'ecc-new-mac draft is a false
representation:

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

What was claimed to be an innocent mistake in TLS-Authz cannot be
repeated by essentially the same people and still be considered an
innocent mistake.  Twice is not a mistake. Especially after all the fuss
that was made about TLS-Authz.


		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   


_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email