Re: [TLS] TLS@IETF101 Agenda Posted

[nalini elkins <nalini.elkins@e-dco.com>]

 On 15/03/18 00:05, nalini elkins wrote:
>> There is no question of a smokey back room.

>I'm sorry to disagree so bluntly, but while I was an
>AD some of the people involved here requested that I
>meet them in private to discuss this topic before it
>had been raised on the list, and without telling me
>ahead of time who, from what "enterprises," would be
>in the room looking for what. As an AD I was always
>happy to meet folks and have quiet discussions about
>how to engage with the IETF or explore some detail of
>how to get something done, I definitely did draw a
>line well before private meetings aiming to overthrow
>established WG consensus.

>While that all might be put down to a tactical error
>in which advice to follow with whom when initially
>engaging with the IETF, from my POV it was the epitome
>of a request for a smokey-back room discussion.

>So yes, I do find that there are questions here about
>smokey back rooms indeed.

1.  With respect, I contend that you are conflating what happened then with
what I am suggesting now.

2.  Also, your description of what happened then does not match with my
memory.  We may
have an honest disagreement or recollection of events.  I believe I have
the original
email chain somewhere & can try to find it, if necessary.

My version of the events is:

1.  A couple of years ago, I was involved with some "enterprises" who felt
they had an
issue with the upcoming TLS1.3 standard.  In particular, the deprecation of
RSA.


2.   They were concerned about the reputational risk to their company of
speaking
in a public forum.   (This is a huge issue for many companies.)  Also, they
were not used to writing Internet Drafts or presenting at an IETF group.


3.  I had no experience with such a situation so I was not sure what to do
either.
My own work is in IPPM (if anyone is interested, you can look at my work
in RFC8250), so I was not involved with the TLS group very much either.
(A situation which has since been corrected.  I now am happy to know
many of you quite well.) (Still no claims to being a crypto expert, though!)

I asked a former Chair of the IETF for advice.  He suggested asking for a
session with the leadership of the TLS group under Chatham House rules.

I did so.

As I recall, I asked to have a discussion of the issues to see what we
should do.
I never asked for any consensus of the WG to be overturned.  I may be a dim
bulb but I am not a complete idiot.   I do have some idea of how things
work as
far as WG consensus.

Again, as I recall, you replied at some length about "subverting the
process".
After a few more somewhat emotional emails back and forth, where I was not
able to convey
my point adequately or to reach an understanding, I gave up on that route.

It is completely possible that I did not ask correctly or convey the right
information.
It was a new situation to me & as I say, I was not sure what to do.  I did
my best.

If needed, I can look for the original email chain.


4.  Then, I went back to these "enterprises".  They had to go all the way
to the
CEO of their company to get authority to speak publicly.   They did so at
the Chicago IETF.

And, you know what, I am going to do everything I can to help these guys.
They have a point of view that deserves to be represented.  They have
put in a huge amount of time and effort to try to present what they feel
will be a real problem for their company.  They are not doing it for any
other reason.

Again, they are not used to writing Internet drafts.  And, I am not as much
as help as I could be to them in writing drafts for TLS as that is not
where
I live, so to speak.  If this was an issue in performance metrics, I could
write the drafts for them.  But, this is TLS, so we have to get others to
help.
We have tried as much as we can to follow the process.   We are all
imperfect, we are doing our best.


5.  This issue with people being able to speak publicly is real.  It needs
to
be recognized.  Not everyone works for an academic institution or
companies which support speaking openly about network architecture
issues.

Even some of the network product vendors who are starting to speak
openly on this issue have had to talk to their CEOs before commenting.
Not everyone will go to such lengths.  They will mostly just give up.
Which is unfortunate for everyone.  Including the IETF.

I completely understand why deliberations of something as important
as TLS need to be public and in the open.  I support that.  I am just
saying that there is an important constituency for whom speaking in
an open forum is a real issue.  Frankly, this is why we formed the
"consortium".

Nalini

On Wed, Mar 14, 2018 at 5:13 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
>
> On 15/03/18 00:05, nalini elkins wrote:
> > There is no question of a smokey back room.
>
> I'm sorry to disagree so bluntly, but while I was an
> AD some of the people involved here requested that I
> meet them in private to discuss this topic before it
> had been raised on the list, and without telling me
> ahead of time who, from what "enterprises," would be
> in the room looking for what. As an AD I was always
> happy to meet folks and have quiet discussions about
> how to engage with the IETF or explore some detail of
> how to get something done, I definitely did draw a
> line well before private meetings aiming to overthrow
> established WG consensus.
>
> While that all might be put down to a tactical error
> in which advice to follow with whom when initially
> engaging with the IETF, from my POV it was the epitome
> of a request for a smokey-back room discussion.
>
> So yes, I do find that there are questions here about
> smokey back rooms indeed.
>
> S.
>



-- 
Thanks,
Nalini Elkins
President
Enterprise Data Center Operators
www.e-dco.com