Re: [Txauth] consensus call on WG name: "Authorization and Delegation"
Dick Hardt <dick.hardt@gmail.com> Fri, 15 May 2020 23:27 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8CAE3A0A32 for <txauth@ietfa.amsl.com>; Fri, 15 May 2020 16:27:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-Wjwl3nJijU for <txauth@ietfa.amsl.com>; Fri, 15 May 2020 16:27:51 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABFDB3A0995 for <txauth@ietf.org>; Fri, 15 May 2020 16:27:50 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id a9so3194303lfb.8 for <txauth@ietf.org>; Fri, 15 May 2020 16:27:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=l+Vw0fa8qLjfpAY+OjZFqkgYGS1/t+QseSqZ41PrkWc=; b=utSMYR3YVqJXbSayg3Uo0+Umn5Fa42W+JyEc7WCR57H8b3l/iPFO7QLStH1vhGMyeb VGfbxKOitrSKoVDm0LCB7aESoAKs5UWpYt7PFUD1nYQdWc6OIm/9nXoegAWe6ZpYTgZL UKRims8k74i09jz0VHOyErt1JGMItV3yniOrrHjoe1iNdYlVfMfKJaVGi+g153Cs4/aJ 5IdpLIoqtfx4BxzNb/4jbwPOWOX1oJwOnehTQCxksJYt4IFlHlPeQ+XQ1pYUMnjLLR/7 KYLapoqq2zqFF52ccW0gyTMKxxnKoS4Jh7bpOLYdCP5ULCdsUG9tkGTGPQXfViryYXRH ONeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=l+Vw0fa8qLjfpAY+OjZFqkgYGS1/t+QseSqZ41PrkWc=; b=pD7fSGjWPT14xrQMTyqrRNqyPCKmcZiHoIBmcWuUHvgWUzBLOMInqhkv1x7eO3Kvp3 Yp3kK1Jc3sxySoIx+LRMVXg4Fzd61rU462mtESwGGamCdBY+2uS+1V6b5EcJ8cz6gtQ0 pbY6yguSzQnUCDZr356tH6HuoAt2ZuxqU+Rn/F5g32JYyIeDyuVCpv91hPvo5Me/QWf5 xGkzl1Qy2YQAGrpJxhYVnXVtSraSZVzPtOgykrGXrUJGOy52BTNX8r63YXK6ankm2m98 8aYYp8zyfRJtGnwmtTbTscRTieOaw1iTDCmunjNGKtPgxfYES7fhEi/aHQjo9nrWvWIk L5Ow==
X-Gm-Message-State: AOAM531HxYXiCMscpbxgX6n3mAQLHDFhVC+uqecWsIYPtZ8gmSoId9p/ N2shNSn8n2AaSJ5TzYBqngYd7ERBW/Yxdp70OBc=
X-Google-Smtp-Source: ABdhPJygvqlbC3wdeYLWkWYSZwA6hdk/A1bhykWXXEQelaHBYN7qoUwOfGhotZwOUrZdiVOpFK/fcu8BhjVzffPyoVY=
X-Received: by 2002:a05:6512:53a:: with SMTP id o26mr3889482lfc.111.1589585268608; Fri, 15 May 2020 16:27:48 -0700 (PDT)
MIME-Version: 1.0
References: <CAD9ie-sCJ+Nf0QFZLUWqRo3MCibrO9eKUj3zj_3Y1zXdfWOugA@mail.gmail.com> <943EF8E5-6F25-4E2A-907B-1333ABA112F6@mit.edu> <CAD9ie-tDQDMpYFrQk9Mb-_Nof5aiJ6iLZDbTu0LX3_hwSCMDtg@mail.gmail.com> <e744a5fe268f4e2380db23a092da4fc7@cert.org> <85A51BAA-EF86-49F5-ABB4-C332AE82DEAA@mit.edu> <CAD9ie-unev887EeXxEMeikE1a7yeZX_gLzy_unUw+A4J72rJwg@mail.gmail.com> <dda938f116a24da5bab687431ff4e917@oc11expo18.exchange.mit.edu> <CAD9ie-uD4RRduLiWC4Z=i6L_kRVVOJ1Ekg_hptw5ca3XLzd9fQ@mail.gmail.com> <7a226b1f3dee47699131fb7752f3ef07@oc11expo18.exchange.mit.edu>
In-Reply-To: <7a226b1f3dee47699131fb7752f3ef07@oc11expo18.exchange.mit.edu>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 15 May 2020 16:27:22 -0700
Message-ID: <CAD9ie-sLt1M=Mrco8qdL3fdwr4y7h2krN5vsQiBi5qt27_ZsMQ@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: "txauth@ietf.org" <txauth@ietf.org>, "rdd@cert.org" <rdd@cert.org>
Content-Type: multipart/alternative; boundary="0000000000004694dd05a5b8295e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/YkvusDYX_6YBuajpZbTwS-c4c5A>
Subject: Re: [Txauth] consensus call on WG name: "Authorization and Delegation"
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2020 23:27:55 -0000
Would you clarify if your concerns have been addressed? ᐧ On Fri, May 15, 2020 at 4:18 PM Justin Richer <jricher@mit.edu> wrote: > Thank you for the clarification on the deadline and the voting process, as > that was not clear in the initial thread. > > I appreciate and understand that we are not a voting organization, it's > one of the core tenets of the IETF as you know. I hope that the chairs can > continue to be transparent about all of the information that they use to > call consensus. > > I'm sorry that the fact that I want a fair and clear process is confusing > to you, though I'm not sure why. Every response and action I have taken > here has been to that goal. I hope that you can assume good intentions. > > - Justin > ________________________________________ > From: Dick Hardt [dick.hardt@gmail.com] > Sent: Friday, May 15, 2020 7:02 PM > To: Justin Richer > Cc: txauth@ietf.org; rdd@cert.org > Subject: Re: [Txauth] consensus call on WG name: "Authorization and > Delegation" > > We are not going to make the May 18 deadline. My suggestion of > "Authorization and Delegation" was a Hail Mary attempt to get consensus > last minute. > > There was not consensus to use "transactional". As Roman stated, we are > not voting, we are looking for rough consensus. > > Per your concern on the process, we are looking for consensus as Roman > stated, not a majority of votes. > > wrt. the votes, I was proposing that people would state their preference > (1st, 2nd, 3rd), not equal votes (top 3 choices) > > Your last comment is confusing given your recent posts. > > Have your concerns been addressed? > > On Fri, May 15, 2020 at 3:50 PM Justin Richer <jricher@mit.edu<mailto: > jricher@mit.edu>> wrote: > I have a concern about the short timeframe needed here, which, as I > understand it, would require getting everyone to participate over the > weekend in order to get results in time - the original deadline given was > Monday May 18. I fear that the timing will make people miss it entirely and > we will not get a representative sample of the group. > > As an aside, I'm also concerned that you would discount the results below > when the decision to not use "transactional" was a much, much smaller > sample and margin. And yet that decision seems set and done, since it was > excluded from the poll options entirely. > > I'm also concerned that the process outlined is not fully specified. If we > are going to do this, I would like to know more about the voting process > proposed in 3, specifically what the timing will be and how votes will be > counted. Is this a preference system, where order matters, or is it three > equal votes per person? I think these things need to be clear before anyone > submits feedback. > > More than anyone, I want this process to be fair and representative. I am > eager to get on to the real work because I think we have an opportunity to > make major steps forward for application security on the internet. > > - Justin > ________________________________________ > From: Dick Hardt [dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>] > Sent: Friday, May 15, 2020 6:20 PM > To: Justin Richer > Cc: txauth@ietf.org<mailto:txauth@ietf.org>; rdd@cert.org<mailto: > rdd@cert.org> > Subject: Re: [Txauth] consensus call on WG name: "Authorization and > Delegation" > > Justin: are you saying you have concerns with [3]? Do you have an > alternative proposal? > > FWIW: if the actual results had been what you posted below, I would have > rerun the poll with less dots per person to see if we would get to have > rough consensus on one name. I would not consider those results below to be > consensus. > > Additionally, with the significantly larger number of voters compared to > previous votes, and the large number that all voted the same, together > indicated the poll was being gamed. It is not possible to know which votes > where legit, and which were not, which is why the conclusion was to call > the poll spoiled. > > > > [ > https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=0f26de16-5b6f-4cf4-9b00-3744a289a9a9]ᐧ > <https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=0f26de16-5b6f-4cf4-9b00-3744a289a9a9]%E1%90%A7> > < > https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=0f26de16-5b6f-4cf4-9b00-3744a289a9a9]%E1%90%A7 > > > > On Fri, May 15, 2020 at 3:02 PM Justin Richer <jricher@mit.edu<mailto: > jricher@mit.edu><mailto:jricher@mit.edu<mailto:jricher@mit.edu>>> wrote: > Thanks for the transparency, Roman. And thanks to Dick for providing the > logs. > > I did a quick analysis of the results myself. I went through cleaned up > the log file a little (there were some mixed spaces and tabs that made > automatic parsing difficult) and disambiguated the several expansions of > different names: > > TXAuth1: Truly eXtensible Authorization > TXAuth2: Testable eXtensible Authorization > TxAuth3: Transmission of Authority > TIDYAuth1: Transference via Intent Driven Yield Auth > TIDYAuth2: Trust via Intent Driven Yield Auth > > By removing every entry where all five points were awarded to TxAuth: > Transmission of Authority, and tallying all others (including votes for > other entries that had all five points awarded by one voter but to a > different option), we get the following results: > > Totals: > TxAuth3: 42 > TXAuth1: 25 > GNAP: 20 > PAuthZ: 19 > TXAuth2: 12 > TINOA: 9 > TIDYauth2: 8 > CTAP: 7 > NIRAD: 6 > ZAuthZ: 6 > GranPro: 4 > TIAAP: 4 > AZARAP: 4 > TIDYauth1: 3 > ReAuthZ: 3 > DIYAuthZ: 3 > IDPAuthZ: 2 > TIDEAuth: 2 > TIEAuth: 2 > RefAuthZ: 2 > BeBAuthZ: 2 > AZARP: 1 > DAZARAP: 1 > AAuthZ: 1 > BYOAuthZ: 1 > CPAAP: 1 > > As you can see, the winner of the poll is :still: overwhelmingly > “Transmission of Authority”, even with all of these entries removed. I’ll > note that this does not include the last seven votes that came in the last > couple days, so these results are skewed even then. > > To be clear, I don’t think it’s fair to throw out all such votes, but > since they are what’s suspect here I felt it important to see the results > just those removed and see if it told a different story. It does not, and I > think that indicates the consensus is actually still pretty clear. > > I am attaching both the cleaned-up log file as well as the quick python > script that I wrote to do the analysis of the results, please check for any > errors or inconsistencies. > > — Justin > > > On May 15, 2020, at 5:46 PM, Roman Danyliw <rdd@cert.org<mailto: > rdd@cert.org><mailto:rdd@cert.org<mailto:rdd@cert.org>>> wrote: > > Hi! > > Full transparency here -- the chairs definitely consulted me with their > concerns about the poll and with the logs before announcing the results > [1]. I re-reviewed the logs [2]. It shows around vote #16 – 41, there is > a number of entries where all votes assigned to a single choice (“TxAuth > Transmission of Authority: 5”). Observations (by Dick) of the incoming > results, pinned these votes in a narrow time window. Likewise, most of all > of the other entries split their 5 ballots. Could that be overwhelming > support in the community? Absolutely! However, the lack of precise > timestamps and IPs makes it hard to judge in this non-traditional scenario > for selecting names. > > We’re going to have to live with this choice – names matter – and I don’t > want any sense of skew to linger. We tried an experiment using a tech that > allows anonymous input (i.e., Decido) – it didn’t work (no fault of the > tech). Let’s do it the old fashion way on the mailing list. If you have > objections to [3], please raise your concern. > > We’re not in the voting business. If we end up with two options that are > “close”, we’re going to talk a little more. Prior to final selection, WG > chairs and I will also listen for objections to the name that the mailing > list feedback suggested. > > I appreciate everyone patience. I too would like to have a name chosen so > we can get the charter advanced. However, we’re going to do this name > selection again so we can all have confidence in the process. > > Regards, > Roman > > [1] > https://mailarchive.ietf.org/arch/msg/txauth/sDG3PJI2FHbeGefW8OqJP1NNqLU/ > [2] > https://mailarchive.ietf.org/arch/msg/txauth/0BjvqbFk-K3MCqcx388etFzFPz8/ > [3] > https://mailarchive.ietf.org/arch/msg/txauth/2_oF41Zbfj_-qkkLXo7HwLnMk68/ > > From: Dick Hardt <dick.hardt@gmail.com<mailto:dick.hardt@gmail.com > ><mailto:dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>>> > Sent: Friday, May 15, 2020 5:04 PM > To: Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu><mailto: > jricher@mit.edu<mailto:jricher@mit.edu>>> > Cc: txauth@ietf.org<mailto:txauth@ietf.org><mailto:txauth@ietf.org<mailto: > txauth@ietf.org>>; Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org > ><mailto:rdd@cert.org<mailto:rdd@cert.org>>> > Subject: Re: [Txauth] consensus call on WG name: "Authorization and > Delegation" > > Justin: if you have a concern with how I am chairing the group, the > appropriate action would be to bring it up with the AD (cc'ed). FYI: I had > forwarded the log and my conclusions to Roman, and he had agreed that the > poll had been gamed. > > As to my proposal of "Authorization and Delegation", I took the name you > had proposed, and removed the adjective that people had found concerning. I > was hoping that a bland name would be acceptable and we could move on to > the actual work -- but that does not seem to be the case. > > > On Fri, May 15, 2020 at 1:16 PM Justin Richer <jricher@mit.edu<mailto: > jricher@mit.edu><mailto:jricher@mit.edu<mailto:jricher@mit.edu>>> wrote: > -1 > > I think the results of the poll were pretty conclusive and it’s not an act > of good faith for the chair to propose a poll and then throw out the > results of that same poll and go with something of their own choosing > instead. > > How are you sure that it’s one person stuffing the ballot box? For my > part, I put two dots on the winning title and one dot each of three others. > I had a couple different people contact me off-list and told me they’d put > their five dots on Transmission of Authority. So I think it’s reasonable to > believe that’s the actual result, without examining the logs myself. > > — Justin > > > On May 15, 2020, at 2:21 PM, Dick Hardt <dick.hardt@gmail.com<mailto: > dick.hardt@gmail.com><mailto:dick.hardt@gmail.com<mailto: > dick.hardt@gmail.com>>> wrote: > > > > Following on from my email wrt. the results of voting, please indicate > if you are aligned with calling the working group the "Authorization and > Delegation" working group with a +1 or -1. > > -- > > Txauth mailing list > > Txauth@ietf.org<mailto:Txauth@ietf.org><mailto:Txauth@ietf.org<mailto: > Txauth@ietf.org>> > > https://www.ietf.org/mailman/listinfo/txauth > > [ > https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=987b7021-db43-4340-b683-c6fa9c372681]ᐧ > <https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=987b7021-db43-4340-b683-c6fa9c372681]%E1%90%A7> >
- [Txauth] consensus call on WG name: "Authorizatio… Dick Hardt
- Re: [Txauth] consensus call on WG name: "Authoriz… Jared L Jennings
- Re: [Txauth] [EXTERNAL] consensus call on WG name… Mike Jones
- Re: [Txauth] [EXTERNAL] consensus call on WG name… Jared L Jennings
- Re: [Txauth] [EXTERNAL] consensus call on WG name… Dick Hardt
- Re: [Txauth] [EXTERNAL] consensus call on WG name… David Skaife
- Re: [Txauth] [EXTERNAL] consensus call on WG name… Dick Hardt
- Re: [Txauth] consensus call on WG name: "Authoriz… Justin Richer
- Re: [Txauth] consensus call on WG name: "Authoriz… Aaron Parecki
- Re: [Txauth] consensus call on WG name: "Authoriz… Dick Hardt
- Re: [Txauth] consensus call on WG name: "Authoriz… Dick Hardt
- Re: [Txauth] consensus call on WG name: "Authoriz… Roman Danyliw
- Re: [Txauth] consensus call on WG name: "Authoriz… Justin Richer
- Re: [Txauth] consensus call on WG name: "Authoriz… Dick Hardt
- Re: [Txauth] consensus call on WG name: "Authoriz… Justin Richer
- Re: [Txauth] consensus call on WG name: "Authoriz… Dick Hardt
- Re: [Txauth] consensus call on WG name: "Authoriz… Justin Richer
- Re: [Txauth] consensus call on WG name: "Authoriz… Dick Hardt
- Re: [Txauth] consensus call on WG name: "Authoriz… Justin Richer
- Re: [Txauth] consensus call on WG name: "Authoriz… Steinar Noem
- Re: [Txauth] consensus call on WG name: "Authoriz… Dick Hardt
- Re: [Txauth] consensus call on WG name: "Authoriz… Steinar Noem