I do not support publication of this document as a Proposed Standard via the AD-sponsored route, for several reasons: a. I believe that this document should have been handled as a WG work item. It should not be commonplace for standards track security documents to be handled outside of a WG. This issue has been addressed in IPsec (via IPSECME), and TLS needs to follow suit. If the TLS WG does not wish to deal with this and other documents, then the IETF should considered formation of a new WG. b. This document has become a lightening rod for attacks on the integrity of the IETF and IESG. While many of these attacks are groundless, proceeding with the approval of this document without addressing the underlying problems would send the wrong message about the IETF's commitment to ethics. > -----Original Message----- > From: ietf-announce-bounces at ietf.org > [mailto:ietf-announce-bounces at ietf.org] On Behalf Of The IESG > Sent: 14 January 2009 16:18 > To: IETF-Announce > Subject: Fourth Last Call: draft-housley-tls-authz-extns > > On June 27, 2006, the IESG approved "Transport Layer Security > (TLS) Authorization Extensions," > (draft-housley-tls-authz-extns) as a proposed standard. On > November 29, 2006, Redphone Security (with whom Mark Brown, a > co-author of the draft is affiliated) filed IETF IPR disclosure 767. > > Because of the timing of the IPR Disclosure, the IESG > withdrew its approval of draft-housley-tls-authz-extns. A > second IETF Last Call was initiated to determine whether the > IETF community still had consensus to publish > draft-housley-tls-authz-extns as a proposed standard given > the IPR claimed. Consensus to publish as a standards track > document was not demonstrated, and the document was withdrawn > from IESG consideration. > > A third IETF Last Call was initiated to determine whether the > IETF community had consensus to publish > draft-housley-tls-authz-extns as an experimental track RFC > with knowledge of the IPR disclosure from Redphone Security. > Consensus to publish as experimental was not demonstrated; a > substantial segment of the community objected to publication > on any track in light of the IPR terms. > > Since the third Last Call, RedPhone Security filed IETF IPR > disclosure 1026. This disclosure statement asserts in part > that "the techniques for sending and receiving authorizations > defined in TLS Authorizations Extensions (version > draft-housley-tls-authz-extns-07.txt) do not infringe upon > RedPhone Security's intellectual property rights". The full > text of IPR disclosure 1026 is available at: > > https://datatracker.ietf.org/ipr/1026/ > > This Last Call is intended to determine whether the IETF > community had consensus to publish > draft-housley-tls-authz-extns as a proposed standard given > IPR Disclosure 1026. > > The IESG is considering approving this draft as a standards > track RFC. The IESG solicits final comments on whether the > IETF community has consensus to publish > draft-housley-tls-authz-extns as a proposed standard. > Comments can be sent to ietf at ietf.org or exceptionally to > iesg at ietf.org. Comments should be sent by 2009-02-11. > > A URL of this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-housley-tls-authz-extns-07.txt
_______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
