RE: Request for community guidance on issue concerning a future meeting of the IETF
Regarding the potential clause in the contract that has caused this discussion, which includes the text: >... Should there be any financial >loss incurred to the Hotel or damage caused to the Hotel's >reputation as a result of any or all of the above acts, the Hotel >will claim compensation from the Client." Again, speaking as an individual, I have a question: I understand that it is unlikely that anything bad will happen as a result of this clause in the contract. However, I am wondering what the worst downside could be. Suppose that some IETF participants (whether regular participants or people who just show up this one time) were to wage some sort of demonstration that was bad enough to get the meeting stopped in the middle. Suppose that as of the time that the IETF meets several other groups have reserved the hotel for conferences later in the year. Suppose that one or more of these other groups hears about our meeting being stopped, and decides to cancel their meeting (and presumably move it somewhere else). Would whomever signs the contract (whether IAOC or ISOC or the host or whatever) be responsible for the losses that the hotel would suffer as a result of the cancellation of these other meetings? To me this seems like it *might* be covered by "financial loss" and "damage to the hotel's reputation". Just who would be at risk? I am not a layer. I don't play a lawyer on TV or via email or anywhere else. However, this looks to me like an unlikely outcome but one that could be very bad. Thus this would at least seem like a good question to ask the IETF's lawyer. Ross ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Request for community guidance on issue concerning a future meeting of the IETF
On Sat, 26 Sep 2009, Dean Willis wrote: > > Because China's policy on censoring the Internet sucks, and we have > a moral and ethical responsibility to make the Internet available > despite that policy. If this requires technology changes, then that > technology is within our purview. If it requires operational > changes, then those operational changes are within our purview. If > it requires political changes, then those changes are within our > purview. Governments with policies like the PRC's are the enemy, to > be defeated by all means technical, operational, and political. This > can lead to some heated statements. Dave beat me to it but: "We have a moral and ethical responsibility" ? Who is "we" here. Does it include the several hundred folks from China who regularly participate either in our meetings or online? Does the IETF charter require us to do this? Are we supposed to overthrow governments as part of this? If so, do we have a ranked list, or should we just do it alphabetically? Look, I am not in any way trying to defend the policy in question as something I agree with, but I cannot agree that we as a GROUP should be engaged in the politcal actions you suggest. Should we take a stance on universal health care while we're at it? > > The question: does meeting in China do more to further the goal of > getting past PRC (and others) deplorable policies than does meeting > elsewhere AND LETTING THE WORLD KNOW WHY WE ARE NOT MEETING IN CHINA. > That's an open question, I'm not at all certain of the answer, and we > have to analyze financial risk of that hotel contract given the > situation. We also have to analyze the financial risk with regard to > agents who may try to turn an IETF meeting into a political incident. > > Dean Understood. I think the financial risks (in the event of a shut down) are low due to my reading of that probability, but I am also concerned about what effect this will have on (at least some people's) behavior. We should not, I agree, not have to change our normal way of doing the work of the IETF and we should not put ourselves in a situation where a substatial people stay away from the meeting regardless of their reasons for doing so. Regarding "agents" I have no way of evaluating that possibility and I am not sure anyone can. This is why we asked you. Ole ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Request for community guidance on issue concerning a future meeting of the IETF
Dean Willis wrote: The question: does meeting in China do more to further the goal of getting past PRC (and others) deplorable policies than does meeting elsewhere AND LETTING THE WORLD KNOW WHY WE ARE NOT MEETING IN CHINA. Dean, Sorry, but that is very much *not* the question. As a group the IETF has no such goal. We have a goal of doing excellent technical work that enables new capabilities and better reliability and performance. We have no goals of "getting past" any government's policies. The closest we come to such an issue is the goal of equally not counting government policies as dictating particular technical choices in our work. What is distinctive about the IETF's culture for pursuing its work is how grossly undisciplined our process is, in the trenches. Over the years, we have packaged it nicely with higher-level rules, but the moment-to-moment exchanges are by random folks who make random statements. We tolerate the certainty of entirely inappropriate statements that are misguided, offensive, political and/or personal for the occasional wonderfulness of spontaneity. Signal-to-noise has always been poor in the IETF, but we've seen enough benefit in its unruliness to warrant retaining the model, rather than embracing the far more staid and structured style of other standards groups. With respect to making an organizational decision, the problem with the contract language is its import with respect to this basic way the IETF does its work. I think it essential that we not confuse this with anyone's views about a country's politics. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Request for community guidance on issue concerning a future meeting of the IETF
Ole Jacobsen wrote: > > On Wed, 23 Sep 2009, Eric Rescorla wrote: > >> So, this isn't really that useful context for the rest of the >> paragraph. To take the example of encryption, I think people >> were arguing that it was a topic "regarding human rights". >> >> With that said, it's not clear to me that saying "China's policy >> of censoring the Internet sucks" isn't defamation. > > I would say that this DOES border on defamation, BUT I am at a loss > to understand why such a statement would be a required part of our > technical discussion. The statement is an opinion about a topic which > there is a lot more that can be said, but like the baby said "this > isn't the venue." (Let's just say that it isn't well understood in > the west). "X policy sucks" sound like politics and not technology > particularly if X is a country. Because China's policy on censoring the Internet sucks, and we have a moral and ethical responsibility to make the Internet available despite that policy. If this requires technology changes, then that technology is within our purview. If it requires operational changes, then those operational changes are within our purview. If it requires political changes, then those changes are within our purview. Governments with policies like the PRC's are the enemy, to be defeated by all means technical, operational, and political. This can lead to some heated statements. The question: does meeting in China do more to further the goal of getting past PRC (and others) deplorable policies than does meeting elsewhere AND LETTING THE WORLD KNOW WHY WE ARE NOT MEETING IN CHINA. That's an open question, I'm not at all certain of the answer, and we have to analyze financial risk of that hotel contract given the situation. We also have to analyze the financial risk with regard to agents who may try to turn an IETF meeting into a political incident. -- Dean ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-ietf-sasl-scram
Nicolas Williams writes: > On Fri, Sep 25, 2009 at 02:00:58PM +0200, Simon Josefsson wrote: >> I'm hesitant to bring this up because it has so many other concerns, but >> if you are looking for alternatives, another one is to flag the >> normalization algorithm used in the protocol. E.g., add a flag >> 'c=saslprep' or 'c=net-utf-8' or 'c=utf-8'. This makes it possible to >> apply a better heuristic on the server side. Or treat normalization >> like the hash algorithm, since it is also an continuously evolving and >> apparently never-perfected technology, and make the mechanism name >> SCRAM-SHA-1-SASLPREP or SCRAM-SHA-1-NET-UTF-8. (You can figure out the >> problems with this approach as good as I can, so I won't go into them..) > > It doesn't really help because it'd have to be the server telling the > client what the user's password's form is -- not the other way around. > Chances are the password's been hashed already; recovering from use of a > different NF (or just-utf-8) is not going to be feasible. The server can store the password hashed in a couple of different forms, and use the flag to determine which to use. I realize that is possible anyway (just iterate through all locally stored hashes), although without some text in the document I don't think many servers will implement that. /Simon ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf