Re: Last Call: (Sanctions Available for Application to Violators of IETF IPR Policy) to Informational RFC
I'd like to be reassured that this has been carefully reviewed by the IETF counsel and the IETF Trust. In particular I would be interested in its possible interaction with the IETF's liability insurance. >Any IETF participant can call for sanctions to be applied to anyone >they believe has violated the IETF's IPR policy. This can be done by >sending email to the appropriate IETF mailing list. That seems reasonable, but publishing such a belief without having the wording checked by a libel lawyer might be risky. I think the draft should state that a call for sanctions should be based on factual evidence and not on "belief". How about Any IETF participant can call for sanctions to be applied to anyone shown to have violated the IETF's IPR policy. This can be done by sending email to the appropriate IETF mailing list, including a a short summary of the relevant facts and events. Regards Brian Carpenter On 2012-05-07 22:56, The IESG wrote: > The IESG has received a request from an individual submitter to consider > the following document: > - 'Sanctions Available for Application to Violators of IETF IPR Policy' >as Informational RFC > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2012-06-04. Exceptionally, comments may be > sent to i...@ietf.org instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > >The IETF has developed and documented policies that govern the >behavior of all IETF participants with respect to Intellectual >Property Rights (IPR) about which they might reasonably be aware. > >The IETF takes conformance to these IPR policies very seriously. >However, there has been some ambiguity as to what the appropriate >sanctions are for the violation of these policies, and how and by >whom those sanctions are to be applied. > >This document discusses these issues and provides a suite of >potential actions that may be taken within the IETF community. > > > > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-farrresnickel-ipr-sanctions/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-farrresnickel-ipr-sanctions/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > >
Finally, It's The Year Of Linux^H^H^H^H^HIPv6
I really shouldn't, so soon after his last inflammatory rant, but here: http://www.theregister.co.uk/2012/05/08/ipv6_coming_next_month/ One month from now, World IPv6 Launch Day with be upon us. Numerous online services will be enabling IPv6 and leaving it on. records will be published, and those of us with IPv6 enabled systems will start to use IPv6 preferentially to IPv4. But what does this all mean? For the short term at least, the truth is "not much". … Ignoring the obvious error with the preceding quote, on this occasion, he does at least appear to have one thing right: most people really aren't all that motivated, in the short term. The apathy continues a pace, and most of the industry is obliged to help in turn by doing almost nothing. Whether it will after June 6 is an open question, but I don't imagine he'll be far off there, either. What's important here, I think, is simply that the desire to have IPv6 deployed and running is outpaced by people's ongoing desire to ignore it. "Networking nerds" are happy because IPv6 at long last has a sporting chance. Everyone else just wants less of the hype. *Grumble* Cheers, Sabahattin
RE: Last Call: (Source Ports in ARF Reports) to Proposed Standard
> -Original Message- > From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Scott > Kitterman > Sent: Tuesday, May 08, 2012 7:05 PM > To: ietf@ietf.org > Subject: Re: Last Call: > (Source Ports in ARF Reports) to Proposed Standard > > > In the absence of that capability, isn't it better to give the > > investigating user as much information as possible to use in > > correlation of logs and such? > > Personally, in the forensic work I've done I've found things like mail > queue IDs a lot more important than source port. There is lots of > information that would be useful for an investigation. On this basis, > I could see MAY include source port on auth failure reports, but I > think making it RECOMMENDED on the basis of it may be useful is > justified. If a spam bot connects to your MTA and sends a message in, the only queue ID you have is the one your own MTA generated. How will that be useful tracing the spam back to the very machine that generated it? RFC6302 talks about why this is important a lot more than this document does. -MSK
Re: a favor from the list about Jon Postel
On Tue, 8 May 2012, Bob Hinden wrote: https://www.facebook.com/jon.postel I just tried going to this page and it says it doesn't exist. Has the problem been fixed? Looks like it. An hour ago i could still report the page, which I did (and prob many more?) Paul
Re: Last Call: (Source Ports in ARF Reports) to Proposed Standard
On Tuesday, May 08, 2012 06:23:46 AM Murray S. Kucherawy wrote: > > -Original Message- > > From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of > > Scott Kitterman Sent: Monday, May 07, 2012 10:49 PM > > To: ietf@ietf.org > > Subject: RE: Last Call: (Source > > Ports in ARF Reports) to Proposed Standard > > > > >If all one is doing is figuring out why something like a DKIM signature > > >failed on an otherwise legitimate message, then I agree the source port > > >isn't a useful input to that work. In fact, as far as DKIM goes, the > > >source IP address is probably not useful either. > > > > > >If, however, one is trying to track down the transmission of fraudulent > > >email such as phishing attacks, source ports can be used to identify > > >the perpetrator more precisely when compared to logs. Support for this > > >latter use case is why I believe RECOMMENDED is appropriate. > > > > > > Which is exactly the case (abuse report) the second to last paragraph > > takes care of. I agree RECOMMENDED is appropriate there and you have > > it there. > > > > For auth failure analysis I read you as agreeing it's not needed. > > There are some authorization methods that use IP address, so I don't > > think that for auth failure reports inclusion of IP address and source > > port are comparable. > > > > Based on your response, I don't understand your objection to dropping > > the RECOMMENDS for auth failure reports and keeping it for abuse > > reports? > > > I don't think it's possible for software to identify correctly a case of an > accidental authentication failure versus detected fraud. If it were, then > I'd agree that for the simple authentication failure case the source port > isn't useful. Then why did we bother with a separate type or report for authentication failure? Presumably we believe systems can have criteria for "I'm sending this because the message is abusive" versus "I'm sending this because it failed $authentication_type". > In the absence of that capability, isn't it better to give the investigating > user as much information as possible to use in correlation of logs and > such? Personally, in the forensic work I've done I've found things like mail queue IDs a lot more important than source port. There is lots of information that would be useful for an investigation. On this basis, I could see MAY include source port on auth failure reports, but I think making it RECOMMENDED on the basis of it may be useful is justified. Scott K
RE: a favor from the list about Jon Postel
> Bob Hinden wrote: > I just tried going to this page and it says it > doesn't exist. Has the problem been fixed? It appears so; I went to it earlier in the day and it was up; I saw the post by Julia Postel asking whoever was putting the page up to contact the family. I kept the processing of this for later (now) and I get the page cannot be found too. Michel.
Re: a favor from the list about Jon Postel
Joe, On May 8, 2012, at 7:19 PM, Joe Touch wrote: > Hi, all, > > My apologies for contacting this list with a non-IETF issue, but since this > community knew Jon well, I'm asking for its help (among others). > > --- > > There is a Facebook page that falsely implies being owned by Jon Postel: > > https://www.facebook.com/jon.postel I just tried going to this page and it says it doesn't exist. Has the problem been fixed? Bob > > Facebook has declined requests from Jon's family to have this page removed. > > To everyone on this list: > > PLEASE do not "LIKE" or interact with this page. Jon passed in 1998, as you > know, 5 years before Facebook ever existed. He never had a page on this or > any other social networking site, and whomever is running this should stop > misrepresenting themselves. > > If anyone here can help, please let me know. > > Joe > to...@isi.edu
Re: a favor from the list about Jon Postel
I don't think it helps the case against this page to have "Likes" by W3C, Tim Berners-Lee, Vint Cerf, ARIN and ICANN ... of course, there is no reason for me to know that those aren't frauds as well. On Tue, 8 May 2012, Joe Touch wrote: > Hi, all, > > My apologies for contacting this list with a non-IETF issue, but since this > community knew Jon well, I'm asking for its help (among others). > > --- > > There is a Facebook page that falsely implies being owned by Jon Postel: > > https://www.facebook.com/jon.postel > > Facebook has declined requests from Jon's family to have this page removed. > > To everyone on this list: > > PLEASE do not "LIKE" or interact with this page. Jon passed in 1998, as you > know, 5 years before Facebook ever existed. He never had a page on this or any > other social networking site, and whomever is running this should stop > misrepresenting themselves. > > If anyone here can help, please let me know. > > Joe > to...@isi.edu >
Re: a favor from the list about Jon Postel
Hi Joe, At 16:19 08-05-2012, Joe Touch wrote: There is a Facebook page that falsely implies being owned by Jon Postel: See http://www.scribd.com/gawker/d/81877124-Abuse-Standards-6-2-Operation-Manual There are a few ISOC people in the photos ... Regards, -sm
Re: a favor from the list about Jon Postel
On 5/8/2012 4:35 PM, Fred Baker wrote: question: would it be helpful to report or block the page? I and Jon's family have tried, to no avail thus far. Joe On May 8, 2012, at 6:19 PM, Joe Touch wrote: Hi, all, My apologies for contacting this list with a non-IETF issue, but since this community knew Jon well, I'm asking for its help (among others). --- There is a Facebook page that falsely implies being owned by Jon Postel: https://www.facebook.com/jon.postel Facebook has declined requests from Jon's family to have this page removed. To everyone on this list: PLEASE do not "LIKE" or interact with this page. Jon passed in 1998, as you know, 5 years before Facebook ever existed. He never had a page on this or any other social networking site, and whomever is running this should stop misrepresenting themselves. If anyone here can help, please let me know. Joe to...@isi.edu
Re: a favor from the list about Jon Postel
question: would it be helpful to report or block the page? On May 8, 2012, at 6:19 PM, Joe Touch wrote: > Hi, all, > > My apologies for contacting this list with a non-IETF issue, but since this > community knew Jon well, I'm asking for its help (among others). > > --- > > There is a Facebook page that falsely implies being owned by Jon Postel: > > https://www.facebook.com/jon.postel > > Facebook has declined requests from Jon's family to have this page removed. > > To everyone on this list: > > PLEASE do not "LIKE" or interact with this page. Jon passed in 1998, as you > know, 5 years before Facebook ever existed. He never had a page on this or > any other social networking site, and whomever is running this should stop > misrepresenting themselves. > > If anyone here can help, please let me know. > > Joe > to...@isi.edu
a favor from the list about Jon Postel
Hi, all, My apologies for contacting this list with a non-IETF issue, but since this community knew Jon well, I'm asking for its help (among others). --- There is a Facebook page that falsely implies being owned by Jon Postel: https://www.facebook.com/jon.postel Facebook has declined requests from Jon's family to have this page removed. To everyone on this list: PLEASE do not "LIKE" or interact with this page. Jon passed in 1998, as you know, 5 years before Facebook ever existed. He never had a page on this or any other social networking site, and whomever is running this should stop misrepresenting themselves. If anyone here can help, please let me know. Joe to...@isi.edu
Re: IETF posting delays
On Tue May 08 04:31:41 2012, sant9...@gmail.com wrote: > I'm giving up. Now using gmail account. > As you can see with the response below to Warren and cc: Mary, John, > and the IETF list, was sent last night at May 7, 23:01. My MTA > transport logs show it was sent to all four, so I am presuming the > direct mail was received and perhaps you can confirm you received it. > Yet, not posted on the list, not on the IETF archive, my copy never sent. As the above ticket was cc'ed to the IETF community list, I am cc'ing our resolution report to the list as well. Dear Mr. Santos: This is the first report we've received at IETF-ACTION on this problem. The problem with these two messages was easy to identify. Your two email messages were triggering the spamassassin scoring system used by the IETF, and causing your mail to be discarded as spam. Although I do not have a detail log of the report for your mail, I would think that the phrase "GO NY RANGERS" in your message contributed to the elevated spam score. Such things are generally interpreted as spam phrases by spam filters, especially in environments like the IETF's where such phrases are neither relevant nor expected. This is an easy problem to solve. I have whitelisted your address(es) so that you will not have this problem again. And, I can only stress that, in the future, when you have problems of this type, you will get much faster resolution if you file a report with IETF-ACTION, as directed on the IETF website, rather than going to the IETF discussion list. Had you done so in this case, and in the other cases I now see you've discussed on the IETF discussion list, these problems could have been resolved and/or answered before turning into what I now see has become a major thread. Please see the IETF website at http://www.ietf.org/contact-the-ietf.html and http://www.ietf.org/secretariat.html for further information about the correct ways to report problems encountered with IETF systems. I trust this information is helpful. If you have further questions or problems, please direct a new message to: ietf-act...@ietf.org and a member of the secretariat staff will assist you. Glen Glen Barney IT Director AMS (IETF Secretariat)
Re: [Fwd: IETF posting delays]
i have already plonked the troller who wasted my time. could we drop this thread? randy
RE: [Fwd: IETF posting delays]
> Original Message > Subject: [Fwd: Re: [IETF] Re: IETF posting delays] > Date: Tue, 08 May 2012 07:31:13 -0400 > From: Hector Santos > To: Warren Kumari > CC: SM , John C Klensin , ietf- > act...@ietf.org > > I'm giving up. Now using gmail account. > > As you can see with the response below to Warren and cc: Mary, John, > and the IETF list, was sent last night at May 7, 23:01. My MTA > transport logs show it was sent to all four, so I am presuming the > direct mail was received and perhaps you can confirm you received it. > Yet, not posted on the list, not on the IETF archive, my copy never > sent. > > Thats now two submissions by a subscribed member that are in la la > land. So its not working. > > The IETF wants to improve its image with the minority engineering > community? Wants to reduce the noise? Wants to increase IETF meeting > attendance? > > IMO, this policy in place for subscribed member mail holding and > filtering when the mail is never posted, needs to be seriously > reviewed. The perception amounts to nothing else but deliberate > censorship, especially when the mail appears to be discarded. > > I have current plans and budgeting to attend the next two IETF > Meetings. I have second thoughts now, dropping my I-D work and just > stay out of the IETF scene. Who needs the stress! Could we perhaps try being a little bit patient and debugging the problem in a co-operative manner before lobbing rhetorical grenades at the people who can solve the problem you're having? Because that would be awesome. -MSK
Re: [Fwd: IETF posting delays]
On Tue, May 8, 2012 at 11:12 AM, SM wrote: > Hi Hector, > > [Cc to ietf-ow...@ietf.org and list-mana...@ietf.org. I note that the > "visible" email address and the email address in the mailto: are different] > > > At 04:35 08-05-2012, Hector Santos wrote: >> >> Thats now two submissions by a subscribed member that are in la la >> land. So its not working. > > > [snip] > > >> IMO, this policy in place for subscribed member mail holding and >> filtering when the mail is never posted, needs to be seriously >> reviewed. The perception amounts to nothing else but deliberate >> censorship, especially when the mail appears to be discarded. > > > I see hsan...@isdg.net as subscribed to ietf@ietf.org. There hasn't been an > announcement, which is required, mentioning that the hsan...@isdg.net email > address is moderated. The message posted around 7 May 2012 23:01:38 -0400 > by hsan...@isdg.net does not show up in the mailing list archive of > ietf@ietf.org. > > The message (4fa84a46.2020...@isdg.net) posted by hsan...@isdg.net around 7 > May 2012 18:18:46 -0400 was handed over to mail.ietf.org around 7 May 2012 > 18:19:23 -0400 and distributed to the mailing list around 7 May 2012 > 18:19:47 -0400 without moderation. > > It is understandable that there is a perception that the mail from the above > email address appears to be discarded or moderated. If the escalation path > is not working to your satisfaction, I suggest contacting the General Area > Director ( gen-...@tools.ietf.org ). > > Regards, > -sm As I mentioned on May 5th, the IETF has a trouble reporting mechanism, act...@ietf.org (or ietf-act...@ietf.org , they both alias to the same people). Has this been reported there ? Bringing in Russ is not appropriate if the basic reporting process has not been followed. Regards Marshall
Re: [Fwd: IETF posting delays]
Hi Hector, [Cc to ietf-ow...@ietf.org and list-mana...@ietf.org. I note that the "visible" email address and the email address in the mailto: are different] At 04:35 08-05-2012, Hector Santos wrote: Thats now two submissions by a subscribed member that are in la la land. So its not working. [snip] IMO, this policy in place for subscribed member mail holding and filtering when the mail is never posted, needs to be seriously reviewed. The perception amounts to nothing else but deliberate censorship, especially when the mail appears to be discarded. I see hsan...@isdg.net as subscribed to ietf@ietf.org. There hasn't been an announcement, which is required, mentioning that the hsan...@isdg.net email address is moderated. The message posted around 7 May 2012 23:01:38 -0400 by hsan...@isdg.net does not show up in the mailing list archive of ietf@ietf.org. The message (4fa84a46.2020...@isdg.net) posted by hsan...@isdg.net around 7 May 2012 18:18:46 -0400 was handed over to mail.ietf.org around 7 May 2012 18:19:23 -0400 and distributed to the mailing list around 7 May 2012 18:19:47 -0400 without moderation. It is understandable that there is a perception that the mail from the above email address appears to be discarded or moderated. If the escalation path is not working to your satisfaction, I suggest contacting the General Area Director ( gen-...@tools.ietf.org ). Regards, -sm
Re: Last Call: (Source Ports in ARF Reports) to Proposed Standard
On 5/7/12 11:23 PM, Murray S. Kucherawy wrote: -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Scott Kitterman Sent: Monday, May 07, 2012 10:49 PM To: ietf@ietf.org Subject: RE: Last Call: (Source Ports in ARF Reports) to Proposed Standard If all one is doing is figuring out why something like a DKIM signature failed on an otherwise legitimate message, then I agree the source port isn't a useful input to that work. In fact, as far as DKIM goes, the source IP address is probably not useful either. If, however, one is trying to track down the transmission of fraudulent email such as phishing attacks, source ports can be used to identify the perpetrator more precisely when compared to logs. Support for this latter use case is why I believe RECOMMENDED is appropriate. Which is exactly the case (abuse report) the second to last paragraph takes care of. I agree RECOMMENDED is appropriate there and you have it there. For auth failure analysis I read you as agreeing it's not needed. There are some authorization methods that use IP address, so I don't think that for auth failure reports inclusion of IP address and source port are comparable. Based on your response, I don't understand your objection to dropping the RECOMMENDS for auth failure reports and keeping it for abuse reports? I don't think it's possible for software to identify correctly a case of an accidental authentication failure versus detected fraud. If it were, then I'd agree that for the simple authentication failure case the source port isn't useful. In the absence of that capability, isn't it better to give the investigating user as much information as possible to use in correlation of logs and such? Dear Murray, This is not about individual submissions or retaining privacy. This is about retaining the only (weakly) authenticated piece of information within public SMTP exchanges. All other SMTP elements are easily spoofed and worthless at positively identifying compromised systems for the purpose of subsequent isolation. Attempts to track ports in the presence of LSN overlooks the highly transitory translations. However, the LSN scheme provides a means to determine the source IP address. Regards, Douglas Otis
Re: [Fwd: IETF posting delays]
On Tue, May 08, 2012 at 07:35:31AM -0400, Hector Santos wrote: > Thats now two submissions by a subscribed member that are in la la > land. So its not working. I just looked at the subscriber's list available to list members at https://www.ietf.org/mailman/roster/ietf, and I don't find the string "santronics" on that page. There are, however, 30 people whose list membership is undisclosed, so I might have missed something. Are you sure you actually subscribed, though? Don't forget that there's a confirmation step. A -- Andrew Sullivan a...@anvilwalrusden.com
Re: Gender diversity in engineering
On May 8, 2012, at 1:12 PM, Yaakov Stein wrote: >> Around 30%-40%. I don't have hard numbers, >> but I have a feeling that it has gone down a bit in the last 10 years. > > Yoav, > > Your feelings are quite accurate as to the range, > but less so regarding the trend. > According to a recent study, 35.6% of high-tech employees in Israel are women, > and this percentage has been relatively stable for the past 10 years. > > Women make up 47.5% of all employees with academic credentials (as of 2010) > in all sectors, > so high-tech is actually comparatively under-represented. > On the other hand, only 32.9% of managerial positions (in all sectors) > are occupied by women. I can believe that. It could be specific to Check Point. OTOH there are those companies with departments where only women work. That could be keeping the balance. Yoav
[Fwd: IETF posting delays]
Original Message Subject: [Fwd: Re: [IETF] Re: IETF posting delays] Date: Tue, 08 May 2012 07:31:13 -0400 From: Hector Santos To: Warren Kumari CC: SM , John C Klensin , ietf-act...@ietf.org I'm giving up. Now using gmail account. As you can see with the response below to Warren and cc: Mary, John, and the IETF list, was sent last night at May 7, 23:01. My MTA transport logs show it was sent to all four, so I am presuming the direct mail was received and perhaps you can confirm you received it. Yet, not posted on the list, not on the IETF archive, my copy never sent. Thats now two submissions by a subscribed member that are in la la land. So its not working. The IETF wants to improve its image with the minority engineering community? Wants to reduce the noise? Wants to increase IETF meeting attendance? IMO, this policy in place for subscribed member mail holding and filtering when the mail is never posted, needs to be seriously reviewed. The perception amounts to nothing else but deliberate censorship, especially when the mail appears to be discarded. I have current plans and budgeting to attend the next two IETF Meetings. I have second thoughts now, dropping my I-D work and just stay out of the IETF scene. Who needs the stress! -- Hector Santos http://www.santronics.com http://hector.wildcatblog.com jabber: hec...@jabber.isdg.net
RE: Gender diversity in engineering
> Around 30%-40%. I don't have hard numbers, > but I have a feeling that it has gone down a bit in the last 10 years. Yoav, Your feelings are quite accurate as to the range, but less so regarding the trend. According to a recent study, 35.6% of high-tech employees in Israel are women, and this percentage has been relatively stable for the past 10 years. Women make up 47.5% of all employees with academic credentials (as of 2010) in all sectors, so high-tech is actually comparatively under-represented. On the other hand, only 32.9% of managerial positions (in all sectors) are occupied by women. Y(J)S
