Improving the ISOC Fellowship programme to attract people from under-represented regions into the IETF
Hi Jari, Here's is a draft about improving the ISOC Fellowship programme to attract people from under-represented regions into the IETF. The draft builds upon the ISOC work, proposing adjustments and additional efforts, with the goal of enabling more sustained and active participation by contributors from under-represented regions. In a blog article ( http://www.ietf.org/blog/2013/04/diversity/ ), it is mentioned that: "The design team will present their recommendations to the community, and engage in the discussion. Recommendations with community support will be taken forward." The draft only makes suggestions instead of recommendations. I am copying this message to ietf@ietf.org so that the community can comment about the draft. Regards, S. Moonesamy S. Moonesamy Expires: April 13, 2014 October 10, 2013 Improving the ISOC Fellowship programme to attract people from under-represented regions into the IETF draft-ddt-fellowship-03 1. Introduction The IETF Chair set up a Diversity Design Team in July, 2013 to understand the diversity problem and suggest solutions to make the IETF more inclusive. There is already an ISOC Fellowship programme to the IETF for participants from emerging regions. The Fellowship to the IETF helps to increase the diversity of inputs to, and global awareness of the IETF's vital work. This document builds upon the ISOC work, proposing adjustments and additional efforts, with the goal of enabling more sustained and active participation by contributors from under-represented regions. Section 2 lists the objectives of the existing ISOC Fellowship programme and the selection criteria. The current programme does help new participants to establish an initial face-to-face contact. However, long-term benefit requires helping these participants to engage in the full range of IETF interactions. The most effective way to contribute to the IETF is through on-going active participation and by reviewing and commenting about working group drafts. There are suggestions in Section 4 to better align the ISOC Fellowship programme with the expectations of the IETF Community by having selection criteria that encourages active IETF participation, and by having an evaluation panel with the expertise to evaluate IETF contributions. 2. Existing support for participants from emerging regions 2.1. Objectives of the ISOC Fellowship programme The Internet Society's efforts are encompassed by a basic Fellowship Programme and a Returning Fellowship Programme. The Internet Society has provided significant financial support given that attendance by technologists from emerging and developing economies is currently limited [FEL]. It is considered that actually attending a face-to- face IETF meeting promotes a stronger understanding of the standards process, lays the foundation for active involvement in IETF work, and facilitates personal networking with others that have similar technical interests [FEL]. Expires April 13, 2014 [Page 1] S. Moonesamy Attracting peopleOctober 10, 2013 The main purpose [FEL] of the ISOC Fellowship programme is to: - Raise global awareness about the IETF and its work. - Foster greater understanding of, and participation in, the work of the IETF by technologists from emerging and developing economies. - Provide an opportunity for networking with individuals from around the world with similar technical interests. - Identify and foster potential future leaders from emerging and developing economies - Demonstrate the Internet community's commitment to fostering greater global participation in Internet Forums such as the IETF. The goals of the ISOC Returning fellowship programme [RET] are to: - Provide an opportunity for highly committed former Fellows to return to the IETF to advance specific standards work. - More fully integrate technologists from emerging and developing economies into the IETF. - Advance the technical leadership potential of individuals from emerging and developing economies. - Provide immediate value to a working group by participating in scribing the working group meeting and contributing to the meeting minutes. 2.2. Selection criteria for the ISOC Fellowship programme Some of the requirements [SEL] for qualifying for ISOC Fellowship programme are: - Hold a university-level computer science, information technology, or similar degree, or can demonstrat
Re: Last Call: (On Consensus and Humming in the IETF) to Informational RFC
At 09:48 07-10-2013, The IESG wrote: The IESG has received a request from an individual submitter to consider the following document: - 'On Consensus and Humming in the IETF' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-11-04. Exceptionally, comments may be I found the review by Dave Crocker [1] interesting. Instead of reading the latest revision of the draft I wrote a draft [2]. I read what Pete Resnick said about consensus after that to compare notes. The intended status of draft-resnick-on-consensus-05 is Informational. What we have here is a document about consensus which will reflect the consensus of the IETF. Should the document reflect the consensus of the IETF or not? In Section 1: 'Our ideal is full consensus, but we don't require it: Full consensus would allow a single intransigent person who simply keeps saying "No!" to stop the process cold.' The above introduces the term "full consensus". I took a quick look and I found at least one occurrence of the term in IETF discussions [3]. However, none of the IETF process documents use that term. "If the chair of a working group determines that a technical issue brought forward by an objector has been truly considered by the working group, and the working group has made an informed decision that the objection has been answered or is not enough of a technical problem to prevent moving forward, the chair can declare that there is rough consensus to go forward, the objection notwithstanding." The word "objector" emphasizes that there is one person who dissents. My preference is to consider the objection and address it instead of viewing the issue as dissent from one person. "This document attempts to explain some features of rough consensus, explain what is not rough consensus, and suggest ways that we might achieve rough consensus and judge it in the IETF." The title of the document is "on consensus and humming in the IETF". According to the above sentence the document attempts to discuss about rough consensus. In my opinion there a nuance between "consensus" and "rough consensus". As a quick reaction I would say that rough consensus provides a faster path to shape up a proposal. It helps to cut down on document delivery time to the IESG. The consensus part is sought by getting a broader perspective. Section 2 sounds like objection-based processing. A binary choice (re. technical question) can end up polarizing a discussion. The section provides a good discussion about lack of disagreement. One of the questions I wondered about is whether the person making the determination should use technical judgement or whether the person should only make a determination about the comments received. I mentioned in an unrelated discussion that if it is the consensus of the group that the sky is green, that's what goes in the document. The person making the determination can flag it as an issue as a matter of technical judgement. I'll highlight a point from Section 3: "Remember, if the objector feels that the issue is so essential that it must be attended to, they always have the option to file an appeal." There are very few people who exercise that option. According to the title of Section 4 humming should be the start of a conversation, not the end. BCP 25 states that: "Consensus can be determined by a show of hands, humming, or any other means on which the WG agrees (by rough consensus, of course)." I am not sure whether hums are for a starting point or not. It can be argued in different ways, for example, see Section 4. Humming helps to get a sense of the room without people making a decision under duress. It is a useful way to resolve a controversy. I would say that it ties in Section 5, i.e. consensus is the path, not the destination. A show of hands is a disguised way to vote [4]. Section 5 identifies a few issues with the way people talk about "consensus". I understand what Pete Resnick wrote as he has explained that to me in an unrelated discussion. The text discusses about "making the call". I don't know whether the reader will easily understand the meaning of that. Section 6 and Section 7 attempt to explain that a high percentage of votes in a direction does not necessarily mean that there is rough consensus for that. I agree with the conclusion in Section 8. Regards, S. Moonesamy 1. http://www.ietf.org/mail-archive/web/ietf/current/msg82843.html 2. http://tools.ietf.org/html/draft-moonesamy-consensus-00 3. http://www.ietf.org/mail-archive/web/isms/current/msg00943.html 4. http://www.ietf.org/mail-archive/web/ietf/current/msg25014.html
Re: [Diversity] Attracting people from emerging regions into the IETF
Hi Steve, At 14:18 01-10-2013, Steve Conte wrote: One of the goals of the ISOC Fellowship to the IETF programme is to increase IETF participation in emerging and developing economies, and thus it contributes to increasing diversity within the IETF. ISOC also has and supports other activities surrounding the increase of awareness and participation in the IETF. The fellowship is just one component. I would like to better understand how the implementation and operation of this ISOC-driven programme speaks to the larger challenge question of increasing diversity at IETF. There is a one-page overview of the IETF provided by the Internet Society [1]. According to the document: "The IETF seeks broad participation. The work of the IETF takes places online, largely through email lists, reducing barriers to participation and maximizing contributions from around the world. IETF Working Groups (WGs) are organized by topic into several areas (e.g. routing, transport, security, etc.)." The document then has a title about "mission and principles" which I'll quote: "The mission of the IETF is make the Internet work better by producing high quality, relevant technical documents that influence the way people design, use, and manage the Internet." I read an article written by the Chair of the IETF. I'll do some selective quoting of that article: "The IETF can benefit of untapped potential and bring even more energy to the work." "We think of diversity as something that covers international participation, different cultures, gender, age, organisational background, and so on. While I am very proud of the IETF as a very international organisation with participants from 60 countries working on documents, for instance there are many aspects of diversity where we could do much better. Overall participation is concentrated in some areas of the world, with little participation from Africa and South America, for instance. Similarly, while the IETF has some very active female participants and leadership members, the numbers are very small." "The diversity team is a design team tasked with understanding the issues we are facing, drawing in experience from other organizations affected by similar issues, identifying obstacles to us having the widest breadth of talented participants and leaders, and making practical recommendations that could help us improve the situation." The Chair of the IETF asked for practical recommendations. It is not for me to make recommendations. I can only make suggestions (see http://www.ietf.org/mail-archive/web/ietf/current/msg82776.html ). If the IETF Area Directors believe that the suggestions are unpractical or useless they are welcome to ignore them. In my humble opinion the challenge of the IETF is to produce high quality, relevant technical documents. The Chair of the IETF mentioned that there is very little participation from Africa and South America. The main point raised during the discussions about the draft is on-going and active participation. The question is what can be done in practice to improve on-going and active participation from, for example, Africa and South America without making it even more difficult for the IETF to produce high quality, relevant technical documents. I would like to see five Working Groups Chairs who are residing in South America within a few years. They will have to earn the role based on merit and not because they are from South America. They will have to work hard. They will have to learn by themselves what John Klensin means when he says: The "I" in the IETF is not I. Regards, S. Moonesamy 1. http://www.ietf.org/about/about-the-ietf-en.pdf
Attracting people from emerging regions into the IETF
Hello, Here is a draft which attempts to address the challenge of attracting people from emerging regions who can contribute to IETF work into the IETF. Please note that I do not have a strong opinion about the suggestions. Regards, S. Moonesamy S. Moonesamy Expires: April 4, 2014 October 1, 2013 Attracting people from emerging regions into the IETF draft-ddt-fellowship-01 1. Introduction The IETF Chair set up a Diversity Design Team in July, 2013 to determine how to address issues such as geographic diversity. There is already an ISOC Fellowship programme to the IETF for participants from emerging regions. This document attempts to address the challenge of attracting people from emerging regions who can contribute to IETF work into the IETF. Section 2 lists the objectives of the existing ISOC Fellowship programme and the selection criteria. The current programme does help new participants to establish an initial face-to-face contact. However, long-term benefit requires helping these participants to engage in the full range of IETF interactions. The most effective way to contribute to the IETF is through on-going active participation and by reviewing and commenting about working group drafts. There are suggestions in Section 4 to align the ISOC Fellowship programme with the expectations of the IETF by having selection criteria that encourages active IETF participation, and by having an evaluation panel with the expertise to evaluate IETF contributions. 2. Existing support for participants from emerging regions 2.1. Objectives of the ISOC Fellowship programme The Internet Society has provided significant financial support given that attendance by technologists from emerging and developing economies is currently limited [FEL]. It is considered that actually attending an event promotes a stronger understanding of the standards process, encourages active involvement in IETF work, and facilitates personal networking with others that have similar technical interests [FEL]. The main purpose [FEL] of the ISOC Fellowship programme is to: - Raise global awareness about the IETF and its work. - Foster greater understanding of, and participation in, the work Expires April 4, 2014 [Page 1] S. Moonesamy Attracting people October 1, 2013 of the IETF by technologists from emerging and developing economies. - Provide an opportunity for networking with individuals from around the world with similar technical interests. - Identify and foster potential future leaders from emerging and developing economies - Demonstrate the Internet community's commitment to fostering greater global participation in Internet Forums such as the IETF. The goals of the ISOC Returning fellowship programme [RET] are to: - Provide an opportunity for highly committed former Fellows to return to the IETF to advance specific standards work. - More fully integrate technologists from emerging and developing economies into the IETF. - Advance the technical leadership potential of individuals from emerging and developing economies. - Provide immediate value to a working group by participating in scribing the working group meeting and contributing to the meeting minutes. 2.2. Selection criteria for the ISOC Fellowship programme Some of the requirements [SEL] for qualifying for ISOC Fellowship programme are: - Hold a university-level computer science, information technology, or similar degree, or can demonstrate similar and relevant work experience. - Be employed in a technical or technical management capacity with a data network provider (including university networks), a technology vendor, a local technical association, or other similar organisation OR be a university-level computer science/information technology professor, lecturer, or student currently undertaking research in one or more areas of current IETF standardisation work. Students must be enrolled in a graduate-level program (Masters or Ph.D). - Possess a strong understanding of how the IETF relates to and impacts their work or area of study and demonstrate how specific Expires April 4, 2014 [Page 2] S. Moonesamy Attracting people October 1, 2013 areas of current IETF work are relevant to their pursuits. Some of the attributes [SEL] that reflect favorably o
Video of TCMTF BoF (was: Remote participation to igovupdate BoF)
Hi Alex, At 23:52 26-09-2013, Alexandru Petrescu wrote: I am wondering where are the video/audiologs of recent BoFs? So I can prepare what to to expect during a typical BoF. http://www.ietf.org/proceedings/87/agenda/agenda-87-tcmtf http://www.ietf.org/proceedings/87/minutes/minutes-87-tcmtf http://recordings.conf.meetecho.com/Recordings/watch.jsp?recording=IETF87_TCMTF&chapter=part_1 http://recordings.conf.meetecho.com/Recordings/watch.jsp?recording=IETF87_TCMTF&chapter=part_2 http://recordings.conf.meetecho.com/Recordings/watch.jsp?recording=IETF87_TCMTF&chapter=part_3 http://recordings.conf.meetecho.com/Recordings/watch.jsp?recording=IETF87_TCMTF&chapter=part_4 http://recordings.conf.meetecho.com/Recordings/watch.jsp?recording=IETF87_TCMTF&chapter=part_5 http://recordings.conf.meetecho.com/Recordings/watch.jsp?recording=IETF87_TCMTF&chapter=part_6 Regards, S. Moonesamy
ISOC fellowship - Attracting new people and work into the IETF (was: In person vs remote participation to meetings)
Hi Alessandro, At 00:22 28-09-2012, Alessandro Vesely wrote: IMHO, participation of individuals and small businesses is not less important than that of newcomers from emerging and developing economies. I noticed that you asked a question about the ISOC fellowship about a year ago. There is currently a thread on the diversity mailing list [1] about attracting new people and work into the IETF ( http://www.ietf.org/mail-archive/web/diversity/current/msg00336.html ). There were suggestions from Stephen Farrell, Adrian Farrel and Kathleen Moriarty. One of the comments was about the "emerging or developing economy" requirement for the ISOC fellowship. This is an opportunity for anyone who is concerned about the hurdles affecting IETF participation to make suggestions. Please post any follow-up to divers...@ietf.irg instead of ietf@ietf.org. Regards, S. Moonesamy
Dotless in draft-ietf-homenet-arch-10
Hi Spencer, I read your DISCUSS about draft-ietf-homenet-arch-10: 'Is there a useful reference that could be provided for "dotless"?' draft-moonesamy-dotless-domains-00 discusses about dotless. I leave it to you to decide about whether it qualifies as a better reference than one to a web page. Regards, S. Moonesamy
Re: Last Call: (Characterization of Proposed Standards) to Best Current Practice
At 11:18 18-09-2013, The IESG wrote: The IESG has received a request from an individual submitter to consider the following document: - 'Characterization of Proposed Standards' as Best Current Practice The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-10-16. Exceptionally, comments may be There is a typo in the heading of Section 2 ( Reveiew). I think that it is a fine idea for the IETF to document what it does. This document does that. During the last meeting Eliot Lear mentioned that Olaf has spent an enormous amount of time to defend and to advance the IETF's views on standardization. This document can make that work easier. Regards, S. Moonesamy
Why we don't want to actually replace 2026 (was: PS Characterization Clarified)
Hi John, At 08:31 16-09-2013, John C Klensin wrote: By the way, while I understand all of the reasons why we don't want to actually replace 2026 (and agree with most of them), things are getting to the point that it takes far too much energy to actually figure out what the rules are. Perhaps it is time for someone to create an unofficial redlined version of 2026 that incorporates all of the changes and put it up on the web somewhere. I think we would want a clear introduction and I posted draft-moonesamy-stds-process-00 (expired) [1] in 2010. I have to update the draft as it does not take into account the two-track change. I would not post a revision on the web as the IETF Trust might not like it. In my opinion it might be related to the original negotiating position of CNRI. Regards, S. Moonesamy 1. http://tools.ietf.org/html/draft-moonesamy-stds-process-00
Macro Expansion (was: Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard)
Hi Doug, At 21:55 11-09-2013, Douglas Otis wrote: Add to: 11.5.3. Macro Expansion ,--- It is not within SPF's purview whether IPv6 or DNSSEC is being used. IPv6 (RFC2460) increased the minimum MTU size to 1280 octets. DNSSEC is deployed with EDNS0 (RFC6891) to avoid TCP fallback. EDNS0 suggests an MTU increase between 1280 and 1410 octets offers a reasonable result starting from a request of 4096 octets. A 1410 MTU offers a 2.4 times payload increase over the assumed MTU of 576 octets and is widely supported by Customer Premise Equipment. With increased MTUs being used with DNS over UDP, network amplification concerns increase accordingly. SPF macros can utilize SPF parameters derived from email messages that can modulate the names being queried in several ways without publishing additional DNS resources. The SPF macro feature permits malefactors a means to covertly orchestrate directed DDoS attacks from an array of compromised systems while expending little of their own resources. Since SPF does not make use of a dedicated resource record type or naming convention, this leaves few solutions available to DNS operations in offering a means to mitigate possible abuse. This type of abuse becomes rather pernicious when used in conjunction with synthetic domains now popular for tracking users without using web cookies. However, email providers can mitigate this type of abuse by ignoring SPF records containing macros. Very few domains make use of macros, and ignoring these records result in neutral handling. Some large providers have admitted they make use of this strategy without experiencing any notable problem. AOL began their support of SPF by saying they would use SPF to construct whitelists prior to receipt of email. Clearly, such whitelisting practices tends to preclude benefits derived from macro use. '--- As background information I read draft-otis-spfbis-macros-nixed-01. I read the messages where EDNS0 was mentioned [1]. I read the messages on the thread starting with msg-id: 9884b9cd-0ed3-4d89-a100-58d05ea4b...@gmail.com. I have followed the discussions about macros ever since the SPFBIS WG was chartered. The above suggestion is to add text in the Security Considerations section of the draft. The problem being pointed out is, in simple terms, DNS amplification. The first (quoted) paragraph argues that there can be an acute problem because of EDNS0 as specified in the Internet Standard. The second paragraph starts with SPF macros can utilize SPF parameters derived from email messages". I do not understand that. From what I understand the rest of the second (quoted) paragraph argues that the SPF macro feature permits evildoers to use it as an attack vector. The argument in the third (quoted) paragraph is that it is not possible to mitigate possible (DNS) abuse due to the SPF as it does not have a dedicated resource record type. The fourth (quoted) paragraph argues that macros should be ignored. That paragraph also mentions that some large providers admitted to using that strategy. I am not aware of any public reports about that. I read draft-otis-spfbis-macros-nixed-01 again to try and understand the problem. It seems to be the: '{%l}._spf.{%d} or exists:{%i}_spf.{%d} can be used in "specialized" DNS servers able to understand encrypted local-parts' which is discussed in Appendix E of draft-ietf-spfbis-4408bis-20. Arthur Thisell commented about the "specialized DNS server". He mentioned that at the time that text was written two people came forward to say that they were doing that. During the SPFBIS discussions nobody stated that he or she has implemented or is using a "specialized" DNS server. I'll ask the person editing draft-ietf-spfbis-4408bis or the SPFBIS WG to provide some publicly verifiable cases where these examples are used. I assume that the SPFBIS WG and the Responsible Area Director have understood the mathematics relating to EDNS0 and DNS amplification. Anyone who has not understood that part is welcome to raise the issue on the SPFBIS mailing list. The discussion about the "dedicated resource record type" has led to agreement. I'll describe the agreement as something people can live with. In my opinion it is better not to start another discussion about that. I hope that what I wrote above clearly explains what I have understood and what I have not understood. Regards, S. Moonesamy (as document shepherd) 1. message-id of messages: 4ef10b1f.5050...@mail-abuse.org 4f0e7154.4080...@isdg.net 29fba028-5881-4a04-95d4-227582a38...@email.android.com pine.gso.4.62.1201121350550.3...@spaz.oit.wmich.edu 20120425152326.ge60...@mail.yitter.info 1545953.Y9VaoKsXxF@scott-latitude-e6320 20120704015156.gb12...@crankycanuck.ca 1977893.MDoye0cYQa@scott-latitude-e6320 20130122231357.ga6...@mx1.yitter.info
Re: Messages to SPFBIS mailing list (was: [spfbis] Benoit Claise's No Objection on draft-ietf-spfbis-4408bis-19: (with COMMENT))
Hi Doug, At 15:58 15-09-2013, Douglas Otis wrote: This view is fully reasonable using the paradigm SPFbis is just another protocol using DNS. If so, a reference to RFC4033 would be logical and my response would seem off-topic. To clarify, the strong response was aimed specifically at the suggestion this referenced RFC offers a meaningful countermeasure. It does not and can not. I set the subject in my message to you as "Messages to SPFBIS mailing list". I assumed that it was clear that the topic being discussed in the body of the message was about your messages to the SPFBIS mailing list and the topics being discussed on different threads. ,--- > I'll suggest: > > and see RFC 4033 for a countermeasure. '--- The above (see the two quoted paragraphs above) is not related to the message at http://www.ietf.org/mail-archive/web/spfbis/current/msg04182.html or any other comments which you posted to the SPFBIS mailing list over the last week. I see part of a message relating to a message from Sean Turner being quoted ( http://www.ietf.org/mail-archive/web/spfbis/current/msg04157.html ). The reasoning is as follows: Nothing within RFC4033, or even other recently proposed mitigation strategies, offer remedies or countermeasures that adequately address risks introduced by SPFbis. SPFbis failed to acknowledge some providers will not process macros and extremely few domains publish SPF records containing macros. Adding any number of DNS related references will NOT offer countermeasures able to address network amplifications SPFbis permits for unknown entities. In other words, SPFbis advocates a scheme where more than 222 automated DNS macro driven transactions are to be made by message recipients on behalf of unknown entities. The message from Sean Turner was about "spoofed DNS". I suggested a reference and Sean Turner mentioned that it would work for him. John Levine also commented and mentioned that he is okay with that. There wasn't anything in the messages about "macros". The SPFbis process: a) Fails to use dedicated resource records b) Fails to use naming conventions c) Does not limit a large sequence of resource record sizes d) Uses macro selected email terms to modify targets which-- 1) inhibits effective caching 2) increases network amplification potentials (>>3x) 3) increases the number of indirect DNS threat vectors (any system sending email) From any practical measure, macros have already been deprecated. SPFbis should reflect this reality since not doing so will greatly impact interchange. SPFbis should also go one step further and return "permerror" when resource record sizes are larger than necessary to better ensure against reflected network amplification threats that would imperil DNSSEC/ENDS0. I previously asked for input about the "macro" issue from anyone who has not commented about it ( http://www.ietf.org/mail-archive/web/ietf/current/msg82405.html ). I did not receive any input and I did not see any messages relating to what I asked on the SPFBIS mailing list; the latter can be easily verified by reading the SPFBIS mailing list archives. Regards, S. Moonesamy
Re: PS Characterization Clarified
Hi Olaf, At 07:56 13-09-2013, Olaf Kolkman wrote: Based on the discussion so far I've made a few modifications to the draft. I am trying to consciously keep this document to the minimum that is needed to achieve 'less is more' and my feeling is that where we are now is close to the sweetspot of consensus. The intended status would have to be BCP instead of Informational. In Section 3.1: "A specific action by the IESG is required to move a specification onto the standards track at the "Proposed Standard" level." I suggest "standards" instead of "specific" action if you (and the other authors) decide that BCP is appropriate. The last paragraph in Section 3.1 is okay. I don't think that Section 4 is necessary. Please note that I do not have a strong opinion about this. I leave it to your discretion. The two references in Section 7 would have to be normative references. I have reason to believe that you mean it when you say "we document what we do". draft-kolkman-proposed-standards-clarified-01 proposes that the IETF does that and I think that it is a fine idea. Regards, S. Moonesamy
Re: Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Hi Doug, At 21:55 11-09-2013, Douglas Otis wrote: Recommended text is as follows: Thanks for suggesting text. I'll take this up with the SPFBIS WG after the (IESG) DISCUSSes have been addressed. Here are some quick comments. Section 4.6.4 was reviewed again in response to the DISCUSS from Barry Leiba. I will take the new changes into consideration when making a suggestion to the SPFBIS WG about that part of the draft. I'll also review the text proposed in the message at http://www.ietf.org/mail-archive/web/ietf/current/msg82402.html before making that suggestion. There were also some text clarifications to Section 5 in response to comments from Barry Leiba. I'll see whether the addition of the one sentence which you propose fits in. Some text was proposed to address the "DNS message" issue in Section 3.4 ( http://www.ietf.org/mail-archive/web/spfbis/current/msg04104.html ). I'll use your suggestion and some of the other suggestions to get this issue resolved. It is my understanding that you consider the "macro" issue (Section 11.5.3 in the text which was proposed) as a major one. The argument in your message starts with IPv6 or DNSSEC not being in the purview of draft-ietf-spfbis-4408bis. It is followed by EDNS0 is used with DNSSEC, and there is a discussion about MTU after that. The next paragraph starts with the argument that the SPF macro feature can be used for "attacks". The proposed text then argues that SPF records containing macros are to be ignored to mitigate such an attack. At the moment I do not know what I will suggest. I welcome any new input from anyone who has not commented about the "macro" issue. I suggest using the spf...@ietf.org mailing list only for any follow-up about the above instead of copying the message to the ietf@ietf.org. Regards, S. Moonesamy (as document shepherd)
Re: draft-moonesamy-ietf-conduct-3184bis
At 13:16 03-09-2013, Barry Leiba wrote: I agree with Scott that the stuff between the commas doesn't belong here. That is, it doesn't belong *here*; it can certainly go into a sentence or paragraph with advice for native English speakers. Consider something like this instead: Participants must do their best to accommodate the needs of other participants by communicating clearly. When faced with English that is difficult to understand, we must all make the effort to understand it nonetheless, engaging in conversation to clarify what was meant. Native English speakers, in particular, should be careful with the use of slang and cultural references that might not be well known to everyone. I'll try and come up with text to reflect the above and the other feedback about that part of the draft. That might not be exactly right; please try to understand me, and tweak as necessary. :-) At 13:36 03-09-2013, Scott Kitterman wrote: I do think that's better. In my experience, once code of conduct type language is codified, eventually someone will try to use it as a hammer. It needs to be crafted with this assumption in mind. My reading of the feedback is that the above is a concern. At 19:58 03-09-2013, Scott Kitterman wrote: I agree that trying to figure things out is a net positive. What I want to avoid is someone making excuses claiming that since they aren't a native speaker it's somebody else's problem to understand them. Ok. Regards, S. Moonesamy
Re: Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Hello, This is a rough summary of the comments which have been made on the Last Call for draft-ietf-spfbis-4408bis-19 since I emailed Pete Resnick [1]. There were comments about the RFC 5507 concerns from Patrik Fältström [2], Dave Crocker [3], Mark Andrews [4] and John Klensin [5]. There were comments from Dan Schlitt [6] in which he provided his perspective of the SPFBIS discussions. In his opinion "it is unwise to have a standards track protocol which overloads the TXT record". He suggested that the specification should be published as Informational. The comments provided by Dave Crocker [3] [7] and John Klensin [5][8] may also be related to the intended status of the specification. Phillip Hallam-Baker commented about the design objections [9]. I'll ask the Responsible Area Director for guidance about the above instead of suggesting that the SPFBIS WG address them. Joe Abley commented about the usage of "messages sent over UDP" [10]. This issue has been raised by Douglas Otis. My suggestion to the SPFBIS WG is to address this issue. Please email me if you consider your comments as not having been addressed correctly. I suggest waiting for Pete Resnicks to send a message to the mailing list if you sent Last Call comments before August 24. Regards, S. Moonesamy (as document shepherd) 1. http://www.ietf.org/mail-archive/web/ietf/current/msg81877.html 2. http://www.ietf.org/mail-archive/web/ietf/current/msg81887.html 3. http://www.ietf.org/mail-archive/web/ietf/current/msg81889.html 4. http://www.ietf.org/mail-archive/web/ietf/current/msg81891.html 5. http://www.ietf.org/mail-archive/web/ietf/current/msg81912.html 6. http://www.ietf.org/mail-archive/web/ietf/current/msg81939.html 7. http://www.ietf.org/mail-archive/web/ietf/current/msg81923.html 8. http://www.ietf.org/mail-archive/web/ietf/current/msg81924.html 9. http://www.ietf.org/mail-archive/web/ietf/current/msg81927.html 10. http://www.ietf.org/mail-archive/web/ietf/current/msg81862.html
Re: draft-moonesamy-ietf-conduct-3184bis
At 23:15 31-08-2013, Scott Kitterman wrote: That does seem better, but don't all parties have an obligation to attempt to communicate clearly? The new text is as follows: Participants, particularly those with English as a first language, attempt to accommodate the needs of other participants by communicating clearly. Participants try to accommodate each other. At 09:08 01-09-2013, Barry Leiba wrote: I think Scott has put this perfectly, and it's exactly right. The main point is clear communication. Everything else is advice about how to achieve that. Yes. We're all individuals, and we have different tolerance levels -- some of us are more patient than others in trying to understand. That said, this is also a collaborative environment, where everyone needs to do her part. Native speakers need to use a level of English that's likely to be accessible to non-natives, and to do the best they can to understand what others are saying. Non-native speakers need to do what they can to improve their English skills. Everyone has responsibility. Yes. At 09:22 01-09-2013, Dave Crocker wrote: If the document only cites concepts or principles or other terms of abstraction, each of us is likely to interpret them /very/ differently. Especially for a topic like this. Worse, even if we interpret them in the same way, we might not understand what behaviors to attempt or to avoid, since that often requires some understanding of the differences between cultures and people. Yes. Brian Trammell explained it better than I could (see http://www.ietf.org/mail-archive/web/diversity/current/msg00289.html ). Melinda Shore commented about what to avoid (e.g. highly idiomatic language). Somebody in the group, WG Chair, Area Director, or even a participant, might explain what is causing a communication problem. At the other end someone who has a problem understanding what is being said can contact the WG Chair or Area Director privately so that they can step in and help. Regards, S. Moonesamy
Re: draft-moonesamy-ietf-conduct-3184bis
Hi Eduardo, At 08:44 01-09-2013, Eduardo A. Suárez wrote: the problem is that when one is arguing against the opinion of another person, it is very easy for the recipient to respond "you do not write well and I do not understand" and so disqualify his opponent. "You do not write well" is not a reason to reject an opinion. "I do not understand" is also not a reason to reject an opinion. Please note that, in theory, person Y (see opponent in the above) cannot disqualify the person X. It does happen in practice as people do not use the process which is supposed to prevent all that from happening. Another problem is that it is difficult to know how to use the process. Speaking for myself, it is understandable that anyone in that situation will find it unbearable. I think that it would be good if something which brings results is done about it this year. Regards, S. Moonesamy
Re: draft-moonesamy-ietf-conduct-3184bis
Hi Eduardo, At 23:19 31-08-2013, Eduardo A. Suarez wrote: I think both parties have to try to express clearly. Those who do not have the English as their native language should also try to do so. Agreed. What is unbearable to me is that in more than one discussion in a mailing list someone's opinion is censored because misspell their ideas or opinions. I'll try and rephrase the above. In some mailing list discussions a person's ideas or opinions are ignored because the ideas or opinions are either not expressed clearly or the ideas or opinions are not understood. Regards, S. Moonesamy
Re: draft-moonesamy-ietf-conduct-3184bis
Hi William, At 21:41 31-08-2013, William McCall wrote: Just one point that irks me a bit about this draft... this draft would imply the violation of the code upon those who do (however inadvertently) are 1) Native English speakers and 2) use slang of some nature (which is quite arbitrary). I'd ask for the original phrasing to be more or less preserved (I see a few wording changes worthwhile) to avoid the implied absurdity. The application of Lars' comment would potentially provide for penalty here, so I think it is worthwhile to fight this point now. The original phrasing is as follows: "English is the de facto language of the IETF, but it is not the native language of many IETF participants. Native English speakers attempt to speak clearly and a bit slowly and to limit the use of slang in order to accommodate the needs of all listeners." The draft reuses the text. That text could be rewritten as: English is the de facto language of the IETF, but it is not the native language of many IETF participants. Native English participants attempt to accommodate the needs of other participants by communicating clearly. Regards, S. Moonesamy
Re: draft-moonesamy-ietf-conduct-3184bis
Hi Hector, At 14:50 31-08-2013, Hector Santos wrote: Along with the other recent drafts for streamlining the RFC process, I get the feeling even this new drafting on conduct is simply going to be a new rubber stamping tool to shut down the process of due diligent engineering discussions, required cross areas reviews, including increasing conflict of interest concerns. There is a lost of engineering diversity when there is a lack or lost of industry representation. Folks who shy away, turned off or excommunicated based on leveraging conduct policies, we get a behavior I call "Consensus by Osmosis" -- rough consensus, higher potential for appeals and huge LC debates. I don't find appeals to be a problem. I don't find huge Last Call debates to be a problem. Unpleasant behavior is a problem as it creates an unworkable climate. I don't think that it is possible to build consensus in such circumstances. Lars Eggert made the following comment: "I actually WANT this draft to talk about the CONSEQUENCES (posting rights getting taken away, personal attendance made impossible, etc.) of not following the code of conduct! I think that would be by FAR the most impactful addition we could make." Some of the above is already possible (see Appendix B). Anyone having concerns about conflict of interest can raise the concerns. This draft does not prevent that from happening. This draft is not about cross-area reviews. Perhaps this draft should has some statements about what is expected of the project leaders in the area of processing participant inputs. I think the draft should also define or describe: - Participants - Individuals - Project Leaders (AD, CHAIRS, EDITORS?) The roles are discussed in RFC 2418. Regards, S. Moonesamy
Re: draft-moonesamy-ietf-conduct-3184bis
At 11:02 31-08-2013, Melinda Shore wrote: It seems like this would be a good time for an update. A few comments: . I think there are a few things that we've been taking for granted that everybody knows, because they did, but that may not longer be the case and consequently they should be made explicit. One that really popped out at me while reading this is that we may need to be clearer that people are participating in the IETF as individuals and contributions are evaluated in that light Yes. . I'd like to see some mention of consensus-seeking behavior; that is to say, we make decisions on the basis of rough consensus and so the goal of discussion should be to build consensus rather than to "win." As a quick reply, it may be possible to put that under Item 2 in Section 2. My preference would be to pick a comment from Ted Lemon {1]: "Not trying to figure out if what they said meaningfully contradicts your own position, and not making a sincere effort to determine if they might be correct in contradicting your position." and use the above to mention "sincere effort". . I'm not 100% comfortable with the concept of "violating guidelines I added that based on a comment from Lars Eggert [2]. The word "breach" may be more appropriate. I should have used the word "consequences" for Appendix B. . I think it was a good idea to remove text that could be discouraging to new participants. There was a comment from Lars Eggert [3]: '"when you begin to participate in a WG, maybe approach the chairs or longer-term participants in order get a view on whether the issues you wish to discuss fit the current work of the group." Rationale: I HAVE seen newcomers raise issues that were either outside the scope, or raise them in ways that got them a bad reception, and a little caution about how to get the best result is IMO good.' My preference is for that to be part of the Newcomers tutorial and/or the Tao instead of a guideline for conduct. At 11:15 31-08-2013, Phill wrote: I think it would be useful to point out that there is a big difference between getting a draft published as an RFC and getting the proposal deployed. The point of the IETF process is that it provides an opportunity to build the consensus necessary to deploy the proposal. The consensus is the real product, the documents are secondary. It would be better to discuss the above as part of the tutorial material. It is also the case that some consensus matters more than others. A proposal cannot be deployed without the support of people who write code and operate infrastructure that must be changed. So people who work to effect a back room carve up that cuts those people out of the process are wasting everyone's time Proposals which do not have the support of the people who write the code tend to be ignored by the people who write the code. At 11:15 31-08-2013, Dave Crocker wrote: Might be worth referencing Pete Resnick's draft; at this point, casting it as one person's 'exploration' of the concept might avoid taking it as official, while still treating it as useful. My preference is to use "sincere effort". I'll wait for Pete Resnick to argue why his draft should be referenced. :-) By way of operationalizing the idea of discussing-to-build-consensus might be emphasizing both explanation -- to help people understand a view -- and modification -- to adjust the view based on feedback. I think that it would be good to have a discussion of that draft when Pete Resnick says that it is ready for discussion. A characteristic of talking to win, rather than explore, is having a very rigid manner of making comments, essentially only re-stating a point. By contrast, real discussion incorporates comments being made, rather than merely seeking to refute them. The problem may be that it is not clear whether the point will be considered as valid. There may be a view that restating a point is useful or else the point will be noticed. In a long thread some points do get missed. I'll mention an interesting comment: "I almost always get at least some private responses, and they inflict discomfort often enough for me to not enjoy this communication mode" It is not possible to have a real discussion if people do not feel comfortable to discuss. Regards, S. Moonesamy 1. http://www.ietf.org/mail-archive/web/ietf/current/msg81864.html 2. http://www.ietf.org/mail-archive/web/diversity/current/msg00222.html 3. http://www.ietf.org/mail-archive/web/diversity/current/msg00209.html 4. http://www.ietf.org/mail-archive/web/diversity/current/msg00243.html
Is the datatracker authoritative (was: WG Review: Dynamic Host Configuration (dhc))
Hi Ted, At 19:59 30-08-2013, Ted Lemon wrote: Yes. The minutes have been updated in the datatracker: https://datatracker.ietf.org/wg/dhc/charter/ Thanks. I don't know why this didn't show up in the announcement message. Actually, the I assumed that the message was generated by the datatracker. announcement really ought to just point to the datatracker, since what's there is normative. This is an individual opinion. Please assume that the entire IETF disagrees with it. The datatracker is not the authoritative version of a charter. It is the message archived in the relevant mailing list which is considered as authoritative. The rationale is related to note of record. Regards, S. Moonesamy
Re: WG Review: Dynamic Host Configuration (dhc)
nded. I looked at the last draft mentioned above. The last revision is dated February 2009. The DHC working group was supposed to deliver that draft to the IESG in July 2008. I looked up draft-ietf-dhc-container-opt-07. The state as at April 2013 mentions "WG Document Revised I-D Needed - Issue raised by WGLC". There is a note which says: "This document did NOT pass WGLC as there was no support for it and Ralph indicated that there were several IESG Discusses from several years ago (2009) that did not get addressed". Regards, S. Moonesamy
Re: AppsDir review of draft-ietf-repute-model-08
Hello, After reading the reviews of the Application Area Directorate review it seems to me that there is some misunderstanding of what an Application Area Directorate review is about. The review is to give the Applications Area Directors a sense of how important it is that they pay attention to a draft. If there is a problem with a working group draft that problem should be taken up with the working group instead of the Applications Area Directorate reviewer. If there is a problem with the Applications Area Directorate review it is okay in my opinion to discuss about that with the reviewer. Regards, S. Moonesamy
Re: Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Hello, It's difficult, some might say impossible, to get agreement on draft-ietf-spfbis-4408bis. I would like to ask each of you, and anyone else, to provide your opinion about the following: RFC 5507 primarily raises three concerns about TXT records: 1. The data in TXT is unstructured and subject to misinterpretation by other applications. 2. Wildcard issues. 3. Size issues. The draft addresses (3) by discussing size considerations, and tangentially addresses (1) in Section 3.4. I would like to ask everyone not to turn this into a debate by not discussing about the opinion stated by someone else. Regards, S. Moonesamy (as document shepherd)
Re: Rude responses (sergeant-at-arms?)
Hi Phillip, At 15:53 27-08-2013, Phillip Hallam-Baker wrote: What I found incredibly rude was when an AD and Working Group chair actually hissed when I gave my company name at the mic. I submitted draft-moonesamy-ietf-conduct-3184bis During the discussions (see thread at http://www.ietf.org/mail-archive/web/diversity/current/msg00201.html )about the draft it was suggested there should be consequences of not following the code of conduct. What action would you suggest against: (i) the Area Director in a case such as the above? (ii) the Working Group chair in a case such as the above? Regards, S. Moonesamy
Re: Rude responses (sergeant-at-arms?)
At 10:11 27-08-2013, Ted Lemon wrote: But the most rude behavior that ever occurs on IETF mailing lists is not listening. Not trying to understand what the person who is speaking to you has said. Not trying to figure out if what they said meaningfully contradicts your own position, and not making a sincere effort to determine if they might be correct in contradicting your position. Yes. We have seen some incredible rudeness of this type in the recent spfbis discussion, with various supposedly smart people in our community utterly ignoring what their opponents are saying, and simply re-asserting their own position in a variety of ways. I'll add the message from Scott Brim below and comment. At 10:20 27-08-2013, Scott Brim wrote: IMHO that's not a job for the sergeant at arms. The SAA is responsible for how things are said. The shepherd -- or supershepherd or whatever -- would be responsible for the substance. The shepherd would have to request PR-action on the grounds that there has been a BCP violation. That would cause other process issues. The community will remain quiet and the shepherd will take the fall. At 12:08 27-08-2013, John Leslie wrote: I feel sorry for Ted, who _does_ have to evaluate consensus here. Me too. Regards, S. Moonesamy
Re: Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Hi Joe, At 08:59 27-08-2013, Joe Abley wrote: The consistent word for this in 1035 is simply "message". "DNS Message" is in more common use today, I would say. The text you quoted from 1035 is most usefully interpreted as a contraction of "messages sent over UDP"; "UDP message" really doesn't have a well-understood meaning, and is easily conflated with "UDP datagram" which does not have a size limitation of 512 bytes. Thanks for explaining this. Please note that I personally agree with what you wrote. My understanding is that the text in Section 3.4 is trying to say DNS messages over UDP. There was some discussion about that (see http://www.ietf.org/mail-archive/web/spfbis/current/msg03088.html http://www.ietf.org/mail-archive/web/spfbis/current/msg03090.html http://www.ietf.org/mail-archive/web/spfbis/current/msg03109.html ). Regards, S. Moonesamy (as document shepherd)
Re: Last call: draft-montemurro-gsma-imei-urn-16.txt
Hi Mary, At 07:28 27-08-2013, Mary Barnes wrote: As far as the IPR, as the shepherd and DISPATCH WG co-chair, I posted a note to the DISPATCH WG mailing list before progressing this document to see if anyone had any concerns about the IPR disclosures, which had been discussed in the past and were updated when I asked the authors the requisite questions about IPR while doing the PROTO write-up. No concerns were raised with regards to the updated IPR disclosures (i.e., no one responded to that email). And, you can google "draft montemurro ietf ipr archives" to find past discussions such as this one: draft montemurro ietf ipr archives Thanks for the feedback. Somebody commented that: "It has nothing to do with IPR which was extensively discussed on the dispatch list." I read the DISPATCH mailing list archives. I did not see that extensive discussion. My comment was about that. I do not have any problem with the document shepherd comments. Regards, S. Moonesamy
Re: Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
thing as a UDP packet. Per RFC1035 Section 2.3.4. Size limits UDP messages512 octets or less I'll suggest UDP message. A reduction to 450 octets would be a reasonable recommendation for the DNS _message_, not the UDP _packet_. The packet still needs to carry the IP and UDP headers. Yes. I misunderstood your previous arguments. There should be some type of warning at minimum as the macro issue is likely to affect interchange now and going forward. The IETF should not consider protocols outside larger concerns of the well being of the Internet infrastructure and proper interchange. This issue should not be controversial. I'll consider the "macro" issue as addressed. Regards, S. Moonesamy (as document shepherd)
Re: Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
about the "ptr" mechanism ( http://www.ietf.org/mail-archive/web/spfbis/current/msg00808.html http://www.ietf.org/mail-archive/web/spfbis/current/msg00811.html http://www.ietf.org/mail-archive/web/spfbis/current/msg03184.html ). There is the following text in the write-up: "There was some controversy about whether the use of macros was a security risk and whether to deprecate the PTR feature. There was a formal appeal of the SPFBIS WG chair' interpretation of the charter, specifically regarding the removal of "unused" features. The two features in particular which drove the appeal were the PTR feature and the local-part macro feature. These features were not removed from the document given that the appeal was denied by the Responsible Area Director." I hope that the above explains the decision. The WG should have been told to focus on security and at better insuring interchange to achieve a safer stance moving forward. The working group was reminded about BCP 72. Regards, S. Moonesamy (as document shepherd)
Re: The Last Call social contract (was - Re: Rude responses)
Hi Dave, I read the messages on this thread. I suggested to the participant to comment. I am okay with the comments which were made. I had an off-list exchange before the message that generated the other thread. The exchange was not antagonistic. Some people read "please read the archives" as a requirement. That led to a misunderstanding. During a Last Call someone has to figure out what the issues are and whether they have been addressed or not. The misunderstandings do not make the work easier. Regards, S. Moonesamy
Re: [spfbis] Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Hello, This message has a Bcc to an IETF participant. In my write-up for the Responsible Area Director I mentioned that: "There was an intermediate conclusion about the topic of whether the SPF protocol should use the SPF RRTYPE or the TXT resource record. It was followed by an objection. After discussion of the topic at the IETF 83 SPFBIS WG session the conclusion reached was that the decision would be not to publish RRTYPE 99 and and not to query RRTYPE 99. The WG consensus about the RRTYPE can be described as particularly rough. The topic of obsoleting the SPF RRTYPE generated a lot of controversy near the end of the WGLC. There were a very high number of messages about the topic on the SPFBIS mailing list and the DNSEXT mailing list as some DNSEXT WG participants were not aware of RFC 6686." The WGLC announcement [1] for draft-ietf-spfbis-4408bis-14 was sent on April 9, 2013 and it was mentioned that the WGLC will close on April 24. I posted my review as document shepherd on April 23 [2] and looked into the IANA Considerations Section of the draft as there is a question in the write-up about whether the IANA Considerations are clear and complete. Something unusual occurred. A very high number of messages were posted about on a thread about the DNS Parameters registry [3]. Most of the comments were submitted after the end of the WGLC. On April 25, the Responsible Area Director [4] commented that: "This discussion should have happened at SPFBIS *chartering* time, as it is crystal clear from the charter that existing features currently in use in SPF are not going away. Indeed, the TXT record was specifically mentioned in the charter." In another message he commented [5] that: "If you think SPFBIS was being superficial in its treatment of this topic and can identify an argument that was missed, fine." The thread was left to run in case an argument was missed. The SPFBIS WG Chairs [6] posted a message on April 30 about "the planned deprecation of the SPF RRTYPE and whether TXT is an appropriate thing to use and if it is whether the SPF use of it is ok". There is the following text in the write-up: "Some WG participants have mentioned that they may express extreme discontent about the decision to obsolete the SPF RRTYPE during the Last Call." That is a notification to the Responsible Area Director and the other members of the IESG about the matter. I reviewed the discussion about the RRTYPE several times in doing the write-up and after that to determine whether the following is correct: "The WG consensus about the RRTYPE can be described as particularly rough." I did not find any problem in the process followed to reach that conclusion. I read the messages posted on the IETF mailing list [7]; there are around a 100 messages. I didn't notice any messages about an issue with the above statement. Regards, S. Moonesamy (as document shepherd) 1. http://www.ietf.org/mail-archive/web/spfbis/current/msg03347.html 2. http://www.ietf.org/mail-archive/web/spfbis/current/msg03414.html 3. http://www.ietf.org/mail-archive/web/spfbis/current/msg03412.html 4. http://www.ietf.org/mail-archive/web/spfbis/current/msg03497.html 5. http://www.ietf.org/mail-archive/web/spfbis/current/msg03507.html 6. http://www.ietf.org/mail-archive/web/spfbis/current/msg03681.html 7. http://www.ietf.org/mail-archive/web/ietf/current/msg81609.html
Re: SPFBIS LAST CALL: SenderID Framework (PRA, SUBMITTER)
Hi Hector, At 07:29 22-08-2013, Hector Santos wrote: Besides the SPF type issue, I believe there are still a number of integrated protocol issues to address. How does the following RFCs play into SPFBIS output, the SPF type and the overall BIS document? Should RFC4408BIS update any of these documents? [1] RFC4405 SUBMITTER SMTP Service Extension [2] RFC4406 Sender ID: Authenticating E-Mail [3] RFC4407 Purported Responsible Address (PRA) I would say no as the above RFCs are not related to draft-ietf-spfbis-4408bis-19. I'll mention the following text from RFC 6686: "The experiments comprising the series of RFCs defining the SUBMITTER SMTP extension (RFC4405), the Sender ID mechanism (RFC4406), the Purported Responsible Address algorithm (RFC4407), and SPF (RFC4408), should be considered concluded. That is the official position of the IETF. I can state that the text reflects the consensus of the SPFBIS WG as I verified whether there was working group agreement before requesting the publication of RFC 6686. The following text is from RFC 6686: "This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG)." From an IETF perspective that's the answer that will be given. For example: In RFC 4406 (SenderID), section 3.1 says: This section replaces the definition of the version identifier in Section 4.5 of [RFC4408] and adds the concept of SPF record scopes. In section 4.4, item 1: 1. If any records of type SPF are in the set, then all records of type TXT are discarded. Overall, 1) Do SenderID publishers need to drop the SPF type as well? 2) Do PRA/SUBMITTER compliant receivers need to also drop SPF type queries? 3) Do SMTP vendors need to begin dropping SUBMITTER as well? Somebody can submit a draft which answers those questions and have it discussed in the IETF. The SPFBIS WG Chairs have mentioned that once the work on draft-ietf-spfbis-4408bis is completed the SPFBIS WG will be ready to close ( http://www.ietf.org/mail-archive/web/apps-discuss/current/msg10124.html ). I don't think that the SPFBIS WG will take on the draft. The person submitting the draft can contact the Application Area Directors to find out where to discuss the draft. Procedurally, does SPFBIS need to address or take over these multiple protocols integration concerns (including SMTP SUBMITTER receivers) or should it just remain silent and allow vendors make a guess at all this? What is the SPF summary in this regard for the application integrator? Procedurally, the SPFBIS WG does not need to address that (see above comments). SPFBIS will remain silent and allow vendors to make a guess. The SPF summary is that it is out of scope for draft-ietf-spfbis-4408bis-19. Should the IETF consider a new SenderID WG to discuss what are the repercussions the SPFBIS results have on it? The above question is about a SenderID BoF. I personally do not think that there is currently interest in having that BoF (see RFC 5434). Regards, S. Moonesamy
Re: [spfbis] Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Hi John, At 20:02 21-08-2013, John Leslie wrote: If this is the sort of response given to somewhat-valid questions raised about the draft being proposed, Pete will eventually have to say there _is_ no consensus. :^( An Area Director may say that. :-( Regards, S. Moonesamy
Re: [spfbis] Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Hi Eliot, At 03:26 21-08-2013, Eliot Lear wrote: First, I appreciate that you and Dave are bringing data to the table. However, in this case, it is not in dispute that queries are happening. What *is* in dispute is whether there are answers. I must admit I am having a difficult time understanding the logic, even so. The *hard* part about this was supposed to be implementation of the record in the application software. Can the shepherd answer this question: To what extent has that happened? There is a thread about libspf2 querying for RRTYPE 99 first ( https://lists.exim.org/lurker/message/20110812.094310.3a53c0f6.gl.html#exim-users ). I'll also mention http://support.godaddy.com/groups/domains-management-and-services/forum/topic/spf-type-99/ and http://features.cpanel.net/responses/ability-to-create-spf-type-99-records Here are a few messages on the SPFBIS mailing list about RRTYPE 99: http://www.ietf.org/mail-archive/web/spfbis/current/msg00555.html http://www.ietf.org/mail-archive/web/spfbis/current/msg03778.html http://www.ietf.org/mail-archive/web/spfbis/current/msg03781.html The SPFBIS WG Chair asked a question about what to conclude given the SPFBIS Charter ( http://www.ietf.org/mail-archive/web/spfbis/current/msg03779.html ). Regards, S. Moonesamy (as document shepherd)
Re: Rude responses (Was: Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard)
Hello, Lars Eggert mentioned [1] the following: "cool off, take the intensity out of the discussion, and try to provide data/facts for your different standpoints, so the rest of us who are sitting on the sidelines watching the fireworks can form an opinion." Regards, S. Moonesamy 1. http://www.ietf.org/mail-archive/web/diversity/current/msg00222.html
Re: Last call of draft-ietf-spfbis-4408bis-19
Hi Patrik, At 11:58 20-08-2013, Patrik Fältström wrote: As the bottle is opened, I hereby state my objection to Section 3.1 of draft-ietf-spfbis-4408bis-19 for the reasons explained below. I do agree (as stated below) that the section of RFC 4408 that specify how to use both SPF and TXT resource record types include an error as it does not lead to interoperability. As the intention with use of both TXT and SPF originally was to migrate from TXT to SPF I instead of what is outlined in the draft suggest that a proper migration strategy is laid out (look up mandatory to implement SPF and fall back to TXT). This instead of deprecation of the SPF record. In general I do believe, for example when looking at IPv6 and DNSSEC and similar technologies, that the lifetime of RFC 4408 is too short to deprecate any of the proposed records that are in use, specifically as RFC 4408 explicitly do allow use of both. draft-ietf-spfbis-4408bis-19 is not the usual Proposed Standard effort. The SPFBIS WG was tasked to move RFC 4408 to Proposed Standard with restrictions. One of the restrictions is not to review the design. I hope that explains why draft-ietf-spfbis-4408bis-19 is what it is. I suggested to the working group to review the issue of the migration strategy (see http://www.ietf.org/mail-archive/web/spfbis/current/msg03934.html ). From Section 3.1.1 of RFC 4408: "It is recognized that the current practice (using a TXT record) is not optimal, but it is necessary because there are a number of DNS server and resolver implementations in common use that cannot handle the new RR type. The two-record-type scheme provides a forward path to the better solution of using an RR type reserved for this purpose." There isn't similar text in draft-ietf-spfbis-4408bis-19. Hector Santos commented that: "we will add SPF type support in our implementation once the infrastructure is ready. For us, as a windows shop, namely Microsoft DNS servers." I read http://social.technet.microsoft.com/Forums/windowsserver/en-US/5841e884-db22-42a1-8530-615a375662cc/dns-server-support-for-new-or-unamed-rr-type-records My conclusion is that there is a DNS server that cannot handle the new RR Type. The question is how to address the objection about the migration strategy. Regards, S. Moonesamy (as document shepherd)
Re: [spfbis] Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
At 04:55 21-08-2013, manning bill wrote: regarding adoption it would be interesting to take a second snapshot from each of these servers in about six months to see if the trend has changed (modulo PAFs observations that not all TXT == SPF). In the mean time, declare a suspension of last call to gauge if the presumption of failure of the SPF RR merits this drastic action. The IETF chartered the SPFBIS WG to deliver: (i) A document describing the SPF/Sender-ID experiment and its conclusions to the IESG for publication. (ii) A standards track document defining SPF, based on RFC4408 and as amended above, to the IESG for publication. There is a message from the Responsible Area Director ( http://www.ietf.org/mail-archive/web/spfbis/current/msg00331.html ) and the SPFBIS Chairs ( http://www.ietf.org/mail-archive/web/spfbis/current/msg00355.html ) about (i). The SPFBIS WG was asked to make a good-faith effort and that is what the working group did. The editor of RFC 6686 did a good job. The IESG approved the publication of the draft. The working group worked on its second deliverable (ii) after that. There wasn't any concern about the TXT RR as the matter was considered as resolved in RFC 6686. I asked DNSEXT about the SPF RRTYPE in the (IANA) DNS Parameters registry ( http://www.ietf.org/mail-archive/web/spfbis/current/msg03412.html ). It generated long threads on several IETF mailing lists. It was unusual to have that amount of comments after the end of a WGLC. Suspending the Last Call for six months is a drastic action. I would ask the Responsible Area Director to consider that if the SPFBIS WG did not make a good-faith effort or if there is an issue with the process that was followed. My opinion is that the SPFBIS WG made a good-faith effort. There are at least three Area Directors reading the SPFBIS mailing list. They did not flag any process-related issue. At 07:03 21-08-2013, Jelte Jansen wrote: Just wondering, could OARC's recent DITL data help? (perhaps if only to see whether another large-scale targeted effort is needed) Yes. Someone also has to do the work. Regards, S. Moonesamy (as document shepherd)
Re: [dnsext] Deprecating SPF
Hi Patrik, At 11:45 20-08-2013, Patrik Fältström wrote: The reason why I did not post there at first was that a) I did not feel I had followed the rules laid out for discussions [read all messages in the mailing list archives] and b) the discussion on the dnsext list was more general on overload of TXT records [something DNS people have always been against -- see IAB document on DNS choices]. But, when having that discussion on the dnsext mailing list, to which I cc:ed Pete as responsible AD for full disclosure, Pete did ask me for a complete explanation of my view, which I posted. Once again, without re-reading the mailing list archives. First of all, I apologize for copying the message to ietf@. The advice given was to read the comments in the SPFBIS mailing list archives. It is not a rule. If a person did not read all the messages and the person raises a point or provides arguments which were not discussed previously I will ask the SPFBIS WG to address them. I don't know whether to process your comments or the other comments posted on dnsext@ as part of the Last Call or not. It is unclear to me as to whether I should only consider messages with the appropriate Last Call subject line. My sense is that I should listen to your concerns. Regards, S. Moonesamy
Re: [dnsext] Deprecating SPF
Hi Patrik, I am copying the message to ieft@ as there is an ongoing Last Call. At 08:28 20-08-2013, Patrik Fältström wrote: The consensus related to how to fix RFC 4408 will be very rough. That is clear. And I feel sorry for responsible AD and IESG to be forced to make a decision that such a large rough part of the rough consensus will not be happy with. Regardless of what the decision will be. An architectural correct solution is to change: OLD: An SPF-compliant domain name SHOULD have SPF records of both RR types. A compliant domain name MUST have a record of at least one type. If a domain has records of both types, they MUST have identical content. NEW: An SPF-compliant domain name SHOULD have SPF records of both RR types. A compliant domain name MUST have a record of at type SPF, code 99. Lookup MUST first be of type SPF and SHOULD if no response is received be of type TXT. Reasoning: The use of the TXT record for SPF is not sounds for a number of reasons: 1. The TXT record already can have multiple fields, and it is very unfortunate that the SPF use of TXT records do not use that feature. Instead the SPF specification do say that the first field should be used, and if there are more than one they should be concatenated. After one have one and only one field, that field should be parsed and divided in fields. 2. It is even (compared to some other TXT related documents) pointed out in RFC 4408 that collisions as described in RFC 5507 might happen. 3. It is also pointed out that there might be size issues with the records, and experience from use of NAPTR show that selecting a preferred mechanism that potentially blows the size of the RRSet is not very wise. This is btw why the URI RR Type do not use a prefixed length "text" field in the RDATA but do set the string the URI is to the full length of the RDATA, i.e. without any 255 byte limitation. 4. DNS is by design (as pointed out in RFC 5507) created with a tuple consisting of owner, type and class for selection by the client what record set to be retrieved. This RRSet architecture is something that comes back not only in the query/response architecture of the DNS protocol, but also in the DNSSEC architecture where RRSets are the units that are signed. Not explicitly ensuring an RRSet is used for SPF (and nothing more) is an architectural choice I strongly am against. Because of these reasons, I do believe the choice is wrong to say that TXT MUST be implemented and instead I am in favor of having type SPF be mandatory for interoperability with fallback to lookup of TXT. From Section 3.1 of draft-ietf-spfbis-4408bis-19: "SPF records MUST be published as a DNS TXT (type 16) Resource Record (RR) [RFC1035] only. The character content of the record is encoded as [US-ASCII]. Use of alternative DNS RR types was supported in SPF's experimental phase, but has been discontinued." There is a message from Pete Resnick about RFC 2119 usage ( http://www.ietf.org/mail-archive/web/spfbis/current/msg03642.html ). The interpretation of "SHOULD" and MUST" in that part of RFC 4408 was an issue which the SPFBIS WG discussed about. It would be better to have the discussion on the ietf@ mailing list as that's the venue which the IESG identified for last Call comments. Regards, S. Moonesamy
Re: [spfbis] Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Hi Hector, At 07:16 20-08-2013, Hector Santos wrote: This doesn't seem to be correct. My apology if I don't follow or see the logic. The only real issue as it was since day zero in MARID was the infrastructure support for recursive passthru queries which is what RFC 3597 (Handling of Unknown DNS Resource Record (RR) Type). Without this, which allows for servers to delay/plan direct new RR type support yet still not error out on an unnamed type, there COULD NOT be any reasonable expectation to even only suggest a dual query migration approach, either in serial or parallel. It is very important to consider the mindset when it was first considered and written for RFC 4408 because to me, that is the mindset that has changed. This would be a process issue then as the SPFBIS Chairs determination was made on the basic of the text from the SPFBIS Charter which was cited. A person can raise an objection (I am okay with that as that's part of the work) with substantive comments to support the objection. I hope I am reading this incorrectly. It may be too procedural oriented to me at this point. I would like to see a simple just distinctive consensus on what the entire IETF/DNS community believes is the future of DNS servers offering unnamed RR type processing because that is the main barrier for any kind success. We knew this as far back as MARID. I don't quite understand why this key point seems to be left out, instead MARID was deemed off topic. That was an error because if there is no future in unnamed RR type support, then it really doesn't matter and the problem is solved. TXT only will be the only fast entry point for new DNS DOMAIN policy applications. If the community still believes it possible, then clarifying and codifying the SPF/TYPE lookup procedure seems to me to be the only real correction to make here. My reading of the SPFBIS Charter is that the working group was not tasked to work on the future of DNS servers. That does not mean that arguments about the future of DNS servers are not relevant. There are several questions: (a) Was there an error in RFC 4408? (b) What was the error in RFC 4408? (c) Why was there an error in RFC 4408? (d) What should be done about the error? There isn't anything that can be done about question (c) except not to repeat the same mistake. Is there disagreement on the answers to questions (a) and (b)? Regards, S. Moonesamy (as document shepherd)
Re: [spfbis] SPF TYPE support
mments about RFC 3567 during the working group discussions (see http://www.ietf.org/mail-archive/web/spfbis/current/msg00545.html http://www.ietf.org/mail-archive/web/spfbis/current/msg00820.html ). If this is no longer the expectation, then it would make sense to remove the SPF type but also be aware that in general, this will also nix (not help) any future idea for successfully adopting new RR types. It would be added statement that TXT based applications are acceptable. I think the DNS community continues to have a problem with this. Noted. SM, Pete, thank you for the opportunity to clarify my point. For the record, there was no intent to imply it occurred but quite frankly when it is repeatedly stated, this deeply divided issue has not be resolved at any point, it does have an intimidation factor. As Mr. Crocker stated, the burden is on the those who oppose the removal. But my question was always why was the decision made to remove in the first place done when in fact it was quite obvious it would not have industry wide endorsement. The burden should of been to justify removal. Now it has become difficult to effectively add it back. This is why I posed the question in two forums to get community input over the last few years. It was quite obvious to me that the DNS community would be against this removal. So in this vain, it was prematurely removed in the WG without early IETF/IESG/DNS concerns adequately dealt with. Unfortunately, we were advise to raise the issue again in LC, but by that point, all the IETF procedural moves were made making it it a very high burden to add something that should not been removed in the first place. There are two SPFBIS WG Chairs. The way we work is: I read the mailing list messages, the other Chair reads the mailing list messages, each chair reaches his own conclusion and we discuss about it. Once the Chairs agree a message is posted to the WG mailing list. Let's assume that the Chairs did not carefully consider the comments or their determination was incorrect. There is a Last Call where the matter can be raised again. That is the advice that was given. There is indeed a high burden as the person raising the issue again will have to read the mailing list messages to determine whether they have been carefully considered. Regards, S. Moonesamy (as document shepherd)
Re: [spfbis] Last Call: (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
At 08:05 19-08-2013, MÃns Nilsson wrote: I strongly OPPOSE draft-ietf-spfbis-4408bis-19.txt being published as RFC unless substantial parts are reworked. * The charter disallows major protocol changes -- removing the SPF RR type is a direct charter violation; since SPF is being used on the Internet. * The overloading of the TXT record is a hack at best, aimed at circumventing DNS management systems vendors that fail to ship support. Breaking the DNS model with specific resource records is not the way to get better application support. (besides, the major argument at the time was "it's so hard and takes ages to get a RR type", which isn't true anymore and also, the RRtype is allocated, what's the fuss? ) * The empirical data that was gathered and the conclusions from which that where published as RFC 6686 are IMNSHO flawed and rushed in that they set far too optimistic deadlines for adaptation before declaring failure. The IESG should send draft-ietf-spfbis-4408bis-19 back to spfbis wg and tell the wg that instead of deprecating SPF it should be algorithmically preferred while maintaining support for TXT. I read the SPFBIS charter ( https://datatracker.ietf.org/wg/spfbis/charter/ ) again. The charter violation the above may be referring might be about: "Specifically out-of-scope for this working group: * Removal of existing features that are in current use." There is a message from the Responsible Area Director at http://www.ietf.org/mail-archive/web/spfbis/current/msg02167.html which might shine some light about that part of the charter. Both RR Type 16 and RR Type 99 are in use on the Internet. Tony Hansen mentioned during the IETF 83 session that: "when you write a protocol, there is definite harm if there is a choice in what you publish and what you look for. He is of the view that there is a definite bug in RFC 4408." Fixing that bug falls within the scope of the SPFBIS charter, specifically: "Changes to the SPF specification will be limited to the correction of errors, removal of unused features, addition of any enhancements that have already gained widespread support, and addition of clarifying language. " The fourth paragraph (see quoted text) states that the conclusions from that where RFC 6866 were flawed and rushed. The explanation given is because the working group declared failure too soon. The SPFBIS WG discovered a bug during the review of the SPF specification. One of the main considerations for the decision was to fix the bug. The working group had to choose one RRTYPE as the conclusion was that it was the appropriate way to fix the bug and ensure interoperability. The comments posted up to now for the Last Call points to a disagreement about the choice of RRTYPE. Regards, S. Moonesamy (as document shepherd)
Re: SPF TYPE support
Hi Hector, At 14:10 19-08-2013, Hector Santos wrote: I'm having a hard time with both sides of the argument, especially the supposed existence of an "interop problem" which seems to only highlight how to "procedurally" stump the SPF type advocates with a "error correction" standpoint. What is that error by the way? In a message dated February 27, 2012, the SPFBIS Chairs commented that the discussion about Issue #9 (SPF RRTYPE) has revealed an interoperability concern in the existing RFC (4408). From RFC 6686: "RFC 4408 itself included a faulty transition plan, likely because of the late addition of a requirement to develop one -- it said: An SPF-compliant domain name SHOULD have SPF records of both RR types. A compliant domain name MUST have a record of at least one type. which means both can claim to be fully compliant while failing utterly to interoperate." The consensus of the SPFBIS WG was that this is an interoperability issue and it would have to be corrected. That is what was considered as an error correction. I don't believe there was an adequate answer from the advocates of removing the SPF RR type and the repeated assertion that its been discussed at length has not been convincing it was appropriately addressed. It all seem to be a "Shut up" approach to the problem (always suggest that its been discussed already). This seems to be one of the reasons why the issue will not go away. I personally do not think that it is appropriate to ask any working group participant to "shut up". I welcome hearing arguments and I expect a working group to carefully consider them. Regards, S. Moonesamy (as document shepherd)
Re: Last Call: (URI Scheme for Session Traversal Utilities for NAT (STUN) Protocol) to Proposed Standard
At 15:14 12-08-2013, Graham Klyne wrote: But, in a personal capacity, not as designated reviewer, I have to ask *why* this needs to be a URI. As far as I can tell, it is intended for use only in very constrained environments, where there seems to be little value in having an identifier that can appear in all the contexts where a URI may be recognized. This is an individual comment. I reviewed draft-petithuguenin-behave-turn-uris-05. I wondered why a URI was needed given the limited use. The same argument is applicable for draft-nandakumar-rtcweb-stun-uri-05. There is running code for both drafts. Both draft qualify for "DNP". I would describe the proposals as trying to fit the solution within a URI instead of designing a URI scheme. Both proposals sound like UNSAF. Regards, S. Moonesamy
Re: Data collection for remote participation
Hi Vinayak, At 06:09 AM 8/12/2013, Vinayak Hegde wrote: There has been a lot of discussion on the IETF mailing list regarding improving remote participation and improving diversity on the mailing lists and in the working groups. I think the two are related. I think everyone broadly agrees that remote participation can be better. If nothing else, it will tell about who the remote participants are. I had proposed a few steps in this direction by improving the data collection for remote participation in the IAOC Sunday meeting. Posting them below again for discussion on the mailing lists. It can be a simple form that asks the following questions (Can be refined - this is just a start) 1. Name: 2. Country: 3. Duration of participation in IETF (either in number of years or number of meetings) 4. Employer ? 5. Working groups interested in. This can be voluntary and can be done pre-IETF meeting. As of now there is no structured way to know how many people wre active in the jabber room or listening on the audio stream. As the data collection is voluntary it should not be a problem to ask for the information mentioned above. I can see that this has multiple benefits. 1. If the number of participants in a certain WG is more, it would push the WG chair to request for the slides/agenda available earlier. I suggest asking the working group for the agenda if it is not available. 2. If there are consistently more participation from around the world, the the WG chair can request for a meetecho recording so people can follow the group even if they cannot attend the meeting live. This could be useful for people who have clashing schedules as well. Yes. 3. Over a longer period of time, it can help IETF plan and encourage remote participation. Currently there is no hard data on number of remote participants. There is however a lot of hand waving so this will get some useful data into the system. There is the usual hand waving. :-) It is a good start. The information available over a period of time might provide a view of whether there is any improvement in remote participation. At 08:56 AM 8/12/2013, Vinayak Hegde wrote: This was a suggestion but I don't think it will work well. OTOH an argument can be made that money gathered from charging remote participants can be used to fund better tools for remote participation. After reading about the remote participation issues which have been discussed on this mailing list I don't think that the problem is the tools. Regards, S. Moonesamy
The Friday Report
Hi Abdussalam, The IETF Chair used "AB" as your name in his report during the plenary. I assume that it is okay for me to call you "Abdussalam". I should have used "Mr Baryun" as that is how it is done in some cultures. Somebody (outside the IETF) wrote that, in general, those living in richer countries appear to treat one another less kindly than their counterparts in poorer nations. In my personal opinion bullying is not okay. If you are of the opinion that you are being bullied please feel free to email me if you would like to talk to me about it. Regards, S. Moonesamy
Re: Last Call: (Using the International Mobile station Equipment Identity(IMEI)URN as an Instance ID) to Informational RFC
At 07:35 19-07-2013, The IESG wrote: The IESG has received a request from an individual submitter to consider the following document: - 'Using the International Mobile station Equipment Identity(IMEI)URN as an Instance ID' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-08-16. Exceptionally, comments may be Section 4 describes the 3GPP use case as: "The mobile device includes its IMEI in the SIP REGISTER request so that the registrar can perform a check of the Equipment Identity Register (EIR) to verify if this mobile device is allowed or barred from accessing the network for non-emergency services" The draft then argues that non-REGISTER requests except in case of an emergency. In Section 5: 'A UAC MUST NOT include the "sip.instance" media feature tag containing the GSMA IMEI URN in the Contact header field of non- REGISTER requests except when the request is related to an emergency session. Regulatory requirements can require the IMEI to be provided to the Public Safety Answering Point (PSAP). Any future exceptions to this prohibition require a RFC that addresses how privacy is not violated by such a usage.' My reading of the above is there is a privacy violation but that violation is considered acceptable in the use case mentioned above. Any other use case requires a RFC to be published. There is an additional requirement; the RFC has to address how privacy is not violated. It is an unusual requirement in a RFC. From Section 9: 'In particular, the "sip.instance" media feature tag containing the GSMA IMEI URN MUST NOT be included in requests or responses intended to convey any level of anonymity.' The above can be interpreted in various ways. The problem might be that the draft builds upon RFC 5626 which states that "some other privacy concern requires that the UA not reveal its identity". It may be better to state that there is a violation of privacy. The draft does not discuss about the weakness of the mechanism or how what it proposes can be used for wiretapping. Regards, S. Moonesamy
Re: Last call: draft-montemurro-gsma-imei-urn-16.txt
At 00:03 21-07-2013, Andrew Allen wrote: The reason why the IMEI namespace is being registered as a GSMA namespace and not as part of the 3GPP namespace is that the GSMA has the responsibility for IMEI assignment and hence in maintaining uniqueness of the namespace. It has nothing to do with IPR which was extensively discussed on the dispatch list. I read the dispatch mailing list. I did not see the extensive discussion. I saw the following comment "Surely that is just trying to turn the IETF into the policeman". The primary purpose of the IMEI is for preventing use of stolen mobile phones and enabling emergency calls to be made from mobiles that don't have a valid subscription. From what I read the main purpose of the IMEI is to be able to take measures against stolen phones and against equipment which the use cannot be accepted for technical or safety reasons. The secondary purpose is the tracing of malicious calls. There is an apps which sends the IMEI in a cryptographically-protected form over the network. For what it is worth, it's MD5. There has been some work in the IETF on emergency calls (see service URN). At 00:12 21-07-2013, Andrew Allen wrote: As John pointed out having the sub namespace reviewed by IETF provides the opportunity to add text to address privacy concerns with any inappropriate usage. I don't think that it is the role of the IETF to determine whether the usage of a sub-namespace is appropriate or not as it can cause namespace management issues. I tried the explain the subtlety between privacy concerns and privacy considerations. The IMEI can also be used as a customer identifier. Regards, S. Moonesamy
Re: Last call: draft-montemurro-gsma-imei-urn-16.txt
Hi John, At 18:23 20-07-2013, John C Klensin wrote: See my earlier note, but mostly to aid in getting the documentation right. For example, to the extent that the recent discussion results in a more complete treatment of privacy and/or security considerations in the documentation, that is a net improvement and added value. There was a Last Call for draft-montemurro-gsma-imei-urn-01 in 2007. The draft was sponsored by an Apps AD. draft-montemurro-gsma-imei-urn-04 was evaluated (I did not verify the details) in 2009. An IPR disclosure, about a patent filed several years ago, was filed after that evaluation. The DISCUSS got cleared automatically. draft-montemurro-gsma-imei-urn-08 was dispatched to RAI in 2011. 3GPP was assigned a URN in 2008. The shepherd write-up for draft-montemurro-gsma-imei-urn-16 mentions that "this document is required for the 3GPP/IMS specification, thus any vendor that implements the 3GPP specifications follows this specification". The significant difference between the 3GPP URN and the requested GSMA URN is that there is an IPR disclosure on that latter. One of the questions asked by Tim Bray was about the WiFi-only scenario. That was raised previously through a DISCUSS as the softphone issue. The privacy discussion might cause some discontent. As for whether the draft will gain consensus, well, what can I say; if it is the consensus of the IETF to support state-sponsored surveillance there is nothing I can do about it. :-) Regards, S. Moonesamy
Re: Last call: draft-montemurro-gsma-imei-urn-16.txt
Hi Andrew, At 13:48 20-07-2013, Andrew Allen wrote: I think IANA registration of namespaces has a lot of value. draft-montemurro-gsma-imei-urn-16 discusses about two namespaces: (i) gsma (ii) imei It is not possible to get a IANA registration for (ii) as according to draft-montemurro-gsma-imei-urn-16 (ii) is managed by (i). In simple terms (ii) does not require IETF approval. Regards, S. Moonesamy
Re: Last call: draft-montemurro-gsma-imei-urn-16.txt
At 15:53 19-07-2013, Andrew Allen wrote: Do you not think that the text in the security considerations section:: "because IMEIs can be loosely correlated to a user, they need to be treated as any other personally identifiable information. In particular, the IMEI URN MUST NOT be included in messages intended to convey any level of anonymity" covers the privacy issue? If not what is the additional privacy concern? There is a difference between privacy concerns and privacy considerations. It has been mentioned that "the view in 3GPP was that the IMEI should not be of any greater concern when used as an instance ID than using a UUID". draft-montemurro-gsma-imei-urn-16 states that: "Specifically the IMEI is to be incorporated in a module which is contained within the terminal. The IMEI SHALL NOT be changed after the terminal's production process. It SHALL resist tampering, i.e. manipulation and change, by any means (e.g. physical, electrical and software)." The pervasive use of UUID in computing does not make it a good idea. I doubt that there has been any privacy analysis of how UUID will be used or misused prior to the publication of the RFC. The IMEI is built into the device. The scope for misuse would be clear enough for a person designing identifiers. From draft-montemurro-gsma-imei-urn-16: "Therefore the IMEISV (that is, the IMEI URN with svn parameter) MUST NOT be delivered to devices that are not trusted. Further, because IMEIs can be loosely correlated to a user, they need to be treated as any other personally identifiable information. In particular, the IMEI URN MUST NOT be included in messages intended to convey any level of anonymity." The IMEI is considered as personal data in some jurisdictions. There is a strong correlation between the IMEI and a user. I read draft-montemurro-gsma-imei-urn-16 and I see that the four authors have listed their phone numbers as "unlisted". Is there a reason for that? The question may sound unrelated to the draft and it can be argued that it is unrelated to the draft. I asked it as it may help the casual reader understand what privacy is about. draft-moonesamy-privacy-identifiers-00 (expired) argues that there is an implicit assumption that the underlying protocols are transmitting the right amount of information needed for the protocols to work. Is for example, urn:gsma:imei:90420156-025763-0, required for SIP to work? I do not think so. The world was somewhat naive about privacy in 2006. Privacy is a hot topic nowadays. The metadata debacle is one of the contributing factors. There seems to be an assumption that the IMEISV is usually sent over trusted channels to trusted parties. The second sentence containing "must not" written in capital letters takes a position where anonymity of messages is opt-in. The GSM Association has published a set of principles which mentions "privacy by design". It is up to the reader to read the two sentences quoted above and determine whether "privacy by design" is just another buzzword or a principle which the GSM Association considers as important. At 04:23 20-07-2013, Scott Brim wrote: Thanks, SM, for finding what I said back in 2010. I still think this is architected wrong, conflating devices with communication endpoints higher up the stack, and steers us toward a path toward eventually "needing" to reduce privacy even more. However, 3GPP has apparently already already started marching down that path. Could our liaison explain the situation there? Is anyone actually going to use it? Is this a done deal - do we have to support it because otherwise 3 years of 3GPP work get undone? As a responding to Scott's comment about the three years of work I would say that this has the signs of an inevitable decision. I'll describe the IETF angle as follows: Is it okay to assign a Uniform Resource Name namespace for GSMA? The namespace assignment is not a problem. Have an assignment request sitting in the IETF queue for seven years is a problem. It would be good if someone explained why this happened unless the IETF considers it as acceptable to be asked to take inevitable decisions. I agree with Scott's comment. Tim Bray already pointed out that this is a bad idea. At 04:53 20-07-2013, GARBA KORA TAMSIRD BELLO wrote: Yes it true , but more argumentations are welcome The duck won't fly. :-) Regards, S. Moonesamy
Re: Last call: draft-montemurro-gsma-imei-urn-16.txt
At 08:02 19-07-2013, Tim Bray wrote: I'm not sure from reading the draft what the goal of having this URN namespace is, but if it involves encouraging its use by application developers, I'm pretty sure it's a bad idea. I agree that it sounds like a bad idea to encourage application developers to use this URN namespace. There was a documented vulnerability which demonstrated how the IMEI could be captured. In 2006 Leslie Daigle mentioned that the sub-NID namespace does not belong in the version of the draft which was reviewed. I'll quote some comments posted by Scott Brim in September 2010 to Apps Area Review. 'First, this feels like a layering mixup. When would -- or should -- a communicating peer outside a mobile network need to know the IMEI or IMEISV of a device inside a mobile network? An IMEI is used for initial identification on a mobile network or for SIM-less emergency calls. Under what conditions would an Internet-based peer have an IMEI in hand and want to use it in a gsma: URN? If as you say an "Internet device" is "interoperating" with a mobile device, it will do so using IP-based protocols and will (should) never learn the mobile device's IMEI. I can see cases where an outsourced management entity might want to speak to a mobile network's administration regarding records for a particular IMEI, but it would do so in a very secure way, not using this particular URN.' If there is an assumption that we are going to start passing around IMEIs as general identifiers, then I'm concerned that you are engineering a world in which one must reveal permanent identifiers in order to communicate. Please enlighten me as to the intent. Right now it feels to me like it enables us to do the wrong thing with IMEIs.' The http://gsmworld.com/newsroom/document%2Dlibrary/ normative reference is a 404. It would be easier to have the draft discuss the GSMA URN only. The alternative is to have the draft discuss the privacy considerations of using IMEI and IMEISV. Regards, S. Moonesamy
Re: The case of dotless domains
Hi Doug, At 22:38 15-07-2013, Doug Barton wrote: Interesting, but pardon my being blunt, it does not seem to cover any new ground. You did say one useful thing: IETF specifications usually provide guidance to ensure interoperability. Whether dotless domains are harmful or not is a policy matter. It's a -00 draft. The above paragraph is one of the two arguments in the draft. Can you (or Ofer) define how you're using the terms "explicit" and "implicit" in terms of DNS search, and what their relevance is to the topic of dotless domains? And no, I'm not being snarky, I think part of the problem here is a fundamental misunderstanding of how the vast majority of hosts are configured currently. Speaking for myself, I would say that "explicit" is what the user configured and "implicit" is what the is not used-configured. I haven't seen anyone in the IETF arguing that the moon is made of green cheese either. What does your comment have to do with anything? Sorry (again) to be blunt, but the IETF pounding the "this thing is bad!" drum is not a particularly effective tool. [1] I hope that "market forces", whatever that means, is not the main argument to dispel problems. We have to be realistic about how and where our influence is relevant, and more importantly how and where it is not. Detailing the technical problems with the proposal is relevant IETF work, but that job has already been done more thoroughly by my esteemed former colleagues on the SSAC. I don't have any influence. I take no position on the SSAC report. What I did was to read all the IETF specifications referenced in the draft and write a draft. It does not bother me to be unrealistic. :-) It is up to those who decide to decide whether dotless domains is a good idea that will gain traction or a bad idea that will go away on it own. You vastly overestimate your own importance in the grand scheme of things. Don't worry, it's a common human problem. :) Rather than repeating my point for the third time, see what I wrote just above. I left in the paragraph that was quoted for context. The text says "those who decide". I don't have anything to do with the decision about dotless domains. As I am not important it is unlikely that I might overestimate my importance. :-) I don't know the grand scheme of things and I do not need to know the grand scheme of things. Regards, S. Moonesamy
The case of dotless domains (was: Dotless Domain conflict with user searching and branding)
At 06:53 14-07-2013, Yoav Nir wrote: http://tools.ietf.org/html/draft-moonesamy-dotless-domains-00 That memo discusses about the case of the dotless domains in terms of the technical standards. Comments are welcome. At 13:11 13-07-2013, Ofer Inbar wrote: What this brings to mind is that we used to have implicit DNS domain search in the early days of DNS. When edu.com accidentally hijacked a huge chunk of the Internet, most of the net very quickly got rid of implicit search, and we got the explicit DNS search feature that many people are discussing now. Yes. If some new TLD gets used in a dotless fashion in a way that truly does cause major trouble, I expect we'll see sites all over the net quickly deploying DNS resolvers that discard A, , or MX records at the top level, to protect their users. There is already deployed code to do that. At 20:14 14-07-2013, Doug Barton wrote: It is unarguably true that as things currently stand there will be "problems" with dotless domains. How widespread, and how serious those problems become is yet to be seen. I haven't seen anyone in the IETF arguing that sufficient market demand overrides comments about problems that will appear. So either this is a good idea that will gain traction, and therefore appropriate software support; or it is a bad idea that will go away on its own. Either way, making a fuss It is up to those who decide to decide whether dotless domains is a good idea that will gain traction or a bad idea that will go away on it own. At 20:25 14-07-2013, Dave Crocker wrote: In contrast, assertions about "market demand" ensuring that "software folks... will make them work" rests on a fuzzy concept of market forces -- for example, the market of users isn't likely to be issuing a formal or informal 'demand' about any of this, and a model of altering installed-base behavior that has, I believe, has no historical precedent. Yes. It is, in fact, possible that Marshall Rose was wrong and that for some things, there is no possible thrust sufficient to make pigs fly, or at least not without killing an extraordinary number of other pigs. :-) Regards, S. Moonesamy
Re: IAB Statement on Dotless Domains
Hello, At 11:59 10-07-2013, Russ Housley wrote: The IAB has made a statement on dotless domains. You can find this statement here: http://www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful/ There was a report from the ICANN the Security and Stability Advisory Committee in February 2012 on "Dotless domains". An IAB statement about "Dotless Domains Considered Harmful" is issued over a year after that. I am surprised that a draft of the statement was not brought to the attention of the IETF participants who have been discussing about the use of dotless domains on the SMTP mailing list. To be fair, I should have read the minutes and enquired about the matter instead of commenting about the matter after the fact. ICANN announced in May 2013 that "it has commissioned a study on the potential risks related to dotless domain names based on SAC 053 report". The announcement mentioned that in June 2012 "the ICANN Board directed staff to consult with the relevant communities regarding implementation of the recommendations in SAC 053". One of the recommendations in SAC0533 is that: "As a result, the SSAC also recommends that the use of DNS resource records such as A, , and MX in the apex of a Top-Level Domain (TLD) be contractually prohibited where appropriate and strongly discouraged in all cases." I don't know whether the ICANN Board considers the IETF as a relevant community. I read several IETF Fluff Area mailing lists. I did not see any message about a consultation regarding that recommendation. The IAB statement mentioned that: "The IAB believes that SSAC report SAC053 [SAC053] is a reasonable summary of the technical problems that arise from the implementation of dotless domains." I would describe the report as an adequate summary of the technical problems for a non-technical audience. RFC 5321 was published in October 2008. SAC053 references RFC 2821 on Page 7. It is odd that the members of the ICANN Security and Stability Advisory Committee were not aware that RFC 2821 was then considered as obsolete for over three years. From the IAB statement: "SAC053 does not, however, discuss the standards compliance aspect." And from SAC053: "Thus standard-compliant mail servers would reject emails to addresses such as user@brand." The report mentions a standards compliance aspect. From the IAB statement: "The use of SHOULD for [RFC 1123 section 6.1.4.3] (b) is a recommendation against doing DNS queries for dotless domains. RFC 2119 explains the meaning of SHOULD as follows:" and the statement quotes text from RFC 2119. The meaning of the "SHOULD" in RFC 1123 is explained in RFC 1123. RFC 1123 was published in October 1989. RFC 2119 was published in March 1997. I suspect that the IAB may have used time-travel technology for the "discussion of standards conformance". The IAB issued a statement about "The interpretation of rules in the ICANN gTLD Applicant Guidebook" in February 2012. That report also refers to "one of the specific TLD requirements set by RFC 1123". It seems to me that the conversations with subject matter specialists were mainly about adding a "string" to the Root Zone and that the protocol-related issues might not have been conveyed clearly given that the IAB issued the statement about "dotless domains" in July 2013. The IAB previously mentioned that it maintains its chartered responsibility about the RFC Series. The IAB statement refers to RFCs from the www.faqs.org website. It might be better to reference the rfc-editor.org links or else there may be a perception that the IAB is not aware of the most stable reference available. Regards, S. Moonesamy
Re: Regarding call Chinese names
Hi Deng Hui, At 17:04 10-07-2013, Hui Deng wrote: We submitted two drafts to help people here to correctly call chinese people names: http://tools.ietf.org/html/draft-deng-call-chinese-names-00 http://tools.ietf.org/html/draft-zcao-chinese-pronounce-00 I would like to thank you and your co-author on taking the initiative to write the drafts. I don't know whether I am western or not. :-) In Section 3 of draft-deng-call-chinese-names-00: 'Two generic titles that have similar meanings to "Mr." and "Ms./Mrs." are "Xian1sheng1" and "Nv3Shi4".' "(1,2,3,4 in this section will be explained in next section) There are digits in two words in the above. I suggest making the comment about the numbers clearer by mentioning that the digits are intentional and they are used to denote the tone. Regards, S. Moonesamy
Re: Final Announcement of Qualified Volunteers
At 06:49 09-07-2013, Ted Lemon wrote: I find the presumption that IETF attendees employed by companies that send large number of attendees are robots to be somewhat distasteful. It also doesn't match my experience. I am sure that _some_ attendees from large companies are just as partisan as you fear, but some are not. So I am not convinced that your proposal would have a good outcome. I fixed the nomcom-chair-2013 email address as it does not make sense to send an email to an invalid address. When designing a random selection a person has to ensure that the selection is such that the unbiased nature is publicly verifiable. As John Klensin mentioned "four companies account for 44.3% of the volunteers". A similar question was raised by Sam Hartman previously. When I looked at the affiliations over the years I noticed that two companies can easily get 40% of the vote. The IETF works on the presumption of good faith. Would a significant number of attendees from large companies adopt a partisan approach? It's difficult for the public to determine that. I'll change the question: does anyone believe that the average attendee from a large company will take a decision which is in the interest of the IETF Community even though that decision conflicts with what would be in the interest of the company? That's not the better question though. What is NomCom about? The possible answers are not in the RFCs. Anyway, the initial message was about having a broad pool and doing an unbiased selection from it. The pool may have less people but it is broader in the sense that there would be people from all walks of the IETF. I think that's what Jari Arkko might be referring to when he writes the word "inclusive". Regards, S. Moonesamy
Re: The Nominating Committee Process: Eligibility
Hi Abdussalam, At 12:16 27-06-2013, Abdussalam Baryun wrote: I support the draft, it will give all participants from all the world equal opputunity. I made input related to this on the list because I found that I am remote participant and there was limits and conditions which I don't want. However, there may be some reasons that IETF done it that way which the draft may need to clarify and solve, Thanks for explaining why you support the draft. I am going to list some questions. Please read them as points to consider. There isn't any obligation to provide comments. - What is your opinion about helping the "pie get larger"? - What would be an acceptable way of determining whether someone has been contributing to the IETF over a period of five meetings? - Dave Cridland suggested that working groups provide a smallish set of volunteers each for the selection process. Is it okay to leave it to the working group chair to make the decision? Regards, S. Moonesamy
RE: The Nominating Committee Process: Eligibility
At 12:38 27-06-2013, Adrian Farrel wrote: I think you can rely on each person actually on NomCom to speak their mind and deliver from their experience (and we can rely on the NomCom chair to tease that out). So surely we can say something like: 2 old-timers chosen randomly from a list of old-timers 4 people who have been around the IETF a lot (e.g. 3 out of last 5 meetings) 3 people who have worked in the IETF quite a bit (e.g. front page of > 2 RFCs) 3 people who have evidence of participation in technical work on mailing lists. Each person is only allowed to be placed in one pool before selection. I'll comment on the above. I have seen the request about reconsidering Section 2 of the draft and I am not ignoring it. Someone would have to create a list of old-timers. I think I understand what you mean by "around the IETF a lot". I'll skip that for now. The front page of more than two RFCs can create an incentive to: (a) generate more RFCs (b) add more names to the author list There are a few ideas (including the above quoted text) which could be combined to figure out one or more workable alternatives. Regards, S. Moonesamy
Re: The Nominating Committee Process: Eligibility
t would be good to figure out what is really needed and desired and then work out the details. conclude --as I think some have suggested-- that we don't want often-remote volunteers on the Nomcom no matter what, or that we don't want people who cannot just about guarantee physical attendance at all relevant meetings to serve on the Nomcom, or that we are unwilling to consider relaxing the current 3 of 5 rule for other reasons, then I'd argue that putting energy into defining appropriate criteria for being a remote attendee is pretty much a waste of time. If we do decide we want to open the door to remote attendees on the Nomcom and later discover that we can't agree on criteria, that is just how it goes. Yes. In principle, one could consider the "do we want this" and "what would the criteria be" questions in either order. In practice, I think the former question is the more important and should be considered first because it informs how we really feel about diversity and the role of participants who don't attend a lot of f2f meetings. I also believe that, while I might be very difficult to come up with a perfect definition of remote participation on which we could all agree, coming up with a definite that would be at least as good at discriminating between actual remote participants and contributors and other sorts of folks as the current 3 of 5 rule is at discriminating between those who understand the IETF culture and those who don't. In my opinion the easier path is to focus on contributors. The IETF culture angle is controversial because it is like saying that the person has to adopt North America culture. Well, I agree with all of that in principle. In practice, I don't think the combination of a heavy Nomcom workload and long period of commitment with the 3 of 5 rule has served us very well in recent years, especially in terms of guaranteeing that the criteria you think are important are met. I think we would be better off with requirements that made it more feasible for people like you to volunteer to serve on the Nomcom on the basis of long-term understanding of the culture, a history of participating in a diverse collection of WGs, a few less f2f meetings, and some remote participation. Instead, the 3 of 5 The above does not require any process changes. rule and those other factors have brought us Nomcoms with a large fraction of the volunteer pool being folks with far less experience and perspective and a need to rely almost completely on questionnaires and interviews rather than knowledge. I don't Yes. It is certainly possible that considering and making some changes could make things worse. But they could also make things better. And, IMO, merely having a serious conversation about what we would like our criteria to be and what we are trying to optimize is useful. If nothing else, some relative newcomers might learn something useful about the culture from the conversation and how we carry it out. A side-effect of the discussion could be about enabling new people to learn something useful. If the only way to learn something useful about the culture is to have a meeting near your home or to have extensive travel resources to get to a meeting the IETF is restricting itself to people who work for large vendors. I leave it to the reader to determine whether it leads to large corporate control of IETF standards. I'll quote an extract of a message from the IETF Chair (presently IAB Chair) and IAOC Chair: "The IETF has always used the Internet to do its work, and remote participation is no exception." Is that correct or is the definition of the IETF everything except the IAB, IESG, IAOC, IETF Trust and NomCom? The IETF mentioned that: "Currently, the IETF meets in North America, Europe, and Asia. The intention is to meet once a year in each region, although due to scheduling issues there are often more meetings in North America and fewer in Asia and Europe." The intention is commendable. In my opinion it is what happens in practice that matters. I'll quote Olaf (I forgot the actual words): the IAB publishes its minutes so that anybody who cares can see what the IAB is doing. If there is a scheduling issue people might understand it. If there are two or three of four scheduling issues some people might still be understand it. If there are systematic scheduling issues people will no longer believe what Olaf is saying. Regards, S. Moonesamy
Re: The Nominating Committee Process: Eligibility
At 09:44 27-06-2013, Eggert, Lars wrote: sorry, but it's silly to attempt to propose that remote attendees be permitted to volunteer for NomCom without defining what defines a remote attendee. Agreed. The issue you are raising - that limiting the NomCom pool to recent attendees of physical IETF meetings may have downsides - is valid. But at least the requirements the current policy sets are clearly defined. Until you nail down what exactly defines a remote attendee, I can't really form an opinion on whether allowing them into the NomCom pool is a good idea or not. What I did in the initial draft is to work from the text already in RFC 3777. It has been mentioned by several people that participation is a way for somebody to get IETF experience. The question is how that participation can be defined. At 10:00 27-06-2013, Paul Hoffman wrote: Then maybe we should wait for you to do so. This discussion is kind of pointless if we don't have shared definitions. I think that the NomCom eligibility criteria should not discriminate between any contributor to the IETF Standard Process. The view I got from a previous discussion of the draft is that "people from emerging regions are disenfranchised; that's how IETF culture works". Regards, S. Moonesamy
Re: The Nominating Committee Process: Eligibility
ing Committee Operation", Paragraph 1 of Rule 14, is replaced as follows: Members of the IETF community become eligible for the NomCom by having attended at least 3 of the last 7 IETF meetings in person. Once a person has become eligible for NomCom, they retain their elibility to NomCom by attending at least 1 of the last 4 IETF meetings in person, and at least 3 of the last 5 meetings in person or remotely. Should a person lose eligibility for NomCom, they return to not-eligible. (We could, true to form, describe this as a state machine with three states, or even a simpler to write in Verilog one with 7-8 states) I agree that new people can have difficulty understanding how things fit together. My quick response to the suggestion is no. The reason is because of the way "attended" is being interpreted and because I don't think that it is good to have a high barrier of entry. I have lowered the bar to remain eligible such that a person who not travel for 12 months (such as someone on maternity/paternity leave. Civilized countries get at least 1 year..) could remain eligible. Thanks for the explanation. There was an unrelated discussion about parents finding it difficult to attend IETF meetings. At 06:24 27-06-2013, Michael Richardson wrote: 2) for the November meeting, the nomcom *itself* must be present. I think it unrealistic to think that the nomcom itself could be remote for that meeting. For the summer and march meeting, the nomcom could be anywhere. When is it summer? :-) At 06:48 27-06-2013, John C Klensin wrote: While it risks taking us into a statistical rathole, I think that notions like the above may be the sort of thing we should look at. I left the door open for that. More broadly, I think we may need to try to figure out what we really want and need on or from the Nomcom in this decade (remembering that the system was designed for the rather different times and IETF composition of the early 1990s and has been tuned in minor ways but not carefully and openly reviewed since) and then try to devise criteria to match. It seems to me that may require looking at separate aspects of things rather than trying to come up with a single surrogate for everything. Yes. We might want to look at whether some collections of participants should be guaranteed representation or weighted more heavily in the selection calculations (whether voting or otherwise). That raises the risk that SM identifies of pushing us toward a Nomcom as a representative body of constituencies demanding slots, but the advantages seem very strong for Dave Crocker's proposal to guarantee a certain level of expertise and some ideas to be sure that the perspective of remote participants or other underrepresented populations are heard. The question is how to find the right balance and then reach sufficient consensus around the justification that we can hold the line. Not easy, but, at least IMO, probably worth the investment it would take. I need to get back to something Dave Crocker wrote. There was a discussion (not on an IETF mailing list) which pointed to constituencies and representativity. I don't think that excluding people is a good idea. The last sentence, in a way, sums up what the proposal will have to achieve. Similarly, I'm pretty sure that "groks the IETF" [1] is an important and useful criterion. I don't think "3 of last 5" is a valid exclusive surrogate. Perhaps what is needed is a list Yes. If we separated the "IETF culture" requirement, I still think that some level of participation, even face to face participation is important. I don't think that 3 face to face meetings in 5 is needed for people who already understand the culture; maybe some combination of remote participation and less frequent attendance should be equally acceptable. The "IETF culture" requirement is ambiguous. Arturo asked a good question. I would describe the side discussions as being about understanding why the IETF is doing X. "Participation" is similar. If we think it is important, then someone who is actively contributing to mailing lists and document reviews and who is showing up in meeting Jabber logs with useful comments is, IMO, a more appropriate Nomcom member than someone whose company pays registration fees and travel expenses and who then shows up at meetings and either goes to the beach or sits in a few WG meetings reading email. I don't know how to eliminate the second (perhaps others have ideas) but I can think of ways to identify the former as long as they are not the exclusive "minimum participation" admission criteria. My focus is "participation". I would just hope that we don't fall into the trap of focusing on what is easy to measure and quantify rather than what is important and a good measure of what we are looking for. It is I'll add that the trap is also focusing on the details prematurely. Regards, S. Moonesamy
Re: The Nominating Committee Process: Eligibility
Hi Alejandro, At 05:42 27-06-2013, alejandroacostaal...@gmail.com wrote: First, as a comment, I guess there is people who follow more IETF remotely than other in place. Yes. Here's is an extract from a Jabber log: "I don't think I've seen a WG chatroom this full before Well the future of the free world is at stake here :-)" Second, I like this idea of changing the threshold. Thanks for reading the draft and providing feedback. Third, In the other hand, since there are several positions that are fill using this RFC maybe we can place a testbed. 50% can be fill using the current way and 50% using the proposed way, sounds crazy but it might be a good beginning. I don't think that it sounds crazy. A good beginning is when people make suggestions like you did. I don't know yet whether I will say okay to the idea. I would like to read all the suggestions, including yours, and then decide. Regards, S. Moonesamy
Re: The Nominating Committee Process: Eligibility
Hi Arturo, At 03:00 27-06-2013, Arturo Servin wrote: I read the draft and although I like the idea I have some concerns. Thanks for taking the time to read the draft. I'll comment below. Today it is possible to verify that somebody attended to an IETF meeting. You have to register, pay and collect your badge. However, in remote participation we do not have mechanisms to verify that somebody attended to a session. I am aware of a case where the person attending the IETF meeting is not the one who's name is on the badge. I don't think that there was any malice or that it is a problem as that person will not game the system. Even, if we had a registration similar to the face to face meetings, it would be difficult to verify that the people attended to a session remotely (even if you correlated registry vs. jabber/webex logs it would be difficult to know if it is really the person registred, somebody else or even a bot). I guess that there would be many ways to game the system. I do not wish to suggest having registration. The IETF does not require registration to participate in working group discussions. I agree that there can be many ways to game the system. I will quote the second paragraph of the Introduction section of the draft: "The IETF Trust considers any submission to the IETF intended by the Contributor for publication as all or part of an Internet-Draft or RFC and any statement made within the context of an IETF activity [RFC5378]. Such statements include oral statements in IETF sessions as well as written and electronic communications, made through a Jabber room." It would be a serious issue, in my opinion, if the IETF cannot identify its contributors. There are people who currently contribute through Jabber. It has never been considered as a problem. As I said I like the idea and I think that we should try to make it work. I do not know if all the locks and tools to protect the system against some sort of abuse should be in the draft or not, but we should address those (before or in parallel with adopting/working on the draft.) I agree that you and I should try to make it work. One of the problems of putting all the details in a document is that we lose the flexibility to, for example, address some sort of abuse that we did not specify clearly at the time the document was written. I would not look for locks and tools to protect the system; I would look for something else. Regards, S. Moonesamy
The Nominating Committee Process: Eligibility
Hello, RFC 3777 specifies the process by which members of the Internet Architecture Board, Internet Engineering Steering Group and IETF Administrative Oversight Committee are selected, confirmed, and recalled. draft-moonesamy-nomcom-eligibility proposes an update RFC 3777 to allow remote contributors to the IETF Standards Process to be eligible to serve on NomCom and sign a Recall petition ( http://tools.ietf.org/html/draft-moonesamy-nomcom-eligibility-00 ). Could you please read the draft and comment? Regards, S. Moonesamy
Re: IETF Meeting in South America (off-topic)
At 02:19 29-05-2013, Abdussalam Baryun wrote: I don't think I should follow the IETF culture to make my I-D adopted by WG, but I may follow the good/technical reasons the WG provide. We If a working group does not show any interest in working on an I-D it is a good enough reason, in my opinion, for the I-D not to be adopted. Regards, S. Moonesamy
RE: IETF Meeting in South America
At 22:18 28-05-2013, GT RAMIREZ, Medel G. wrote: How about in the Philippines? I can show my homeland I can help facilitate the event, why dont you give it a try! In the message that was quoted the person mentioned that: "I understand that usually the place is chosen based on the most of participant origin" The person also mentioned explaining to students that the IETF is open to them and that they can participate. I believe that the person will not be explaining that incorrectly. At 05:46 28-05-2013, Eric Burger wrote: Riiight. That is why one never has to attend an IETF meeting in person to serve on NOMCOM, one does not need travel support from one's employer to be on the IESG, and why people who never come to IETF meetings are the rule and not the exception with respect to getting documents adopted and published. I wasn't unable to attend an IETF meeting some time ago due to an administrative issue. The proposal I intended to discuss about (it was discussed during a session) was not adopted. With hindsight I'll say that the proposal would not have been adopted as I would have made the mistake of not following IETF "culture". Regards, S. Moonesamy
Re: APPSDIR review of draft-ietf-netmod-rfc6021-bis-01
At 12:53 08-05-2013, Randy Bush wrote: MAY != SHOULD The text is as follows: "The name SHOULD be fully qualified whenever possible". If the working group would like a RFC 2119 SHOULD it would help if there is an explanation in the sentence for the reader weigh the implications of not following that. For what it is worth Eric Burger posted an analysis of "SHOULD" usage in a different draft ( http://www.ietf.org/mail-archive/web/mile/current/msg01021.html ). Regards, S. Moonesamy
Re: APPSDIR review of draft-ietf-netmod-rfc6021-bis-01
At 01:32 30-04-2013, Juergen Schoenwaelder wrote: I am not sure what you think is unclear. Note that the definition of the typedef domain-name is unchanged from the one in RFC 6021. Perhaps you can make a concrete text change proposal so I better understand what your concern is. I read draft-ietf-netmod-rfc6021-bis-02. In Section 4: "The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible." That sounds like a MAY. The text in RFC 6021 and the draft is clear. I don't think that the fact that DNS-related text is already in RFC 6021 means that it is correct. "Internationalized domain names MUST be encoded in punycode as described in RFC 3492"; RFC 5891 discusses about IDNA-aware implementations. It also discusses about A-labels and U-labels. The above text jumps directly to punycode. Regards, S. Moonesamy
Re: A note about draft-ietf-spfbis-4408bis
Hi Mark, At 15:57 04-05-2013, Mark Andrews wrote: The publisher can choose to interoperate with everyone by publishing both. The client side can choose to interoperate with everyone by looking for both. Both side can choose their level of interoperability. There is no bug. Thanks for the feedback. Based on the quoted text I would write the text as: (i) you must have X and Y where X and Y are identical. (ii) I ask you for both X and Y (see [1] for example). Item (i) is a combination of the previous items (a) and (c). Item (ii) is the last part of previous item (d). At 16:26 04-05-2013, Mark Andrews wrote: Additionally it supports all implementions from pre RFC 4088 through to the desired end state of type SPF only. B.T.W. the next point releases of named (at rc2 now) warns if SHOULD have both is not being done. Noted. Regards, S. Moonesamy 1. http://www.ietf.org/mail-archive/web/ietf/current/msg79114.html
Re: A note about draft-ietf-spfbis-4408bis
Hi Doug, At 16:19 03-05-2013, Doug Barton wrote: I am not saying that the WG members (or chairs) should be given the wet-noodle treatment over having reached a bad decision, but what is cross-area review for if not to catch cases where the WG echo chamber/tunnel vision/what have you -- resulted in a bad outcome? I'll try explain the problem as I saw it. (a) You should have both X and Y (b) You must have either X or Y (c) If you have X and Y they must be identical (d) I can ask you for either X or Y, or for both X and Y Regards, S. Moonesamy
RE: Effects on DNS can be severe &&& Re: call for ideas: tail-heavy IETF process
Hi Tony, At 17:36 03-05-2013, Tony Hain wrote: Yes it can, and they often do. The question in this case is more about the way that was documented, and Douglas' effective call for a wider review of the decision. It may simply be the wording in the issue tracker, but reading that the effective message is: "a security issue was raised, and a subset of the potential attack is easily mitigated, therefore the WG is dropping it" Yes. I would add a little more than so that the external reviewer can assess whether the potential attack is easily mitigated. There may well be more to it, and I said I have not been following it. The point is that 'outside reviewers' will not be immersed in past discussion, so what and why should be clear. I purposefully tied this to the ongoing IESG process discussion, because it is a prime example of why post-WG discussions take longer than expected, and may result in changes. It is difficult for someone who joins a working group in the middle of a discussion to understand what happened. It's a lot of work for the external reviewer. The external reviewer has to decide whether to take the word of the author when the latter says "it has been discussed". An IESG member would probably generate a DISCUSS. The working group might respond angrily. The effect is excessive delay for an issue which could easily have been resolved. In terms of IETF time there are four persons having to deal with it. It is a prime example of tail-heavy. Regards, S. Moonesamy
RE: Effects on DNS can be severe &&& Re: call for ideas: tail-heavy IETF process
Hi Tony, At 14:11 03-05-2013, Tony Hain wrote: See the thread about Re: call for ideas: tail-heavy IETF process for discussion about wider review at an earlier point in the process. Also, just because there is a discussion on issue-tracker does not mean the document is 'high quality'. If there is an explicit trade-off being made, the main document needs to address that directly so subsequent reviewers and implementers know what and why. Yes. I have not followed this discussion, but my cursory read of the tracker ticket shows the WG blew off the issue by claiming that historical unsophisticated attacks can be easily thwarted, while completely ignoring the case where the target domains exist. Aborting an amplification attack on failures does not do anything about the case where an attacker goes to the trouble to make sure all the quires will return valid answers. Either the issue-tracker discussion is inadequate, or this is exactly the kind of thing that adds excess delay and workload to the IESG review process. It seems that the above is related to Issue #24 [1]. I posted a rough summary of the initial discussion [2]. I took a look at the IETF 83 minutes and I found "DNS amplification attacks" [3] mentioned. There was a message from Andrew Sullivan [4]. A working group may decide to blow off the issue if it wants. The issue can be listed in the write-up. Regards, S. Moonesamy 1. http://www.ietf.org/mail-archive/web/spfbis/current/msg00906.html 2. http://www.ietf.org/mail-archive/web/spfbis/current/msg00847.html 3. http://www.ietf.org/proceedings/83/minutes/minutes-83-spfbis.txt 4. http://www.ietf.org/mail-archive/web/spfbis/current/msg00944.html
Re: A note about draft-ietf-spfbis-4408bis
Hi Doug, At 12:22 02-05-2013, Doug Barton wrote: Given that you can be 100% confident that the issue will be raised during IETF LC, wouldn't it be better to hash it out in the WG (as we have attempted to do)? Or is the WG's position, "we have no intention of dealing with this unless we're forced to?" This is an individual opinion. It has been mentioned on the SPFBIS mailing list that: If someone provides an argument together with a good explanation it is not going to be ignored no matter how vocal other SPFBIS WG participants are. The SPFBIS WG Chairs mentioned that: "There has been an enormous number of messages lately discussing the planned deprecation of the SPF RRTYPE and whether TXT is an appropriate thing to use and if it is whether the SPF use of it is ok." and "If you are tempted to say more, we ask that you identify the specific point that you think has not been addressed and talk only about that. Other arguments have been made clearly, we believe, and do not need additional repetition." My intent is not "I have no intention of dealing with this unless I am forced to". I'm fully sympathetic with your collective desire to move the process forward, and finish your document. The problem is that as it stands the document contains a course of action that is not only bad on its face, but contrary to a basic architectural principle adopted 4 years ago in 5507. I have read RFC 5507. My desire is not to move the draft forward no matter what. If I merely wanted to finish the draft I would have done a cursory review. Several WG participants, including you if I am not mistaken, have attempted to hash out the issue in the working group. It's not that there weren't any good arguments. A Last Call can sometimes help bring in fresh perspectives. Regards, S. Moonesamy
A note about draft-ietf-spfbis-4408bis (was: [spfbis] [dnsext] Obsoleting SPF RRTYPE)
Hi Alessandro, Doug, My task is to keep draft-ietf-spfbis-4408bis moving forward and to maintains a critical and technical perspective of the draft. The two weeks Working Group Last Call for draft-ietf-spfbis-4408bis-14 was announced on April 9, 2013 [1]. The document shepherd review was posted to the SPFBIS mailing list on April 23 [2]. I wasn't sure about some text in Section 5 of the draft. I posted a question to the 6MAN mailing list [3]. I posted another question about the DNS Parameters registry to the DNSEXT mailing list [4]. The replies to that question generated about 200 messages on the DNSEXT and SPFBIS mailing lists. I read all these messages while following up on the document shepherd review. In my individual opinion there was a concern about "Obsoleting SPF RRTYPE". A message [5] about the topic was posted to the ietf@ietf.org mailing list on April 29 while the topic was being discussed on the SPFBIS mailing list. There was a message about shutting down the thread on the SPFBIS mailing list. I humbly suggested [6] leaving the matter to the SPFBIS WG Chairs. I discussed the matter with Andrew Sullivan on April 30. A message [7] was posted to the SPFBIS mailing list after that. I read the message posted by Doug Barton about an IETF Last Call objection [8]. I'll comment about the path of the draft-ietf-spfbis-4408bis. There are issues which were raised during the Working Group Last Call. There are also three directorate/team reviews.If the issues and reviews are addressed there will be a publication request for draft-ietf-spfbis-4408bis. The Responsible Area Director will likely review the draft. If that step is cleared there will be a Last Call announcement for draft-ietf-spfbis-4408bis. If anyone has any objection I suggest raising it during the Last Call. If you have any questions about the above please let me know so that we can talk about it. Regards, S. Moonesamy 1. http://www.ietf.org/mail-archive/web/spfbis/current/msg03347.html 2. http://www.ietf.org/mail-archive/web/spfbis/current/msg03414.html 3. http://www.ietf.org/mail-archive/web/ipv6/current/msg17638.html 4. http://www.ietf.org/mail-archive/web/dnsext/current/msg13025.html 5. http://www.ietf.org/mail-archive/web/ietf/current/msg78927.html 6. http://www.ietf.org/mail-archive/web/spfbis/current/msg03663.html 7. http://www.ietf.org/mail-archive/web/spfbis/current/msg03681.html 8. http://www.ietf.org/mail-archive/web/ietf/current/msg78955.html
Re: How does the IETF evolve to continue to be an effective, efficient, and relevant source of high quality Internet standards? Was: Re: IETF Diversity Question on Berlin Registration?
At 13:15 29-04-2013, Michael StJohns wrote: Let me ask a couple of specific questions of you. I think that these are good questions. Who have you mentored in the past 5 years? Have they ended up as working group chairs, or ADs or IAB members? Do they mostly represent under-represented groups? How many of them were employed by your employer (e.g. was this a work related task?)? I don't mentor IETF participants as I consider everyone who does not have a title as a peer. None of the peers I have interacted with ended up as working group chair, Area Director or IAB member. I have not given much thought about whether most of the peers I have interacted with represent under-represented groups. My guess is that it is a significant number. During your time as an AD, how many women did you arm twist/recruit specifically (or ask nicely) to take WG positions in your area (as opposed to them coming to you or your co-AD)? I do some things on behalf of the Applications Area directorate. At the last IETF meeting I asked four women whether they would like to do some reviews. There was one positive answer. There are people of different ages. There are people who work for a range of vendors on the directorate. There are a few people who work for universities. There are people who come from different parts of the world. The list of reviewers and the work they perform is published on an IETF web site [1]. If anyone has questions about under-represented groups in relation to the directorate please post a message to this mailing list and I will reply. Regards, S. Moonesamy 1. http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate
Re: [spfbis] [dnsext] Obsoleting SPF RRTYPE
Hi Hector, At 14:15 29-04-2013, Hector Santos wrote: If anyone wishes to see one aspect of what is wrong with IETF Diversity, then see whats going on in SPF BIS WG where a key IETF cog essentially attempts to shutdown discussions and communications, attacks posters which by my estimate were making progress. Progress is a status quo - DON'T CHANGE THE RFC4408 SPECIFICATION in SPFBIS. Many in DNS community do not agree with the change of removing a long term migration path to a SPF RRTYPE. In fact, not changing the existing specification would end the issue and hopefully satisfy all principles. The following messages were posted to the SPFBIS mailing list: http://www.ietf.org/mail-archive/web/spfbis/current/msg03593.html http://www.ietf.org/mail-archive/web/spfbis/current/msg03598.html It has also been mentioned that there are two long threads at: http://www.ietf.org/mail-archive/web/spfbis/current/msg03412.html http://www.ietf.org/mail-archive/web/dnsext/current/msg13025.html Regards, S. Moonesamy
Re: IETF 86 Admin Plenary Minutes
Hi Dave, At 08:01 19-03-2013, Dave Crocker wrote: The difference between a 'venting' session and a 'working' session is that the latter produces action items that actually produce further... action. Yes. For the most part, the open microphone portion of plenaries tends to serve merely as venting sessions, and sometimes as an informal 'chat'; if anything productive develops, it is typically not linked to open mic activity that possibly triggered to it or contributed to it. It's good for stress relief. :-) Obviously not part of the basic note-taking effort, but I suggest that IETF management groups explicitly consider the task of augmenting the notes with published action items they are taking from the sessions. That's a good idea in my humble opinion. This highlights some important cultural and procedural guidance -- and an explicit action item -- they're worth making more accessible in one or another 'guidance' documents. Merely to offer an example notation: Sean Turner mentioned that a year ago someone asked him how to become a WG chair. Asking is the first step! He thinks that if people want to actively participate, they need to volunteer to write drafts etc. {guidance/leadership} The above lists asking as the first step. Most people would not ask as it is awkward to do so. Participants see the same individuals being selected WG Chairs. Do I have to work for a big company to be selected WG Chair? Do I have to be friends with the Area Director to be selected as WG Chair? Here's a quote from the minutes: "Benoit Claise believed that it is also a matter of perception. If there is a perception that certain people cannot become leaders, then we have a problem." There is unfortunately such a perception. Directorate. Some people are shy about going to the mic. If you are not a native English speaker or if you are not comfortable to speak in public or if you are a woman in a room of 50 males, you might not feel comfortable. We might want to think about other ways to reach out and get other people's input than the ways we have right now. {participation/wg} It is difficult for people who are not from the United States, Canada, United Kingdom, Australia or New Zealand to understand the English spoken in the IETF. It is difficult for some people to understand the informal words and expressions used in IETF discussions. Someone from Germany mentioned that it would be helpful to have transcription services in real time to make it easier for non-native English speakers to follow the discussions. The top affiliations are as follows: Cisco Huawei Ericsson Alcatel Juniper Ntt Google ATT Orange IBM It's up to these companies to see whether the women participation requires an action item. I don't know whether these companies have heard of "changetheratio". I was surprised by the results for the directorate (you may have seen the message). There are bright and talented people irrespective of age or sex. Does anyone reach out to them? Arturo Servin mentioned the following: "don't be afraid to get out of your comfort zone and pick people that you maybe would not have thought of before." Harald Alvestrand mentioned that: "Whatever the IETF community has done over the last years did not help, so he feels that we need to do something different, but doesn't have a suggestion." The IETF can discuss about the "something different" for the next three years or it can take the risk of actually trying something different to see whether it works or not. Regards, S. Moonesamy
Re: Mentoring
Hi Seiichi, At 07:55 AM 3/14/2013, Seiichi Kawamura wrote: I cannot belive that I'm seeing this thread on an IETF list. I run a NOG, and we've been through this many times and we're alread over it. Don't call them 'newbies'. Don't think that having the Yes. It's all about PEER involvement. Agreed. The attitude that the COMMUNITY has. Do you talk to your friends about IETF? Are you proud of it? Will you encourage your friends to come? Does it make sense to you? Is the community working towards a common goal? Most importantly, are we listening? or are we justing pretending to. Maybe I am listening but I do not really understand the person who is talking to me. Quoting Metallica "and nothing else matters" Yes. :-) Regards, S. Moonesamy
Re: Diversity of IETF Leadership
Hi Margaret, At 06:00 AM 3/11/2013, Margaret Wasserman wrote: I've been thinking, for instance, that one thing we could add to our list of immediate actions is for IESG members to review their directorate membership and, if it makes sense, attempt to increase the diversity of their directorates. This would have two effects: the IESG would get better advice, and it would give the people they appoint more opportunity to interact with other senior IETF participants and demonstrate their abilities. The directorate I know about has individuals from approximately ten countries. There are now a few women. It is not easy to find volunteers. The opportunity is there. The problem is that nobody steps forward. I'll use the word "perspective" instead of diversity. If you ask me what it means, it means individuals who can bring in ideas, and who can look at problems from different angles, and who can get the work done. I would set the target date for results as two years from today. The question I'll ask is what are the next steps? Regards, S. Moonesamy
Re: Diversity of IETF Leadership
Hi Jari, At 09:52 AM 3/10/2013, Jari Arkko wrote: I believe an IETF with more diverse participation and leadership would be a stronger IETF. When we have more diverse experiences and viewpoints, our results will be better and more generally applicable. Participants from different places, cultures, men, women, and people in different situations. One of the challenges that I have identified as I am taking the IETF chair task is to make the IETF even more international and more diverse. Agreed. I have suggested individual from Asia for IETF work. These individuals were chosen because they are good at what they do. I do not have any concern about their expertise. For what it is worth I do not rate their expertise. That is subject to peer review. I have not seen any complaints about their work. I take it that the IETF considers that they have the expertise. Diversity of IETF Leadership begins at the bottom. It is challenging for reasons which I unfortunately cannot describe. I am supportive of the effort. I am not comfortable with quotas. My preference is to see that the IETF is accessible. I'll describe that as reaching out to individuals at the point of entry and see what can be done for them to have a lesser barrier within the IETF. Regards, S. Moonesamy
Re: The desires of the IETF community
Hi Tom, At 06:48 08-03-2013, t.p. wrote: How (apart from posting to this list)? Talk to the individuals who are part of NomCom 2012. It's easier to discuss face to face. There is also an email address ( nomcom-ch...@ietf.org ) to reach NomCom. I have no doubt that NomCom 2012 would appreciate any constructive input. Regards, S. Moonesamy
RE: The desires of the IETF community
Hi Christopher, At 05:25 08-03-2013, Dearlove, Christopher (UK) wrote: You need at least two more properties (iii) High technical standard products (iv) Efficient All the openness and fairness in the world is no use if it produces bad products, or if it produces little or no product, or product so late it's no use. (That wording is tailored to protocols etc. There are similar properties for an AD, just worded slightly differently.) And that is why it is up to the IETF community to express its desires. Regards, S. Moonesamy
The desires of the IETF community
Hello, I'll list the properties sought as: (i) Open (ii) Fair There will be sessions at IETF 86 where anyone can say whatever he or she wishes. That takes care of the first property. It is not possible to determine what is fair. Each and everyone has to decide for himself/herself. However, it is unfair for the individuals on NomCom 2012, the IAB, the IESG and the candidates as their actions are constrained by rules or practices. What if there is an environment where the individuals can interact in good faith while taking BCP 10 into consideration? NomCom 2012 has to get an understanding of the IETF community's consensus of the qualifications required. There isn't any rule which restricts NomCom from having a session at IETF 86 to listen to the desires of the IETF community. There isn't any rule which restricts individuals who happen to be on NomCom 2012 from asking clarifying question. There isn't any rule which restricts individuals who happen to be on the IAB from asking clarifying questions. There isn't any rule which restricts individuals who are candidates from asking clarifying questions. Once NomCom 2012 has an understanding of the qualifications required it can talk to any possible candidate, even if the person is not on the current list. Note that NomCom 2012 does not have to disclose the qualities which it will consider to select a candidate. If the NomCom 2012 concludes that there isn't any confirmed candidate yet it can announce that. After all, it is not a surprise to anyone to hear that there isn't any confirmed candidate at the moment. NomCom 2012 can also report the difficulties it encountered separately. The TSVAREA session can then be used to discuss about the difficulties and how IESG operations will be affected. I attempted to separate two questions, qualifications required and what to do about the position. As I don't have much time to write this message I may be missing some points. Regards, S. Moonesamy
RE: Nomcom is responsible for IESG qualifications
Hi Eric, At 14:27 07-03-2013, Eric Gray wrote: In fact, having worked through this, the single biggest dread a NomCom might face is the potential that the IAB may decide to exercise a line-item veto on nominated candidates - either forcing the NomCom to effectively start over, or giving the NomCom a clear indication that their effort to come up with a balanced slate was a complete waste of time. The question that I might ask is what is a path forward for Bullet 14 of Section 5 of RFC 3777. Regards, S. Moonesamy
Re: Appointment of a Transport Area Director
Dear IAB and NomCom 2012, In a message dated February 6, the NomCom Chair requested feedback from the IETF Community for the TSV Area Director position. In a message dated March 3, the IETF Chair mentioned that it might be that no candidate has yet been found that meets the specific IESG-provided requirements. There wasn't any further communication about the subject. BCP 10 describes an advice and consent model. What may have been missed, in my opinion, is that the action or non-action is a significant change to the model. This is a highly unusual situation. I suggest that the appropriate party takes any corrective action it deems fit or else there will be requests for changes to the model in future. Please note that I do not have any affiliation in common with anyone impacted by the appointment decision or any direct or indirect financial interest in the outcome. Regards, S. Moonesamy
Re: I-D Action: draft-moonesamy-rfc2050-historic-00.txt
At 01:36 12-01-2013, Brian E Carpenter wrote: I object to making RFC 2050 historic without retaining at least the content of its Section 1 as an IETF BCP. From Section 1 of RFC 2050: "Currently there are three regional IRs established; InterNIC serving North America, RIPE NCC serving Europe, and APNIC serving the Asian Pacific region." The above information is outdated. While the IETF did formally hand over details of address allocation policy to IANA, we did so knowing that the RIRs themselves, and IANA, considered themselves bound by RFC 2050 (see the list of authors of that document). That was in 1996. The question is whether BCP 12 reflects current practices. An update of RFC 2050, within the scope set by the IETF-IANA MoU, would be reasonable. Abrogation is not reasonable. Noted. At 03:44 12-01-2013, Abdussalam Baryun wrote: I also think similar with Carpenter, why reclassify to historic. rfc2050 is still valid, and why limiting the ietf? IETF participants have not decided about policies regarding IP address allocation since well over 10 years. Such matters are determined within other communities. It would only be limiting to the IETF if it is a matter directly related to IETF protocols. Regards, S. Moonesamy
Re: A mailing list protocol
Hello, Thanks to all of you who provided feedback on this thread and off-list. I'll attempt to summarize the comments on this thread. Wes George asked whether there was an IETF standard format for handling inline quote replies and whether it has been implemented [1]. He mentioned that rehashing an old draft about nettiquete 101 is less helpful. He also commented about the common problem of mangled subject lines that make it very difficult to sort by thread. There was also an off-list comment about this. Scott Brim's comment [2] is an interesting view about standardization. Dave Cridland mentioned RFC 3676 [3]. He pointed out that it primarily useful in simple replies rather than quoting. One of the problem he encounters is a lack of in-reply-to or references fields that I can use for in-thread navigation. Alessandro Vesely commented about disclaimers in messages [4]. I avoided a discussion of standards or to dictate etiquette in draft-moonesamy-mail-list-protocol. Section 2 list points which may see obvious to a lot of people on this mailing list. The text at http://www.ietf.org/newcomers.html doesn't provide a lot of information about facilitating discussions. I would like to ask you to pick the three points from Section 2 ( http://tools.ietf.org/html/draft-moonesamy-mail-list-protocol-00 ) which you consider as helpful to facilitate mailing list discussion and send them to me off-list. I'll post a summary to this mailing list after a week. Regards, S. Moonesamy 1. http://www.ietf.org/mail-archive/web/ietf/current/msg76271.html 2. http://www.ietf.org/mail-archive/web/ietf/current/msg76275.html 3. http://www.ietf.org/mail-archive/web/ietf/current/msg76295.html 4. http://www.ietf.org/mail-archive/web/ietf/current/msg76296.html
Re: A mailing list protocol
Hi Arturo, At 06:16 05-12-2012, Arturo Servin wrote: What are "those"? Without the context it is impossible to guess, at least for me. According to http://www.ietf.org/mail-archive/web/ietf/current/msg76273.html the message posted by Scott Brim ( http://www.ietf.org/mail-archive/web/ietf/current/msg76275.html ) is a follow-up comment to the message posted by Martin Thomson. The messages posted by these two persons are related to the message posted by Wes George ( http://www.ietf.org/mail-archive/web/ietf/current/msg76271.html ). That message contains the words "client implementations". The comment from Scott Brim could be rewritten as: The issues mentioned by George Wes and Martin Thomson are all endpoint implementation problems and thus not subject to IETF standardization. As the sentence written by Scott Brim has a smiley at the end, the idea expressed might be somewhat similar to: Mi perro se comió las hojas donde estaban mis deberes del colegio. The comment is actually a good argument. Whether it would be valid or not is a matter of context. Regards, S. Moonesamy
A mailing list protocol
Hello, I submitted a draft which discusses about a mailing list protocol [1]. It is a code of courtesy that the reader may wish to extend to others to facilitate the exchange of opinions and ideas, and to facilitate mailing list discussions. Sally Hambridge deserves full credit for most of the text. The draft is not about rules, guidelines or BCPs. The problems I encountered are: (a) excessive text in mailing list messages causing the message digest to be sent after a few messages are posted to a mailing list. (b) replies to messages which use an odd quoting style [2]. You are invited to criticize the draft. Regards, S. Moonesamy 1. http://tools.ietf.org/html/draft-moonesamy-mail-list-protocol-00 2. http://home.in.tum.de/~jain/software/outlook-quotefix/
Re: Selection of a replacement IAOC member
Hi Barry, At 17:15 02-11-2012, Barry Leiba wrote: This is decidedly NOT something that any process empowers the NomCom chair to do. Matt could certainly give his opinion as an individual, but I can't see under what process it would have any official weight. I mentioned NomCom instead of NomCom Chair as that's the selecting body. These individuals have been selected according to the algorithm from RFC 3797 [1]. None of these individuals are members of the IAB, IESG or IAOC. My request does not prevent the Member Recall petition from being pursued. For the sake of disclosure, I do not have any interest in common with the IAOC member except for IETF participation. The request was not discussed with anybody. I am deferring to the nominating committee to see whether BCP 113 is applicable, and if so, take whatever action it deems appropriate. Regards, S. Moonesamy 1. https://datatracker.ietf.org/ann/nomcom/50952/
Selection of a replacement IAOC member
Hello, The IAOC Chair posted a message about the IAOC appointing a replacement liaison to the IETF NomCom after learning from the NomCom chair that Marshall had not responded to emails from the NomCom chair. [1] According to BCP 113: "However, if the appointed member is unable to serve the full two-year term, the selecting body may, at its discretion, immediately select a replacement to serve the remainder of the term using the interim process defined in Section 3.5.1." Mr Marshall Eubanks was selected by the 2011-2012 IETF Nominating Committee [2]. Given that Mr Marshall Eubanks has not responded to emails from the NomCom Chair it would appreciated if NomCom could determine: (a) Whether the appointed member is unable to serve the full two-year term (b) Select a replacement to serve the remainder of the term using the interim process Regards, S. Moonesamy 1. http://www.ietf.org/mail-archive/web/ietf-announce/current/msg10812.html 2. https://datatracker.ietf.org/ann/nomcom/3291/
Re: Last Call: (Update to RFC 3777 to Clarify Nominating Committee Eligibility of IETF Leadership) to Best Current Practice
Hello, Although the Last Call for draft-leiba-3777upd-eligibility-04 has not ended, I'll do a quick summary. Russ Housley (as an individual) commented about updating one sentence about the recall of an IAOC member [1]. Barry recommended addressing this as part of a more comprehensive update [2]. Dave Crocker mentioned that such a change would alter the scope of the draft [3]. He also commented on "paid staff". There was a comment from Ted Hardie [4] about that. Adrian Farrel made two small editorial proposals [5] to which Barry agreed. Please let me know if your comments have not been addressed. Regards, S. Moonesamy (as document shepherd) 1. http://www.ietf.org/mail-archive/web/ietf/current/msg75129.html 2. http://www.ietf.org/mail-archive/web/ietf/current/msg75138.html 3. http://www.ietf.org/mail-archive/web/ietf/current/msg75130.html 4. http://www.ietf.org/mail-archive/web/ietf/current/msg75135.html 5. http://www.ietf.org/mail-archive/web/ietf/current/msg75136.html
Commercial email from the Verizon Online Marketing Team
Dear Verizon, I received a commercial email from the Verizon Online Marketing Team. The message is DKIM-signed by netsender1.com. Is Verizon collecting email addresses from IETF mailing lists or IETF Contributions? Regards, S. Moonesamy
Re: Some thoughts about draft-leiba-3777upd-eligibility-02.txt
At 12:34 21-08-2012, Barry Leiba wrote: I do, and I actually had the same problem with it when I wrote it as you do. So help me, please: How *should* this be put? I don't like, "and those employed in the RFC Editor function," and I really can't think of a concise, clean, accurate way to write it down, though we all (today) know what it means. Text, please, someone. RFC 4844 (see Section 3.1) uses the term "RFC Editor". RFC 6635 mentions "RFC Editor function". I suggest going with the RFC 4844 argument about simplicity and using "RFC Editor". I cannot think of an accurate way to write that paragraph. I'm inclined to pull it out (having not checked that with SM yet, though). Does anyone (including SM) think it definitely needs to be in here? I don't have a strong opinion about the erratum. Pull it out. At 12:45 21-08-2012, Donald Eastlake wrote: In particular, I believe the there are Editorial Boards that the various fragments of the RFC Editor appoint and consult which should not be excluded. These bodies were left out. There is a comment in the draft labelled as anchor1. At 13:11 21-08-2012, Margaret Wasserman wrote: Why do you want to rule out employees of those groups? I don't think that most of them would have any interest in volunteering for the nomcom, but why would it be a problem if they did? I mean, I could picture someone who worked for the RFC Editor who was also technically involved in the IETF, like Aaron Falk used to be, and I don't know why we would want to disqualify someone like that from volunteering for the nomcom. I'll comment as part of the message which Adrian posted. At 03:10 21-08-2012, Adrian Farrel wrote: However, the document very quickly launches into a discussion of other people to exclude from NomCom. It does this by introducing the concept of a "conflict of interest." There may be a valid debate to have about conflict of interest, but I personally find it a very long wedge, and although there may be clear-cut cases at either extreme, it is by no means clear where to draw the line. Yes. I find the excuse used (that those excluded are unlikely to volunteer) as rather poor taste. It may be true that such people have not volunteered in the past, but that should not be used as a reason. You are removing rights that people previously had - you should have good, stand-alone reasons and not depend on whether or not earlier holders of certain posts exercised those rights. The last sentence broaches an interesting angle. From RFC 3777: "The IETF Secretariat is responsible for confirming that volunteers have met the attendance requirement." "The IETF Secretariat is responsible for confirming that each signatory is qualified to be a voting member of a nominating committee." As the IETF Secretariat has duties in the RFC 3777 mechanism, would it be a good stand-alone reason to remove the right to be a volunteer? The RSE and ISE are under contract with the IAOC. The other part of the RFC Editor (function) are external organizations. At 13:52 21-08-2012, Bob Hinden wrote: While on this topic, we might as well get it right. The text in the draft is: This document also excludes certain individuals who are directly paid for their work with the IETF, and who, therefore, have a direct personal financial incentive in the selection of the leadership boards. We limit this exclusion to a few people who are paid for long-term full-time work. In practice, they are unlikely to volunteer for the NomCom anyway, so this addition makes little practical change. I assume the intent is exclude people who are paid by the IETF to do work in the IETF. For example, the IAD. The problem is that no one is paid by the IETF. The IETF has several people who do work at it's direction. This is done as direct employees of ISOC or as contractors who have their contracts with ISOC. We also hire (via ISOC) companies that provide services to the IETF. This ranges from the secretariat services, NOC services, tools development, program management services, and tools specification development. In these cases it difficult to tell if an individual is working for the IETF "long-term full-time work". Ok. :-) Further, the text as written could be interpreted to exclude people who's employers pay they to participate in the IETF. For example, that would include me because it is part of my job to participate in the IETF. I don't think that is the intent of the text in the draft, but it would be easy to interpret it that way. OK, maybe I don't do it full time, but all of the IESG position require full time support. It is the additions to RFC 3777 that matters as they become part of the RFC 3777 rules. I'll discuss about the comments with Barry before commenting further. Regards, S. Moonesamy
Re: New Version Notification for draft-leiba-3777upd-eligibility-01.txt
Hi Bob, At 13:53 17-08-2012, Bob Hinden wrote: Yes, it would help for reviewing this draft, but it will still make it complicated for future noncom's to understand the rules. A single document would be easier to understand. Ok. I'll post a draft. I suppose an alternative would be to file an errata on RFC3777 that says something like add "IAOC" to everywhere in the document it says IESG, IAB, and ISOC Board of Trustees, and leave the specific changes as an excise to the reader. :-) Yes. :-) It's a little more than though as there is a change to Bullet 15. There's the question of what to do about RFC 5633 and RFC 5680. Regards, S. Moonesamy
Re: New Version Notification for draft-leiba-3777upd-eligibility-01.txt
Hi Bob, At 13:24 17-08-2012, Bob Hinden wrote: Given what started as a simple change has turned into many changes (14 changed paragraphs by my count), I am starting to think that doing a RFC3777 update document would be a better approach. Then it would be easy to look at a diff from RFC3777 and see all of the changes. I thought about the update when I posted a related draft as minor changes look extensive due to the IAOC addition in various parts of the text. I can post a draft which incorporates the changes from draft-leiba-3777upd-eligibility-01 to make the diff easier. Would that help? Regards, S. Moonesamy
Re: New Version Notification for draft-leiba-3777upd-eligibility-01.txt
At 07:05 17-08-2012, Russ Housley wrote: The document says: o Bullet 3, paragraph 1 is replaced by this: The nominating committee comprises at least a Chair, 10 voting volunteers, 4 liaisons, and an advisor. The Past Chair is missing. The Past Chair is mentioned in Bullet 10. The only change in the above text is the increase in liaisons from 3 to 4 to include the liaison from the IAOC. The adviser is not required, as implied by the "at least" in this sentence. Bullet 3, paragraph 8 mentions that "the Chair of last year's nominating committee serves as an advisor". The "at least" is for the composition of the nominating committee, i.e. it can have more than four liaisons (paragraph 3) or an additional advisor (paragraph 2). Also, if I understand properly, the ISOC BoT is allowed to provide a liaison, but they are not required to do so. Yes. Regards, S. Moonesamy