Re: Possible RFC 3683 PR-action
As one of the 2 PR-action'ed persons, let me respond to these assertions. I was subject of a PR-Action in fall of 2005 because I did three things: 1) I asked for honesty in the sources of claims in the controverial spamops document. The discredited source was SORBS, which falsely claims address blocks used by Av8 Internet (130.105/16 and 198.3.136/21) are hijacked. They have done this since 2003, and know of the mistake. SORBS is connected to Paul Vixie and Dave Rand. 2) I asserted that RFC 3979 applied to DNS drafts, which had not made the proper disclosures required under RFC3979. Steven Bellovin (then chair of the IPR Working Group falsely stated that RFC3979 wasn't the policy of the IETF. ISOC Atty Contreras later refuted Bellovin's false claim. I was right. The drafts have not made the proper disclosures. This activity is similar to the deception by Russ Housley with the TLS-AUTHZ document. (Housley also voted on my PR-Action) 3) I attempted to discuss problems with Stateful Anycast Stability on DNSOP. Even though DNSOP was the proper forum for this discussion, I was bluntly told to drop the subject by then Area Director David Kessens. Kessens was associated with Paul Vixie and ISC through several connections. Vixie was advocating Anycast, and stood to lose money if problems were revealed. Since then, experimental data confirms the problems with Stateful Anycast. I've been vindicated on all three issues of the PR-Action. There was no misconduct on my part. Since then, I have been banned from the GROW, IPR, and DNSEXT Working Groups: -- I was banned from GROW for opposing draft-ietf-grow-anycast (Kessens) that implied that stateful anycast was stable, and stated that per packet load balancing (PPLB) was pathological. My opposition was steam rolled. As Sam Hartman wrote in his evaluation record: I believe that the IESG did not follow a process consistent with how we handle other documents and that the divergences from our normal process created an unacceptably closed process. As such, I am abstaining on this document as I cannot support its publication under the process that was used. The area director described the process used as hard ball. He said that because of the history of the document he was pushing back against changes both from the IESG and late last call comments more so than usual. By history, I suspect that he meant both the fact that this document has already been subject to an appeal and the fact that the document has been under development for a long time. I think that the area director chose to play hard enough ball that the process can no longer be considered open and that the IESG erred in supporting this process and approving the document. -- I was banned from IPR Working group. I am president of the LPF, an anti-patent organization founded by Richard Stallman. The LPF represents the views of many GNU supporters and many famous people in computer science. I was banned for working to fix the problems that enabled Russ Housley to deceive the IETF on IPR disclosure, yet receive no penalty. -- I was banned from the DNSEXT Working Group (namedroppers) which I have participated in since about 1990. I was banned because I opposed the author assigned to a revived axfr-clarify draft. This draft was involved in a prior scam by Paul Vixie et al 'clarifying' the AXFR protocol in 2002. The draft proponents claimed the draft had no wire protocol changes. However, it was discovered by Dr. Bernstein that the draft did include protocol changes. It was also discovered that BIND had already implemented changed protocol with detection for the old protocol. This scam was discovered and originally opposed by Dr. Dan Bernstein, the author of a major DNS server implementation. In 2002, Bernstein's email was blocked, subjected to forged unsubscriptions, etc. The draft was dead until recently, when Vixie and affiliates revived the document. I objected to assigning the document to authors affiliated with the previous abuse of Bernstein. None of these represent any sort of obstruction to legitimate work. Paul Vixie seems to be the center of the abuse against me, using his resources at NANOG, ISOC, and ARIN, and SORBS to interfere with my business and to promote his own economic interests. Others also have economic motives to harm me (e.g. Housley to prevent his being held accountable for patent disclosure violations.) These efforts at improper and unjustifiable censorship are presently the subject of legal contacts between my lawyer and their lawyers. These efforts to censor persons for economic purposes contradict the bylaws and charters of each of the organizations, and violate US laws. It will not stand. SORBS operator Matthew Sullivan has stated his intent to cause AV8 Internet to spend money to sue people who would lose but have no money to pay damages. But I do agree that the efforts at censorship are indeed a waste of time.
Re: Possible RFC 3683 PR-action
On Sun, Mar 23, 2008 at 08:45:19AM -0700, Christian Huitema [EMAIL PROTECTED] wrote a message of 12 lines which said: Does the IETF have a policy regarding misrepresented identities? For instance, I claim that the person mentioned in section 10 of RFC 5242 may be actually the same person who is the target of a PR-action, with just a small modification of his name. If this is true, he cannot post on IETF mailing lists and should be banned of Acknowledgments sections as well! ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Stephane Bortzmeyer wrote: If this is true, he cannot post on IETF mailing lists and should be banned of Acknowledgments sections as well! The IESG Note in RFC 5242 is perfectly clear, with a length of 11 lines it reaches a third of the IESG Note size used in RFCs 4405, 4407, 4407, and 4408. For a shorter IESG Note I'd support an appeal or recall petition, but 11 lines ought to be good enough for everybody. It would be completely unjustfied to count empty lines, and then claim that 12 of 38 is less than a third, even if the 38 lines don't include a page header added by the RFC-editor without consent of the IESG, let alone any IETF Last Call. Frank ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On 2008-04-02 09:41, Stephane Bortzmeyer wrote: On Sun, Mar 23, 2008 at 08:45:19AM -0700, Christian Huitema [EMAIL PROTECTED] wrote a message of 12 lines which said: Does the IETF have a policy regarding misrepresented identities? For instance, I claim that the person mentioned in section 10 of RFC 5242 may be actually the same person who is the target of a PR-action, with just a small modification of his name. If this is true, he cannot post on IETF mailing lists and should be banned of Acknowledgments sections as well! Do you believe that 'f' is isomorfic with 'ph'? Brian ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Stephane Bortzmeyer skrev: On Sun, Mar 23, 2008 at 08:45:19AM -0700, Christian Huitema [EMAIL PROTECTED] wrote a message of 12 lines which said: Does the IETF have a policy regarding misrepresented identities? For instance, I claim that the person mentioned in section 10 of RFC 5242 may be actually the same person who is the target of a PR-action, with just a small modification of his name. If this is true, he cannot post on IETF mailing lists and should be banned of Acknowledgments sections as well! No, this needs an RFC 3683 update - the RFC mentions acknowledgements only in the title of its acknowledgements section; steps need to be taken at once to rectify this severely overlooked issue. We can't have people mounting denial of service attacks against the IETF by being mentioned in acknowledgements section - that would be Just Too Impolite! Harald ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
--On Wednesday, April 02, 2008 12:09 AM +0200 Harald Tveit Alvestrand [EMAIL PROTECTED] wrote: For instance, I claim that the person mentioned in section 10 of RFC 5242 may be actually the same person who is the target of a PR-action, with just a small modification of his name. If this is true, he cannot post on IETF mailing lists and should be banned of Acknowledgments sections as well! No, this needs an RFC 3683 update - the RFC mentions acknowledgements only in the title of its acknowledgements section; steps need to be taken at once to rectify this severely overlooked issue. We can't have people mounting denial of service attacks against the IETF by being mentioned in acknowledgements section - that would be Just Too Impolite! Of course, this would contradict the requirements of various other documents that the acknowledgements contain a full description of everyone who contributed substantively. So those documents would all need to be updated to make appropriate exceptions. john ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Theodore Tso tytso at MIT dot EDU wrote: A valid technical concern is easy to deal with. If they provide an idea, I suspect a cautious working group chair might insist on knowing their real name and company affiliation, since there have been past examples where companies have tried to inject patented technologies into a standards specification. I suppose a few personal notes might be in order regarding company affiliation, since I've served as editor for both RFC 4645 and draft-ietf-ltru-4645bis, both products of the LTRU Working Group that started this thread, and both under the title Consultant instead of a company or other organizational affiliation. There are a couple of reasons. One is that my company, which had apparently been embarrassed by employees posting personal opinions on an industry message board in a way which made them sound like official company positions, instituted a set of Internet and Electronic Communications Guidelines some years ago which prohibits employees from stating their [company] affiliation over the Internet unless required as part of their job description. This went way too far in my opinion -- stating that you work for XYZ Company is quite different from stating that you represent the official position of XYZ Company -- but it is the approved policy, it allows for termination in the event of violation, and we all signed it. The other reason is that three years ago, there was an attempt by -- surprise! -- JFC Morfin to contact the professional employer of one of the LTRU participants and single him out for corporate disciplinary action, in retaliation for his support of a PR-action against Morfin. Together with the Internet and Electronic Communications Guidelines, this hostile and unprofessional action further convinced me that it was not in my best interests to disclose my employer in documents published on the Internet, and especially not in an RFC where the text: D. Ewell, Ed. XYZ Company might present the impression, rightly or wrongly, of company sponsorship or representation. Next week I start work for a new employer, and I hope they will have a more enlightened attitude toward employees stating their [company] affiliation over the Internet and will understand that stating one's affiliation in an IETF document is a matter of author identification, not corporate sponsorship. In passing, I will restate that my involvement with the LTRU has always been individual in nature, and has never been sponsored or sanctioned by any commercial interest nor driven by any corporate goal, although I believe the work may be of value to any entity (corporate or otherwise) concerned with the identification of linguistic content. -- Doug Ewell * Fullerton, California, USA * RFC 4645 * UTN #14 http://www.ewellic.org http://www1.ietf.org/html.charters/ltru-charter.html http://www.alvestrand.no/mailman/listinfo/ietf-languages ˆ ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
--On Sunday, March 30, 2008 9:00 PM -0700 Doug Ewell [EMAIL PROTECTED] wrote: Theodore Tso tytso at MIT dot EDU wrote: A valid technical concern is easy to deal with. If they provide an idea, I suspect a cautious working group chair might insist on knowing their real name and company affiliation, since there have been past examples where companies have tried to inject patented technologies into a standards specification. I suppose a few personal notes might be in order regarding company affiliation, since I've served as editor for both RFC 4645 and draft-ietf-ltru-4645bis, both products of the LTRU Working Group that started this thread, and both under the title Consultant instead of a company or other organizational affiliation. There are a couple of reasons. One is that my company, which had apparently been embarrassed by employees posting personal opinions on an industry message board in a way which made them sound like official company positions, instituted a set of Internet and Electronic Communications Guidelines some years ago which prohibits employees from stating their [company] affiliation over the Internet unless required as part of their job description. ... Doug, Even this stringent a rule would presumably not prevent you from disclosing your affiliation to a WG Chair or the Secretariat if you were asked a specific question in order to help authenticate you. If it is possible to read our rules to prevent the entities who might legitimately ask you for that information from keeping it confidential if that were reasonably required, then those rules may need clarification or tweaking. But there is a huge difference between stating/ advertising a company affiliation in a mailing list email address or at the top of an RFC and responding to the sort of query that I think Ted's note suggests. john ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Hi Simon, the case I was thinking about was this one: http://www.consortiuminfo.org/standardsblog/article.php?story=20070323094639 964 Stephan On 3/25/08 3:33 PM, Simon Josefsson [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] writes: [...] If we learned that the anonymous posting actually came from person was affiliated with the IPR holder, then there is legal recourse. My point is that by avoiding anonymous posting, the likelihood of such abuse is significantly reduced. I think the point would be valid if there were significant abuse today. I don't know what would qualify as significant here, but there has been at least one rather high profile antitrust case in the recent history (semiconductor industry), in which a situation similar to the one we are discussing has played a role. If the account at http://en.wikipedia.org/wiki/Rambus#Lawsuits is to be trusted, I can't find many similarities with the situation we are discussing here. Could you clarify how anonymous contributions played a role in your example? /Simon ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Frank Ellermann [EMAIL PROTECTED] writes: Noel Chiappa wrote: if our IP rules, which I haven't looked at recently, already said that, my apologies, and don't kick me too hard! :-) *KICK* ;-) Posted yesterday: Hm, how does those rules meet any of the requirements Noel had? /Simon | The IESG has received a request from the Intellectual Property | Rights WG (ipr) to consider the following document: | - 'Rights Contributors provide to the IETF Trust ' | draft-ietf-ipr-3978-incoming-08.txt as a BCP | The IESG plans to make a decision in the next few weeks, and | solicits final comments on this action. Please send substantive | comments to the ietf@ietf.org mailing lists by 2008-04-07. ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
[EMAIL PROTECTED] (Noel Chiappa) writes: From: Hallam-Baker, Phillip [EMAIL PROTECTED] If someone participates under a pseudonym with the objective of inserting patented technology and anyone finds out they are in big trouble. Much worse than any prior case. We should write in our rules that anyone who contributes technology to any IETF activity which they know to be either a) patented, b) the subject of a filing, or c) the subject of a planned future filing, *without disclosing said patent status* to the WG/I*, either: Could we get away with making the NOTE WELL more visible? For example, require that everyone (including any pseudonymous contributors) who submit an internet-draft needs to ACK that they have read and understood the NOTE WELL? /Simon ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Thanks for clarifying, given the lack of details I jumped to conclusions. Still, I don't see how anonymous contributions were involved? /Simon Stephan Wenger [EMAIL PROTECTED] writes: Hi Simon, the case I was thinking about was this one: http://www.consortiuminfo.org/standardsblog/article.php?story=20070323094639 964 Stephan On 3/25/08 3:33 PM, Simon Josefsson [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] writes: [...] If we learned that the anonymous posting actually came from person was affiliated with the IPR holder, then there is legal recourse. My point is that by avoiding anonymous posting, the likelihood of such abuse is significantly reduced. I think the point would be valid if there were significant abuse today. I don't know what would qualify as significant here, but there has been at least one rather high profile antitrust case in the recent history (semiconductor industry), in which a situation similar to the one we are discussing has played a role. If the account at http://en.wikipedia.org/wiki/Rambus#Lawsuits is to be trusted, I can't find many similarities with the situation we are discussing here. Could you clarify how anonymous contributions played a role in your example? /Simon ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On Mar 25, 2008, at 4:57 PM, Michael Thomas wrote: How do I know that you're not a dog? or a puppet... A small fellow with a red nose, a yellow complexion, and a miserable hairdo was at some point even appointed to the IAB !?! http://www.ietf.org/mail-archive/web/ietf/current/msg41460.html :-) --- Bert http://bert.secret-wg.org/ PGP.sig Description: This is a digitally signed message part ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On Wed, Mar 26, 2008 at 11:24:42AM +0100, Bert [EMAIL PROTECTED] wrote a message of 55 lines which said: or a puppet... A small fellow with a red nose, a yellow complexion, and a miserable hairdo was at some point even appointed to the IAB !?! It's easy to prove this fellow does not exist: 1) The PGP signature is invalid 2) He does not accept email: [EMAIL PROTECTED]: host mx.secret-wg.org[213.154.224.48] said: 554 5.7.1 Service unavailable; Client host [192.134.4.11] blocked using relays.ordb.org; ordb.org was shut down on December 18, 2006. Please remove from your mailserver. (in reply to RCPT TO command) ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action.
--On Wednesday, March 26, 2008 00:24:57 +0100 LB [EMAIL PROTECTED] wrote: So it seems to me that the current debate, which I do not have much time to spend and who is in a language that I do not master, has two other goals. - Discredit these Drafts in case they would allow the internet to work better. - Protect all the commercial interests by wanting paying members. As if IETF was afraid that the non-profit lead users may join. c'mon neihter JFC nor LB has ever offered a draft, or even outlined a comprehensible strategy. One person that the IETF trusts saying that he's verified that JFC and LB are distinct persons would end this debate forever. Posting anonymous messages to the list proclaiming that they're different accomplishes exactly nothing. Put up or shut up. Harald ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
--On Wednesday, 26 March, 2008 14:25 +0100 Stephane Bortzmeyer [EMAIL PROTECTED] wrote: On Wed, Mar 26, 2008 at 11:24:42AM +0100, Bert [EMAIL PROTECTED] wrote a message of 55 lines which said: or a puppet... A small fellow with a red nose, a yellow complexion, and a miserable hairdo was at some point even appointed to the IAB !?! It's easy to prove this fellow does not exist: 1) The PGP signature is invalid 2) He does not accept email: ... It is also easy to prove that he does exist, if one is not picky about issues of genus and species: (i) Many people who are active in the IETF have met him and could vouch for that fact. (ii) There are several photograph galleries that contain pictures of this individual in the presence of, and sometimes in intimate contact with, various figures who are well-known around the IETF. Some of galleries are maintained by people who are part of, and well-known to, the IETF community and who can testify to the authenticity of the photographs. (iii) The individual in question has been observed at multiple IETF activities and events in recent years. I would think that even a fraction of that much evidence that someone was a distinct individual, coupled with even rudimentary evidence that the individual involved was able to initiate and send his or her own email, would be more than sufficient to settle any discussion of this type. john ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Possible RFC 3683 PR-action
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Thomas Mike, could be a dog too I'm not sure what you people have against canines - if a dog can email in cohesive comments on a draft or working group topic, I say we should listen! ;) The issue here is not one of identity for email/discussion, but rather one of identity for consensus declaration. In other words, I don't see anything wrong with letting anonymous/random beings communicate ideas to the IETF through email or jabber or whatever. What gets tricky is a WG chair basing consensus or interest on the email list traffic. The problem is how consensus is determined, not how we identify contributors. In the IEEE 802 groups, they have (or used to when I went) a policy of anyone can comment, but you have to physically go to a certain number of meetings per year, and continue doing so, to be counted as an actual voting member. (but anyone from anywhere could become such a member if they participated) That worked pretty well, because often times they still went with consensus but only pulled out the voting members only policy when something could not be so resolved. I realize that physically going to IETF meetings is not a model we want, but for people who don't go, we could require vetting of identity to get voting status. -hadriel p.s. And I for one welcome our new dog overlords. I'd like to remind them that as a former cat-owner, I can be helpful in rounding up cats to toil in their dog pounds. ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action.
Hi - From: Harald Tveit Alvestrand [EMAIL PROTECTED] To: LB [EMAIL PROTECTED]; ietf@ietf.org Cc: [EMAIL PROTECTED] Sent: Wednesday, March 26, 2008 6:29 AM Subject: Re: Possible RFC 3683 PR-action. ... c'mon neihter JFC nor LB has ever offered a draft, JFTR https://datatracker.ietf.org/drafts/draft-mltf-jfcm-cctags/ or even outlined a comprehensible strategy. ... No comment. Randy ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On Tue, Mar 25, 2008 at 05:08:31AM +0100, Harald Tveit Alvestrand [EMAIL PROTECTED] wrote a message of 28 lines which said: we had this exact problem with the many identities of Jeff Williams; he had enough pseudo-personalities on the list that he would sometimes claim to have a majority, jut from his own postings. Since IETF does not vote, it is certainly not an issue here? ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On Tue, Mar 25, 2008 at 08:53:15AM +0100, Stephane Bortzmeyer wrote: On Tue, Mar 25, 2008 at 05:08:31AM +0100, Harald Tveit Alvestrand [EMAIL PROTECTED] wrote a message of 28 lines which said: we had this exact problem with the many identities of Jeff Williams; he had enough pseudo-personalities on the list that he would sometimes claim to have a majority, jut from his own postings. Since IETF does not vote, it is certainly not an issue here? Well, it can be an issue in terms of determining rough consensus. Suppose you have 100 sock puppets all with gmail or hotmail accounts, all claiming that some approach which all of the key technologists and experts in the field and RFC authors have rejected, is really the right way to go. We can do straw polls in face to face meetings, but in theory, all decisions are supposed to be confirmed on the mailing list. Suppose 100 (presumed) sock puppets who all just happen to have the same fracturered logic and writing styles as JFC show up on LTRU and claim that they are driving consensus. RFC 3683 evasion aside, it could certainly cause cause problems for a working group chair who is trying to determine consensus, such that said chair might want to confirm whether or not 100 posters to the mailing list, all with pseudonyms derived from the name of of French pioneers/heros, were in fact distinct people. After all, they could all argue that the nonsense they are spouting is in fact deep received wisdom, and it's a minority of the working group who don't understand their reasoning, and so therefore the positions of their Great Leader JFC, is in fact rough consensus. :-) - Ted ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Theodore Tso wrote: Suppose you have 100 sock puppets all with gmail or hotmail accounts Wait a moment, I don't know about hotmail accounts, but for gmail it is possible to have corresponding google pages, a profile, a jabber account, etc., and the task to check how plausible this is is not harder than for many similar accounts at other providers. If you consider it as likely that an entity claiming to be Frank Ellermann exists and created some http://purl.net/xyzzy pages, then you'd find that this entity redirected all rev=made links plus a contact link on http://purl.net/xyzzy/privacy.htm to the Reply-To gmail address of this article. You'd also find that http://hmdmhdfmhdjmzdtjmzdtzktdkztdjz.googlepages.com/index.html (derived from the horrible local part) confirms that theory. It's also possible to submit mails using SMTP or rather RFC 4409 with Gmail accounts, in that case you'd see a normal source IP in the header, not the anonymous Web mail IP. FWIW, it is of course no rocket science to arrange an unsuspicious source IP. the positions of their Great Leader JFC, is in fact rough consensus. :-) Yes, but faking a plausible legend would be hard work, and it is tough luck when other folks simply challenge a missing legend: http://article.gmane.org/gmane.ietf.ltru/9269/match=jfc+wrote Frank ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
I've been carefully not posting in this thread for a while, but can't control myself today. (So I'm not particularly arguing with Ted's points, his e-mail is just the the latest e-mail in the thread) My apologies in advance. As Ted said, in theory, all decisions are supposed to be confirmed on the mailing list, but I haven't seen anyone point out the reason why - because we also think it's important to have very few barriers to participation in the IETF, so we don't require attendance at any face-to-face meeting, ever. So I'm not sure how we verify identities when anyone we question can just post from an e-mail account at an ISP in Tierra del Fuego, and say the next time you're in the tip of South America, come by and verify my identity. Harald's algorithm (must prove that you exist to SOMEbody) might be the best alternative available, but it does back away from anybody, anywhere can participate. We're not good at writing process text, and I would especially appreciate it if whatever mechanism we finally approve doesn't require participants to post under their legal name - I do not; I don't use my first name, and Spencer is my middle name. So my suggestion is that the community spend a little more time trying to figure out o how widespread, and how frequent, a problem this is, o how much damage Spencer and 100 sock puppets can actually cause, o whether this damage is important enough to justify IESG time fixing the situation, and finally o how much MORE damage Spencer and 100 sock puppets can cause than Spencer and 100 meat puppets[1] can cause. I'm guessing that people who would be offended by Spencer and 100 invisible friends would react the same way if o I hired 100 unemployed Bear Sterns executives to post Spencer is right, you should do X on the mailing list, or if o I asked 100 friends to do the same thing from their work e-mail addresses, or if o I go to another engineering society and ask 100 of THEM to do the same thing from their work e-mail addresses (and we've already had to deal with this, most recently with a letter-writing campaign explaining to us that we must not approve standards with patented technology) ... but at some level, if you're going to prevent DoS attacks from sock puppets, you'll need to be prepared to do the same thing when meat puppets attack. The IETF is still a meritocracy, not a democracy. Bad ideas are still bad ideas, even if lots of people have them. Binary numbering still uses two values (zero and one), no matter how many drafts say something else. Working group chairs have two responsibilities - to be fair, and to make progress. When these responsibilities collide, it's not going to be pretty, but Russ's point - we actually do know how to resolve conflicts in the IETF - is critical, because the alternative is that work just stops. Sometimes we just need to make a decision and move on. If you were right, but couldn't convince the WG chair(s), AD, IESG or IAB that you were right, and couldn't convince enough people to sign a recall petition - well, next time, do a better job of convincing convincing people. IMO, of course. Spencer, who should probably be posting as Sanson... [1] I mean real people, of course. we had this exact problem with the many identities of Jeff Williams; he had enough pseudo-personalities on the list that he would sometimes claim to have a majority, jut from his own postings. Since IETF does not vote, it is certainly not an issue here? Well, it can be an issue in terms of determining rough consensus. Suppose you have 100 sock puppets all with gmail or hotmail accounts, all claiming that some approach which all of the key technologists and experts in the field and RFC authors have rejected, is really the right way to go. We can do straw polls in face to face meetings, but in theory, all decisions are supposed to be confirmed on the mailing list. Suppose 100 (presumed) sock puppets who all just happen to have the same fracturered logic and writing styles as JFC show up on LTRU and claim that they are driving consensus. RFC 3683 evasion aside, it could certainly cause cause problems for a working group chair who is trying to determine consensus, such that said chair might want to confirm whether or not 100 posters to the mailing list, all with pseudonyms derived from the name of of French pioneers/heros, were in fact distinct people. After all, they could all argue that the nonsense they are spouting is in fact deep received wisdom, and it's a minority of the working group who don't understand their reasoning, and so therefore the positions of their Great Leader JFC, is in fact rough consensus. :-) ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
we had this exact problem with the many identities of Jeff Williams; he had enough pseudo-personalities on the list that he would sometimes claim to have a majority, jut from his own postings. Since IETF does not vote, it is certainly not an issue here? This is not totally true. A WG Chair or Area Director cannot judge rough consensus if they are unsure if the portion of the population that is representing a dissenting view is one person or many different people. This is especially true when there are a large number of silent observers. Russ ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On Tue, Mar 25, 2008 at 09:40:38AM -0500, Spencer Dawkins wrote: As Ted said, in theory, all decisions are supposed to be confirmed on the mailing list, but I haven't seen anyone point out the reason why - because we also think it's important to have very few barriers to participation in the IETF, so we don't require attendance at any face-to-face meeting, ever. So I'm not sure how we verify identities when anyone we question can just post from an e-mail account at an ISP in Tierra del Fuego, and say the next time you're in the tip of South America, come by and verify my identity. Well, usually someone who says, I think you should do foo, follows it up with, because of bar, and while the alternate choice has upside quux, I believe the engineering tradeoff is such that bar is far more important than quux. So usually it doesn't matter whether someone is posting from Sunnyvale or McMurdo Station. So often, in practice, it doesn't matter. So I think I would certainly grant your argument that most of the time it doesn't matter, which is probably why we haven't spent a lot of time trying to come up with detailed procedures for how to deal with the situation. I certainly think an ad hoc approach such as what the LTRU wg co-chairs chose, with consultation with their AD, was the right way to go, and if LB, whoever he is, wants to challenge their procedure, let him go up the appeal chain. The IETF is still a meritocracy, not a democracy. Bad ideas are still bad ideas, even if lots of people have them. Binary numbering still uses two values (zero and one), no matter how many drafts say something else. Working group chairs have two responsibilities - to be fair, and to make progress. When these responsibilities collide, it's not going to be pretty, but Russ's point - we actually do know how to resolve conflicts in the IETF - is critical, because the alternative is that work just stops. Sometimes we just need to make a decision and move on. If you were right, but couldn't convince the WG chair(s), AD, IESG or IAB that you were right, and couldn't convince enough people to sign a recall petition - well, next time, do a better job of convincing convincing people. No argument here. In fact, I'd argue that the justification *for* PR actions is to make progress, when someone who doesn't understand that they've lost a particular battle by not being a part of the rough consensus can't let ago, and move on - Ted ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
o how widespread, and how frequent, a problem this is, In terms of the number of people, it's tiny. I can only think of three incorrigibly abusive people that bother the IETF, and even if I polled everyone here to name candidates, I doubt that I'd run out of fingers. On the other hand, the amount of time that they waste is enormous, because they abuse processes designed to deal with people whose misbehavior is ambiguous and temporary, which theirs is not. If someone doesn't get the hint to behave after one or two taps on the wrist, they'll never get it and it's a waste of time to keep grinding through processes to re-re-re-eject them. In view of the fact that the same people come back to annoy us year after year after year, we really need efficient ways to make them go away permanently. I also observe that they tend to have, ah, characteristic writing styles that makes it rather easy to recognize when they've grown another personality. So rather than inventing yet more complex rules, I would be inclined to have a much simpler rule that says that if a group's leader sees mail from someone who is obviously You Know Who or You Know Who Else already subject to 3683, just block it and send out a one sentence notice reporting it. Then return to useful work. Regards, Glenn Curtiss ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
From: Russ Housley... Since IETF does not vote, it is certainly not an issue here? This is not totally true. A WG Chair or Area Director cannot judge rough consensus if they are unsure if the portion of the population that is representing a dissenting view is one person or many different people. This is especially true when there are a large number of silent observers. Frankly, it strikes me as somewhat odd that a body acting as a standards-setting organization with public impact might allow any technical decision on its specifications to be driven by people operating under a cloak of anonymity. Expressing an anonymous voice? No problem. Influencing determination of a consensus with public impact? That should not be allowed, IMO. Peter Constable ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
From: Peter Constable [EMAIL PROTECTED] Frankly, it strikes me as somewhat odd that a body acting as a standards-setting organization with public impact might allow any technical decision on its specifications to be driven by people operating under a cloak of anonymity. Expressing an anonymous [criticism]? No problem. Influencing determination of a consensus with public impact? That should not be allowed, IMO. Excellent point. Noel ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Noel Chiappa wrote: From: Peter Constable [EMAIL PROTECTED] Frankly, it strikes me as somewhat odd that a body acting as a standards-setting organization with public impact might allow any technical decision on its specifications to be driven by people operating under a cloak of anonymity. Expressing an anonymous [criticism]? No problem. Influencing determination of a consensus with public impact? That should not be allowed, IMO. Excellent point. So I've never met you, Noel. And I certainly don't have any reason to believe that this email I'm responding to wasn't forged. How do I know that you're not a dog? Mike ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On 3/25/08 11:57 AM, Michael Thomas [EMAIL PROTECTED] wrote: So I've never met you, Noel. And I certainly don't have any reason to believe that this email I'm responding to wasn't forged. How do I know that you're not a dog? Reputation system. Melinda ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
From: Michael Thomas [EMAIL PROTECTED] So I've never met you, Noel. And I certainly don't have any reason to believe that this email I'm responding to wasn't forged. (Responding to the point of your message, rather than the actual words... :-) I think there are two parts to the problem: the first is does this electronic identity correspond to a real person, and how can that electronic identity securely post messages. (I assume that was your point, yes?) As to the first, something like a PGPmail web of trust would work. E.g. you've never met me, but you probably have met Dino or TLi, and they have met me, and can confirm (in both directions) that we're real. As to the second, well, basic email isn't terribly secure (alas); however, there are a number of heuristics. First, for any list I'm on, I will certainly notice if a fake jnc starts posting! And you can look at the Received-from: headers to make sure the email came from where it says it came from. And it's easy enough to track me down and call me on the phone (again, people you know can verify that the phone number is real). Etc, etc... Noel ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Peter Constable [EMAIL PROTECTED] writes: From: Russ Housley... Since IETF does not vote, it is certainly not an issue here? This is not totally true. A WG Chair or Area Director cannot judge rough consensus if they are unsure if the portion of the population that is representing a dissenting view is one person or many different people. This is especially true when there are a large number of silent observers. Frankly, it strikes me as somewhat odd that a body acting as a standards-setting organization with public impact might allow any technical decision on its specifications to be driven by people operating under a cloak of anonymity. Expressing an anonymous voice? No problem. Influencing determination of a consensus with public impact? That should not be allowed, IMO. What if the pseudonymous voice raise a valid technical concern, provide useful text for a specification, or even co-author a specification? I think decisions should be based on technically sound arguments. Whether someone wants to reveal their real identity is not necessarily correlated to the same person providing useful contributions. /Simon ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Possible RFC 3683 PR-action
From: Simon Josefsson [mailto:[EMAIL PROTECTED] Frankly, it strikes me as somewhat odd that a body acting as a standards-setting organization with public impact might allow any technical decision on its specifications to be driven by people operating under a cloak of anonymity. Expressing an anonymous voice? No problem. Influencing determination of a consensus with public impact? That should not be allowed, IMO. What if the pseudonymous voice raise a valid technical concern, provide useful text for a specification, or even co-author a specification? That's having voice. We can be open to any voice. If a concern has valid technical merits, then that should be evident to others, and drive a consensus on its own. But the consensus can still be determined by identifiable people. I think decisions should be based on technically sound arguments. Just so. Whether someone wants to reveal their real identity is not necessarily correlated to the same person providing useful contributions. True. But neither is ability to provide useful contributions necessarily correlated with being counted as part of a consensus. Peter ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On 3/25/08 12:12 PM, Simon Josefsson [EMAIL PROTECTED] wrote: I think decisions should be based on technically sound arguments. Whether someone wants to reveal their real identity is not necessarily correlated to the same person providing useful contributions. In practice I don't think there's really been much of a problem with that. The problem in practice has been with people using process arguments to tie up progress, and that's somewhat harder to judge. Melinda ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On Tue, Mar 25, 2008 at 05:12:33PM +0100, Simon Josefsson wrote: Frankly, it strikes me as somewhat odd that a body acting as a standards-setting organization with public impact might allow any technical decision on its specifications to be driven by people operating under a cloak of anonymity. Expressing an anonymous voice? No problem. Influencing determination of a consensus with public impact? That should not be allowed, IMO. What if the pseudonymous voice raise a valid technical concern, provide useful text for a specification, or even co-author a specification? I think decisions should be based on technically sound arguments. Whether someone wants to reveal their real identity is not necessarily correlated to the same person providing useful contributions. A valid technical concern is easy to deal with. If they provide an idea, I suspect a cautious working group chair might insist on knowing their real name and company affiliation, since there have been past examples where companies have tried to inject patented technologies into a standards specification. (For example, see the FTC's decision re: Rambus[1].) [1] http://www.law.com/jsp/article.jsp?id=1161606920964 If someone is providing text or co-authoring a specification, there are once again copyright considerations which could cause the IETF much headaches. If a Cisco employee were to provide text, and then suddenly yank back copyright permission and disclaim the Note Well, their are consequences to the engineer and to his/her employer if they were to do so. A contributor operating under the cloak of anonymity can evade many of the consequences of being a bad actor. Which once again brings us back to the question of what is the value of letting contributors operate under a cloak of anonymity, and do the benefits outweigh the costs. For political speech where someone wants to distribute the equivalent of leaflets decrying their current's government position on say, torture in violation of the Geneva convention, it's much easier to make the case that allowing anonymous speech is hugely important. In a standards organization, it's much harder to make the argument that anonymity is really a benefit. For example, in the current MS-OOXML controversy, anonymity would make it impossible, or at least much more difficult, to determine whether or not Microsoft really did pack various countries' national bodies with their business partners, and reimbursed membership fees via marketing considerations. So I'm rather glad that all or most ISO national body rules do require declaration and disclosure of legal names and corporate affiliations. - Ted ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
At 12:02 -0400 3/25/08, Melinda Shore wrote: On 3/25/08 11:57 AM, Michael Thomas [EMAIL PROTECTED] wrote: So I've never met you, Noel. And I certainly don't have any reason to believe that this email I'm responding to wasn't forged. How do I know that you're not a dog? Reputation system. Where I lose interest in this conversation is when I ask what does it matter who made the point? Everyone now and then makes good points and lousy points. If you never make bad points, you aren't trying hard enough. (Borrowing a phrase from a colleague nearing retirement about the No Fear logos on the backs of trucks - No Fear? Kids today just don't try hard enough.) When I come across email that doesn't make sense, I ignore it if it's not worth a reply. Delete. That's simple to do. Yes, I do note a higher incidence of worthless points sourced from particular email addresses but it's the point that counts, not the source. I shudder to think that a reputation system is what the IETF relies upon, especially since we don't authenticate those posting messages. Engineering isn't about what pundits think. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Never confuse activity with progress. Activity pays more. ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On 3/25/08 12:56 PM, Edward Lewis [EMAIL PROTECTED] wrote: Where I lose interest in this conversation is when I ask what does it matter who made the point? I suppose that's the ideal. We know some voices carry more weight and some carry less, but I think what's actually under discussion is process abuses, not the resoluation of technical differences. Thinking not-that-far-back to the arrival of the FSF-driven hordes trying to stop publication of the TLS authorization document, I think the IETF pretty much blew them off, which was the right thing to do under the circumstances. If it didn't matter who was making the point I'm not sure that would have happened (and I think if it had been only one or two of them I'm not sure that would have happened, either). These days I'm inclined to think that the IETF would be able to solve a good number of these problems by becoming a membership organization. I realize that's anathema to nearly everybody and is unlikely to happen, but I'm not sure I see problems like this being solved otherwise. Melinda ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Noel Chiappa wrote: From: Michael Thomas [EMAIL PROTECTED] So I've never met you, Noel. And I certainly don't have any reason to believe that this email I'm responding to wasn't forged. (Responding to the point of your message, rather than the actual words... :-) I think there are two parts to the problem: the first is does this electronic identity correspond to a real person, and how can that electronic identity securely post messages. (I assume that was your point, yes?) As to the first, something like a PGPmail web of trust would work. E.g. you've never met me, but you probably have met Dino or TLi, and they have met me, and can confirm (in both directions) that we're real. As to the second, well, basic email isn't terribly secure (alas); however, there are a number of heuristics. First, for any list I'm on, I will certainly notice if a fake jnc starts posting! And you can look at the Received-from: headers to make sure the email came from where it says it came from. And it's easy enough to track me down and call me on the phone (again, people you know can verify that the phone number is real). Etc, etc... The point that I was trying to make is exactly that this is all rather squishy as you I'm sure agree with. Given the squishy nature of this, it seems rather difficult to try to enforce broad authorizations (= anonymity vs. consensus in this particular case). I'm not even sure I understand what anonymity means in that particular context... that I can't google the email address and get enough confirming evidence of non-doghood? I suspect that if we ever tried to codify this sort of stricture, we'd soon wish we hadn't. Mike, could be a dog too ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Theodore Tso [EMAIL PROTECTED] writes: Which once again brings us back to the question of what is the value of letting contributors operate under a cloak of anonymity, and do the benefits outweigh the costs. For political speech where someone wants to distribute the equivalent of leaflets decrying their current's government position on say, torture in violation of the Geneva convention, it's much easier to make the case that allowing anonymous speech is hugely important. In a standards organization, it's much harder to make the argument that anonymity is really a benefit. For example, in the current MS-OOXML controversy, anonymity would make it impossible, or at least much more difficult, to determine whether or not Microsoft really did pack various countries' national bodies with their business partners, and reimbursed membership fees via marketing considerations. So I'm rather glad that all or most ISO national body rules do require declaration and disclosure of legal names and corporate affiliations. I think that is interesting analogy. I'm not at all as convinced you are that ISO's model is better than the IETF's model here. First, if ISO had been acting only on the technical merits in this matter, the proposal would be dead a long time ago. The reason the proposal is still around in ISO seems to be because ISO is membership-driven, and needs to decide based on what the members vote. I think this model leads to quite different participators than a more open and technical focused process. The more I think about it, I like the IETF's pasts model better than ISO current. Fortunately, if the IETF becomes more like ISO, then I am confident that there will be another organization that is similar to the original IETF spirit. When there is damage, route around it... /Simon ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Thomas wrote: | Noel Chiappa wrote: | From: Peter Constable [EMAIL PROTECTED] | | Frankly, it strikes me as somewhat odd that a body acting as a | standards-setting organization with public impact might allow any | technical decision on its specifications to be driven by people | operating under a cloak of anonymity. Expressing an anonymous | [criticism]? No problem. Influencing determination of a consensus with | public impact? That should not be allowed, IMO. | | Excellent point. | | | So I've never met you, Noel. And I certainly don't have any reason to | believe that this email I'm responding to wasn't forged. How do I know | that you're not a dog? You find a third party known to you can vouch for the existence of Noel, and then you get noel to admit that he sent the message. |Mike | ___ | IETF mailing list | IETF@ietf.org | https://www.ietf.org/mailman/listinfo/ietf | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH6Tpr8AA1q7Z/VrIRAvk4AJ4g0LqMWGH0YNrAV87SV101XxExWwCeKiDD rXPg8qEjVBzPtyYK5u6MWTc= =7Lu5 -END PGP SIGNATURE- ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
At 13:18 -0400 3/25/08, Melinda Shore wrote: I suppose that's the ideal. We know some voices carry more weight and some carry less, but I think what's actually under discussion is process abuses, not the resoluation of technical differences. Okay, that's different from what I was assuming the topic was about - there are places where the source matters. But in those instances it shouldn't be the voices that carry more or less weight, but the position (not person) speaking the voice. I do cringe when anyone says not wearing any hats - especially when I don't know what hat they might be wearing at any given time. I know it's a time-honed (not honored) tradition in the IETF but I don't think it's a good thing. Taking off hats, that is. Anonymously expressing your opinion is fine but you have to accept that the opinion could fall on deaf ears. Real actions should be tied back to an accountable identity or else we just have mob rule. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Never confuse activity with progress. Activity pays more. ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Simon Josefsson wrote: Fortunately, if the IETF becomes more like ISO, then I am confident that there will be another organization that is similar to the original IETF spirit. When there is damage, route around it... Strong ACK ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Melinda Shore [EMAIL PROTECTED] writes: Thinking not-that-far-back to the arrival of the FSF-driven hordes trying to stop publication of the TLS authorization document, I think the IETF pretty much blew them off, which was the right thing to do under the circumstances. If it didn't matter who was making the point I'm not sure that would have happened (and I think if it had been only one or two of them I'm not sure that would have happened, either). Some of those posts made relevant points, and came from people who are responsible for parts of the Internet. If indeed the IETF blew them off, which I sincerely hope is not what will happen to that draft (the status tracker hasn't changed status since before then), I think the IETF will lose credibility in the wider community. I'd prefer an IETF that serves the larger community over one that caters only to the few frequent contributors. /Simon ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Simon: Since IETF does not vote, it is certainly not an issue here? This is not totally true. A WG Chair or Area Director cannot judge rough consensus if they are unsure if the portion of the population that is representing a dissenting view is one person or many different people. This is especially true when there are a large number of silent observers. Frankly, it strikes me as somewhat odd that a body acting as a standards-setting organization with public impact might allow any technical decision on its specifications to be driven by people operating under a cloak of anonymity. Expressing an anonymous voice? No problem. Influencing determination of a consensus with public impact? That should not be allowed, IMO. What if the pseudonymous voice raise a valid technical concern, provide useful text for a specification, or even co-author a specification? I think decisions should be based on technically sound arguments. Whether someone wants to reveal their real identity is not necessarily correlated to the same person providing useful contributions. Raising a technical problem anonymously does not seem to be a concern. However, there could be significant IPR problems with anonymous solutions to technical problems. Russ ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
If someone participates under a pseudonym with the objective of inserting patented technology and anyone finds out they are in big trouble. Much worse than any prior case. The much bigger problem is people who read an rfc and write out a patent application over it. It has happened and people have been forced to buy them. Sent from my GoodLink Wireless Handheld (www.good.com) -Original Message- From: Russ Housley [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2008 12:09 PM Pacific Standard Time To: Simon Josefsson Cc: ietf@ietf.org Subject:Re: Possible RFC 3683 PR-action Simon: Since IETF does not vote, it is certainly not an issue here? This is not totally true. A WG Chair or Area Director cannot judge rough consensus if they are unsure if the portion of the population that is representing a dissenting view is one person or many different people. This is especially true when there are a large number of silent observers. Frankly, it strikes me as somewhat odd that a body acting as a standards-setting organization with public impact might allow any technical decision on its specifications to be driven by people operating under a cloak of anonymity. Expressing an anonymous voice? No problem. Influencing determination of a consensus with public impact? That should not be allowed, IMO. What if the pseudonymous voice raise a valid technical concern, provide useful text for a specification, or even co-author a specification? I think decisions should be based on technically sound arguments. Whether someone wants to reveal their real identity is not necessarily correlated to the same person providing useful contributions. Raising a technical problem anonymously does not seem to be a concern. However, there could be significant IPR problems with anonymous solutions to technical problems. Russ ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On Tue, Mar 25, 2008 at 02:23:42PM -0400, Edward Lewis wrote: I do cringe when anyone says not wearing any hats - especially when I don't know what hat they might be wearing at any given time. I know it's a time-honed (not honored) tradition in the IETF but I don't think it's a good thing. Taking off hats, that is. When I've used that phrase, it's almost always meant not wearning any IETF hats. That is, this is my own personal opinion, to be reviewed on its own merits, and not based on any role-based authority I might have as document editor or working group chair to determine consensus. I've most commonly heard it from Area Directors, who want to make it clear that this is their own personal preference, and not something which should be interpreted by the working group as, Make this change or when it comes up before the IESG I'll vote DISCUSS and your standard will never progress! Bwa-hah-hah-hah! :-) Of course, very often an AD is very much an technical expert, and their opinion will carry much more weight than someone random that no one knows. And most AD's would never try to impose their will using the DISCUSS blunt instrument unless there's something very badly wrong. But sometimes folks are too easily over-awed by titles, so it can be useful for people to reinforce that he's disclaiming any role-based authority when making a comment. Regards, - Ted ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Russ Housley wrote: Raising a technical problem anonymously does not seem to be a concern. However, there could be significant IPR problems with anonymous solutions to technical problems. It is my understanding that IETF is already in this type of problems. Solutions contributed by employees of large organizations could be problematic, as soon as unpublished patent applications are considered confidential corporate trade secrets circulated on a need-to-know basis, which is recommended practice by patent practitioners anyway. Sometimes one wonders even about published patent applications, especially when a US patent agent expects broad claims to be tailored to the prior art in the course of examination - hardly anyone from the corporation would be allowed to make well-informed statements about the connection of the patent application to an SDO activity. In practice, I suspect that many corporations abstain from contributing to IETF in specific standardization areas where they have an IPR strategy, and so the scope of IETF activities - and achievements - is shrinking. Russ ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED] ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Russ Housley [EMAIL PROTECTED] writes: Simon: Since IETF does not vote, it is certainly not an issue here? This is not totally true. A WG Chair or Area Director cannot judge rough consensus if they are unsure if the portion of the population that is representing a dissenting view is one person or many different people. This is especially true when there are a large number of silent observers. Frankly, it strikes me as somewhat odd that a body acting as a standards-setting organization with public impact might allow any technical decision on its specifications to be driven by people operating under a cloak of anonymity. Expressing an anonymous voice? No problem. Influencing determination of a consensus with public impact? That should not be allowed, IMO. What if the pseudonymous voice raise a valid technical concern, provide useful text for a specification, or even co-author a specification? I think decisions should be based on technically sound arguments. Whether someone wants to reveal their real identity is not necessarily correlated to the same person providing useful contributions. Raising a technical problem anonymously does not seem to be a concern. However, there could be significant IPR problems with anonymous solutions to technical problems. What kind of problems? /Simon ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Possible RFC 3683 PR-action
Spencer Dawkins wrote: || I've been carefully not posting in this thread for a while, || but can't control myself today. (So I'm not particularly || arguing with Ted's points, his e-mail is just the the latest e-mail || in the thread) || || My apologies in advance. || || As Ted said, in theory, all decisions are supposed to be || confirmed on the mailing list, but I haven't seen anyone || point out the reason why - because we also think it's || important to have very few barriers to participation in the || IETF, so we don't require attendance at any face-to-face || meeting, ever. || || So I'm not sure how we verify identities when anyone we || question can just post from an e-mail account at an ISP in || Tierra del Fuego, and say the next time you're in the tip || of South America, come by and verify my identity. SNIP My understanding is there is a system of peer validation in operation. If a contributor only posts once or twice, they are less likely to be taken seriously than someone who posts regularly and often, especially when first starting to participate. The damage done by sock puppets and stooges is minimised in such systems as they are fairly quickly recognised for what they are. It is more a matter of judging the content of contributions rather than the contributor. Darryl (Dassa) Lynch ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Pseudonym side-effects [Re: Possible RFC 3683 PR-action]
On 2008-03-26 04:44, John Levine (or somebody) wrote: ... So rather than inventing yet more complex rules, I would be inclined to have a much simpler rule that says that if a group's leader sees mail from someone who is obviously You Know Who or You Know Who Else already subject to 3683, just block it and send out a one sentence notice reporting it. Then return to useful work. Regards, Glenn Curtiss Unfortunately this could be seriously unfair if the someone is in fact not You Know Who but someone with very similar opinions and lingusitic quirks. Declaring the mail to be off-topic or an attempt to re-open an existing consensus would be fine. On 2008-03-26 05:33, Spencer Dawkins wrote: What problem is anonymous posting causing, that would not also be caused by (for example) Spencer posting a draft saying By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79 ... if I won't disclose them? IANAL, but I believe that the difference is that if you falsely make such a representation, it should be enough to strike down your patent in court. I'd guess that even if you make it using a pseudonym, and that can be proved, the same is true. But I think we'd need our lawyer to take this point any further. Brian ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Corporate side-effect [Re: Possible RFC 3683 PR-action]
On 2008-03-26 08:43, Thierry Moreau wrote: Russ Housley wrote: Raising a technical problem anonymously does not seem to be a concern. However, there could be significant IPR problems with anonymous solutions to technical problems. It is my understanding that IETF is already in this type of problems. What you describe is a different problem... Solutions contributed by employees of large organizations could be problematic, as soon as unpublished patent applications are considered confidential corporate trade secrets circulated on a need-to-know basis, which is recommended practice by patent practitioners anyway. Correct. That's one reason we have the reasonably and personally known clause. If an IETF contributor is on the need-to-know list, s/he certainly has to force the issue with the corporate IPR folk. It can be painful and slow. Sometimes one wonders even about published patent applications, especially when a US patent agent expects broad claims to be tailored to the prior art in the course of examination - hardly anyone from the corporation would be allowed to make well-informed statements about the connection of the patent application to an SDO activity. But that doesn't remove the obligation to disclose. You'll notice that most disclosures are very general in actual content, since nobody wants to give away the details of a patent in advance. In practice, I suspect that many corporations abstain from contributing to IETF in specific standardization areas where they have an IPR strategy, and so the scope of IETF activities - and achievements - is shrinking. That's unknowable, but is certainly a very old story - well understood when the IPR BCPs were first developed. I don't think there's any news here. Brian ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Simon: Raising a technical problem anonymously does not seem to be a concern. However, there could be significant IPR problems with anonymous solutions to technical problems. What kind of problems? If there is IPR associated with a potential solution, then a malicious person could use an anonymous posting to avoid the NOTE WELL. This would allow the IPR holder could reasonably claim that they were unaware that the IETF was considering the use of their encumbered technology. Thus, they would not make an IPR statement. If we learned that the anonymous posting actually came from person was affiliated with the IPR holder, then there is legal recourse. My point is that by avoiding anonymous posting, the likelihood of such abuse is significantly reduced. Russ ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Russ Housley [EMAIL PROTECTED] writes: Simon: Raising a technical problem anonymously does not seem to be a concern. However, there could be significant IPR problems with anonymous solutions to technical problems. What kind of problems? If there is IPR associated with a potential solution, then a malicious person could use an anonymous posting to avoid the NOTE WELL. This would allow the IPR holder could reasonably claim that they were unaware that the IETF was considering the use of their encumbered technology. Thus, they would not make an IPR statement. Are there examples where something like that may have been attempted? Jorge has explained why the NOTE WELL is binding for all IETF contributors in: https://rt.psg.com/Ticket/Display.html?id=1239 That discussion appears to apply equally well to an anonymous contributor. If we learned that the anonymous posting actually came from person was affiliated with the IPR holder, then there is legal recourse. My point is that by avoiding anonymous posting, the likelihood of such abuse is significantly reduced. I think the point would be valid if there were significant abuse today. /Simon ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
[...] If we learned that the anonymous posting actually came from person was affiliated with the IPR holder, then there is legal recourse. My point is that by avoiding anonymous posting, the likelihood of such abuse is significantly reduced. I think the point would be valid if there were significant abuse today. I don't know what would qualify as significant here, but there has been at least one rather high profile antitrust case in the recent history (semiconductor industry), in which a situation similar to the one we are discussing has played a role. Stephan /Simon ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
[EMAIL PROTECTED] writes: [...] If we learned that the anonymous posting actually came from person was affiliated with the IPR holder, then there is legal recourse. My point is that by avoiding anonymous posting, the likelihood of such abuse is significantly reduced. I think the point would be valid if there were significant abuse today. I don't know what would qualify as significant here, but there has been at least one rather high profile antitrust case in the recent history (semiconductor industry), in which a situation similar to the one we are discussing has played a role. If the account at http://en.wikipedia.org/wiki/Rambus#Lawsuits is to be trusted, I can't find many similarities with the situation we are discussing here. Could you clarify how anonymous contributions played a role in your example? /Simon ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action.
Gentlemen, Since I agreed to replace JFC Morfin to the IETF I sent less than ten mails. Most had two abnormal reasons. (a)To explain that I am not JFC Morfin. (b) Because our commercial opponents of our non-commercial approach did not asked, politely or not, before to accuse me of it; and to mock my name as did my primary school classmates very long ago. For their information, we are 5 Louis Blériot to have the phone in France, more than Randy Presuhns (I just got into red list because of him). The one you fear suggested I accept the suggestion of a member of the IESG: I said that I would ask my friends purely technical contributions, as much as possible in the form of Drafts. In order not to waste the time at the IESG. So it seems to me that the current debate, which I do not have much time to spend and who is in a language that I do not master, has two other goals. - Discredit these Drafts in case they would allow the internet to work better. - Protect all the commercial interests by wanting paying members. As if IETF was afraid that the non-profit lead users may join. I see what is happening: one wants to prevent small businesses to speak to the IETF. A single JFC Morfin to protect many's culture, language, occupation, family was already too much for our competitors (who came together to sign the PR-action against him). Now one does certainly not all those he represented! Is that correct IETF? -- LB ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
From: Hallam-Baker, Phillip [EMAIL PROTECTED] If someone participates under a pseudonym with the objective of inserting patented technology and anyone finds out they are in big trouble. Much worse than any prior case. We should write in our rules that anyone who contributes technology to any IETF activity which they know to be either a) patented, b) the subject of a filing, or c) the subject of a planned future filing, *without disclosing said patent status* to the WG/I*, either: - i) thereby grants an irrevocable, in perpetuity, no-fee license to use said patent(s) to everyone in connection with any implementation of any IETF specification resulting from said activity (if they are in any kind of position to do so, e.g. are an employee of the patent holder), or: - ii) agrees to indemnify anyone in the universe for any costs they may incur through use of said patent(s) in connection with any implementation of any IETF specification resulting from said activity (if they aren't). That oughta go a long way to fixing *that* problem. (And if our IP rules, which I haven't looked at recently, already said that, my apologies, and don't kick me too hard! :-) Noel ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Noel Chiappa wrote: if our IP rules, which I haven't looked at recently, already said that, my apologies, and don't kick me too hard! :-) *KICK* ;-) Posted yesterday: | The IESG has received a request from the Intellectual Property | Rights WG (ipr) to consider the following document: | - 'Rights Contributors provide to the IETF Trust ' | draft-ietf-ipr-3978-incoming-08.txt as a BCP | The IESG plans to make a decision in the next few weeks, and | solicits final comments on this action. Please send substantive | comments to the ietf@ietf.org mailing lists by 2008-04-07. ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
Simon Josefsson simon at josefsson dot org wrote: Thinking not-that-far-back to the arrival of the FSF-driven hordes trying to stop publication of the TLS authorization document, I think the IETF pretty much blew them off, which was the right thing to do under the circumstances. Some of those posts made relevant points, and came from people who are responsible for parts of the Internet. If indeed the IETF blew them off, which I sincerely hope is not what will happen to that draft (the status tracker hasn't changed status since before then), I think the IETF will lose credibility in the wider community. The main effect of that letter-writing campaign was that 98% of the points, relevant and not, were restated over and over again. I was lurking at that time (as now) and my recollection was that the IETF listened to the relevant points the first couple of times, and blew off the restatements. -- Doug Ewell * Fullerton, California, USA * RFC 4645 * UTN #14 http://www.ewellic.org http://www1.ietf.org/html.charters/ltru-charter.html http://www.alvestrand.no/mailman/listinfo/ietf-languages ˆ ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On Sun, Mar 23, 2008 at 08:45:19AM -0700, Christian Huitema [EMAIL PROTECTED] wrote a message of 12 lines which said: Does the IETF have a policy regarding misrepresented identities? I don't know but, in this case, the problem is not that he used a pseudonym (after all, noone here knows if my name is really Stéphane Bortzmeyer), the problem is that he used *two* identities, the second one being setup only to workaround a PR-action. If a WG chair asks for five reviewers for an I-D, what will you think if they are all the same person under different identities? There is no written rule today, because, before He Who Must Not Be Named, noone was twisted enough to act that way. In the particular incident, it is assumed that the person using the name of a famous French aviation pioneer is in fact someone else. On the one hand, using pseudonyms is a form of free speech. Nothing to do with the use of pseudonyms. That's a red herring. ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Possible RFC 3683 PR-action
On Sun, Mar 23, 2008 at 08:45:19AM -0700, Christian Huitema wrote a message which included: using pseudonyms is a form of free speech I am not familiar with the specifics of this case but in the internet world pseudonyms is very common. I agree that in a standard setting body hiding identities isn't a good practice and I would recommend to that the WG chair or the IESG Area Director will have the authority to ask for the identity of a member. We don't have to invoke that but it could be an addition to RFC 3683. Tamir Melamed Date: Mon, 24 Mar 2008 10:47:39 +0100 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Possible RFC 3683 PR-action CC: ietf@ietf.org On Sun, Mar 23, 2008 at 08:45:19AM -0700, Christian Huitema [EMAIL PROTECTED] wrote a message of 12 lines which said: Does the IETF have a policy regarding misrepresented identities? I don't know but, in this case, the problem is not that he used a pseudonym (after all, noone here knows if my name is really Stéphane Bortzmeyer), the problem is that he used *two* identities, the second one being setup only to workaround a PR-action. If a WG chair asks for five reviewers for an I-D, what will you think if they are all the same person under different identities? There is no written rule today, because, before He Who Must Not Be Named, noone was twisted enough to act that way. In the particular incident, it is assumed that the person using the name of a famous French aviation pioneer is in fact someone else. On the one hand, using pseudonyms is a form of free speech. Nothing to do with the use of pseudonyms. That's a red herring. ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Possible RFC 3683 PR-action
On Sat, Mar 22, 2008 at 10:22:01AM +0100, LB [EMAIL PROTECTED] wrote a message of 96 lines which said: what I take for a censure for offence of opinion or nationality. I think like somebody else, I use the technical vocabulary appropriate for my thought. I think in the same mother tongue as another Frenchman. For the record, since I was one of the three LTRU participants consulted, and since I'm french, I insist that it has nothing to do with nationality. People from all over the world, not only USAns, think the same about the LB and JFC entities and their dummy organizations. It is not a matter of opinion either. To disagree with opinions require that opinions are expressed. The long and convoluted messages of LBJFC are not even wrong since they are not parsable by an ordinary engineer. (I can testify it is the same thing when they are written in french.) I would also like to know how locate in your archives the cases where the identity of somebody has been challenged within the IETF in such manner and what procedures have been initiated. Randy Presuhn clearly said in his first message that there was no precedent (and I add that no reasonable person could have believed that someone was twisted enough to use a sock-puppet.) ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
