Re: DNSEXT WGLC Summary: AXFR clarify
-Original Message- From: Lloyd Wood [EMAIL PROTECTED] Date: 23 December 2002 19:25 Subject: Re: DNSEXT WGLC Summary: AXFR clarify On Sun, 22 Dec 2002, Stephane Bortzmeyer wrote: On Thursday 19 December 2002, at 10 h 3, Rick Wesson [EMAIL PROTECTED] wrote: I like that we have individuals at the ietf meetings rather than company representatives, IETF participation allegedly does not require meeting attendance, although keeping up without attending is increasingly hard. snip Now there's a contentious statement. I see quite the opposite that while meetings used to be where it happened, now, with near universal and continuous e-mail (and http, ftp etc), most work gets done when not at a meeting. Or by going to a meeting, opening up the (company?) laptop and spending most of the time busy typing away, regardless of what session you are sitting in. Don't get me wrong; face-to-face meetings are potentially the fastest way to move our work forward but this model seems to have been abandoned in favour of communing with a laptop (That much of many of the sessions at meetings consists of a recital of the status of IDs with little or no interaction between participants could be a factor in this). So why leave the company office? You are probably most productive sitting there in comfort. Tom Petch [EMAIL PROTECTED]
Re: DNSEXT WGLC Summary: AXFR clarify
Thus spake [EMAIL PROTECTED]: On the other hand, if Olafur is in fact making a living doing BIND9 development and coding for ISC or one of their clients, that might be called a conflict of interest when the issue at hand is that a specific document is too BIND9 specific. Personally, I'm OK with Olafur making money doing BIND. I'm even OK on him possibly making more if the draft becomes an RFC in its current state. I admit I've looked through RFC2026 and found nothing about disclosure of conflict of interest(*). That Olafur has been paid for BIND work is obviously public knowledge, so no disclosure is necessary. Most, if not all, IETF and IESG members have some conflict of interest due to past, present, or future employers. Thus, the question at hand is if this disqualifies the IESG from making decisions they've been tasked with making. Pragmatically, how are we to find competent people who _aren't_ tainted in some way? IETF tradition (policy?) is that members are individuals and not representatives of their employers; IMHO that implies that we are to trust the professionalism of our members -- and especially the IESG -- to act in the interests of the Internet community. S
Re: DNSEXT WGLC Summary: AXFR clarify
On Mon, 23 Dec 2002 03:57:59 GMT, Paul Vixie [EMAIL PROTECTED] said: What if (as in this case) it was in the past, and Olafur had no current or prospective income riding on BIND9, but he did once work for a company who did some subcontract work related to BIND9? Would he still be tainted? That's OK by me... Would someone who had derived, or might some day derive, income from such an open source work be tainted as much as someone whose equity or patent holdings stood to gain from their work or from a certain standards decision? (I'm thinking of the IBM printing thing a few years ago.) I wasn't paying attention there - were the people involved in the IBM printing thing open about the fact they stood to gain/lose money? I remember that during the IPng design, several router manufacturers were quite detailed about their costs of producing routers that used fixed or variable length addresses, and it's the rare working group where somebody doesn't say at least once This added feature is a crock because it'll cost my RD people a bundle... And I consider that good and valid input to the discussion - if it's expensive, we mau need to reconsider the design... It's just submarine patents and submarine contracts/etc that irk me. ;) /Valdis msg09845/pgp0.pgp Description: PGP signature
Re: DNSEXT WGLC Summary: AXFR clarify
On Thursday 19 December 2002, at 10 h 3, Rick Wesson [EMAIL PROTECTED] wrote: I like that we have individuals at the ietf meetings rather than company representatives, Yes, it is written in RFC 3160 and in many papers about the IETF process. But we all know it is pure theory. Not many individuals can pay for the trip to Yokohama or Atlanta (and the time it takes to actually read and understand the issues). It is a company which decides who goes and what for. It is a company which organizes its IETF activity. It reminds me of the discussion in high-level sports where people still pretend that some athletes are amateurs. There are no longer amateurs in the IETF.
Re: DNSEXT WGLC Summary: AXFR clarify
This thread is finally getting interesting. On the other hand, if Olafur is in fact making a living doing BIND9 development and coding for ISC or one of their clients, that might be called a conflict of interest when the issue at hand is that a specific document is too BIND9 specific. What if (as in this case) it was in the past, and Olafur had no current or prospective income riding on BIND9, but he did once work for a company who did some subcontract work related to BIND9? Would he still be tainted? What if (as in this case) BIND9 is always released with a BSD-style license, allowing unlimited derivative works without fee and no source code requirement so long as the copyright holder (ISC) is held harmless and given credit? Would someone who had derived, or might some day derive, income from such an open source work be tainted as much as someone whose equity or patent holdings stood to gain from their work or from a certain standards decision? (I'm thinking of the IBM printing thing a few years ago.) -- Paul Vixie
Re: DNSEXT WGLC Summary: AXFR clarify
On Wed, Dec 18, 2002 at 02:14:16PM -0800, Bill Strahm [EMAIL PROTECTED] wrote a message of 64 lines which said: Saying that WG chairs can not work for companies that need the efforts of the WG seems like setting up a big failure, Valdis did not suggest that we *forbid* people to work for companies involved in the work of the WG they chair. Just that we ask them to *disclose* such potential conflicts of interest. (BTW, in the present case, I do not think it has anything to do with a real conflict of interest and everything to do with Bernstein's madness.) To me, it is a very reasonable idea: it goes toward more transparency, which is a good thing. The Internet is a big business now. We can no longer assume that all IETF members are benevolent and disinterested academics working only for the common good. Disclaimer :-) I work for the French registry. We are members of the BIND forum and therefore linked with ISC.
Re: DNSEXT WGLC Summary: AXFR clarify
On Thursday, Dec 19, 2002, at 06:12 America/Montreal, 'Stephane Bortzmeyer' wrote: Valdis did not suggest that we *forbid* people to work for companies involved in the work of the WG they chair. Just that we ask them to *disclose* such potential conflicts of interest. (BTW, in the present case, I do not think it has anything to do with a real conflict of interest and everything to do with Bernstein's madness.) To me, it is a very reasonable idea: it goes toward more transparency, which is a good thing. The Internet is a big business now. We can no longer assume that all IETF members are benevolent and disinterested academics working only for the common good. Disclaimer :-) I work for the French registry. We are members of the BIND forum and therefore linked with ISC. I agree with the notion that all folks in positions of perceived power (e.g. IAB, IESG, WG Chairs, IRTF Chair) should be required to disclose publicly all of their relationships (e.g. employment, presence on other Internet-related positions such as board of a registry, technical advisory board memberships, and so forth) that might possibly be conflicts of interest. The goal should be to err on the side of too much disclosure, rather than too little. Marshall Rose did a good job of this when on IESG, though unfortunately his precedent has not often been followed. Lack of such disclosure is currently a problem with the current IETF/IESG/IAB structure. I'm not generally a fan of more process or more rules, but I think this one should be required not optional. Ran [EMAIL PROTECTED] PS: None of this is related to any claims by djb. PPS: Practicing what I preach, I'll note that I work for Extreme Networks and am on the TABs of NetVMG and STV.
Re: DNSEXT WGLC Summary: AXFR clarify
I agree with the notion that all folks in positions of perceived power (e.g. IAB, IESG, WG Chairs, IRTF Chair) should be required to disclose publicly all of their relationships (e.g. employment, presence on other Internet-related positions such as board of a registry, technical advisory board memberships, and so forth) that might possibly be conflicts of interest. The goal should be to err on the side of too much disclosure, rather than too little. I like that we have individuals at the ietf meetings rather than company representatives, in the long run it creates less politics. I don't think anyone who attempts to move drafts for financial gain will ever gain much; these documents we develop here (less the informational track) stand on their own. -rick
Re: DNSEXT WGLC Summary: AXFR clarify
Hi - Date: Thu, 19 Dec 2002 10:03:34 -0800 (PST) From: Rick Wesson [EMAIL PROTECTED] To: RJ Atkinson [EMAIL PROTECTED] Cc: 'Stephane Bortzmeyer' [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: DNSEXT WGLC Summary: AXFR clarify In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] ... I like that we have individuals at the ietf meetings rather than company representatives, in the long run it creates less politics. ... At best, this is a useful fiction. My limited experience has been that the politics in the IETF are much thicker and less transparent than in ANSI-accredited technical committees or in the ISO/ITU collaborative work I've seen. On the other hand, some industry consortia seem far more opaque. YMMV, but I've found that even when folks truly believe they are speaking as individuals, their thinking may nonetheless be influenced by their company's business model and technology focus. Our knowledge of requirements is strongly influenced by the customers we talk to. I think this is particularly true in small technology companies, where it is all but impossible to separate the company view from the perspective of its key technical people. Potential conflicts of interest worry me most in the process of deciding whether a WG will work on something, since this is what most directly affects business models and licensing strategies of organizations that may have an interest in something *not* being standardized, or in letting the market drive a particular implementation into the position of de facto standard. Once the decision has been made to permit a WG to work on a particular problem, I think our normal technical review processes should be trusted to ensure that the solution chosen is fairly reasonable. One of the ironies of disclosure is that sometimes others will read ulterior motives into the actions of someone who is going out of their way to avoid blocking or interfering with work that, for whatever reason, they do not chose to actively support. -- Randy Presuhn BMC Software, Inc. SJC-1.3141 [EMAIL PROTECTED] 2141 North First Street Tel: +1 408 546-1006 San José, California 95131 USA -- My opinions and BMC's are independent variables. --
Re: DNSEXT WGLC Summary: AXFR clarify
On Thu, 19 Dec 2002, RJ Atkinson wrote: ... I agree with the notion that all folks in positions of perceived power (e.g. IAB, IESG, WG Chairs, IRTF Chair) should be required to disclose publicly all of their relationships (e.g. employment, presence on other Internet-related positions such as board of a registry, technical advisory board memberships, and so forth) that might possibly be conflicts of interest. The goal should be to err on the side of too much disclosure, rather than too little. I am opposed to such a radical change. The goal should be that, when necessary, actual problems demonstrated by actions are addressed, not to indulge in the usual ever spiraling increase in paperwork load and bureaucratic nonsense. No normal human being can ever make a disclosure complete enough to withstand a denial-of-service attack though the endless nit-picking of trivial errors and omissions nor would any normal human being ever want to wade through any of the diarrheal too much disclosure documents you advocate. They would, presumably, have to include details of all amorous relationships and sexual acts performed with anyone who has any opinion on matters before the IETF, since such acts can produce conflicts of interest between sound technical judgment and a desire to please such partners. And shouldn't they also be required to disclose all relationships that might be a conflict of interest for all of their relatives by blood or marriage? After all, they might be indirectly influence by such connections. This is the same nonsense as demands that transcripts of all communications on items before the IETF be made public, including hallway conversations, telephone calls, etc., etc., etc. Lack of such disclosure is currently a problem with the current IETF/IESG/IAB structure. I'm not generally a fan of more process or more rules, but I think this one should be required not optional. Members of the IESG and IAB are selected by the IETF community and specifically undertake to act in the best interests of the IETF community. If they were proven not to be acting so, based on specific actions, not vague handwaving about conflicts, they can be removed. That's enough for me. Someone who was a fan of more process, paperwork, and rules would certainly advocate total disclosure, which is only an inviation to add endless debate about the completeness, details, and timeliness of the disclosure while failing to eliminate any of the complaints about conflicts. People with good technical arguments make technical arguments. Some people who have lost technically wave their hands about conflicts of interest. Some people who have lost techncially and can't even find a conflict would love to slow everything down and create a burden of paperwork so they can then complain about nits in the paperwork, and there will always be nits in the paperwork. Lets not give them that pleasure. Ran [EMAIL PROTECTED] Donald PS: For real examples of the problems I suggest with this idea, see the past proceedings of the FCC where radio broadcast licneses are being decided between applicants. Its routine for applicants to hire detectives to dig up any dirt they can on the other applicant's people and then to argue that their application should be rejected because they didn't reveal the dirt voluntarily in public filings with the FCC even when, as is almost always the case, there is no regulation prohibiting applicants with that particular dirt. Vague complete disclosure rules are routinely used as weapons in this manner. Do we really want to eliminate the privacy of all persons in responsible IETF positions? == Donald E. Eastlake 3rd [EMAIL PROTECTED] 155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w) Milford, MA 01757 USA [EMAIL PROTECTED]
Re: DNSEXT WGLC Summary: AXFR clarify
YMMV, but I've found that even when folks truly believe they are speaking as individuals, their thinking may nonetheless be influenced by their company's business model and technology focus. Our knowledge of requirements is strongly influenced by the customers we talk to. I don't think we're expected to be omniscient. I think we're expected to try to understand the diversity of interests that might be affected by a protocol and to try to work for the greater good. Keith
Re: DNSEXT WGLC Summary: AXFR clarify
On Tue, 17 Dec 2002 10:53:28 +0100, Stephane Bortzmeyer said: On Tue, Dec 17, 2002 at 08:58:22AM -, D. J. Bernstein [EMAIL PROTECTED] wrote a message of 26 lines which said: DNSEXT chair Olafur Gudmundsson, who has been paid for BIND work, writes: For me, this is too much. Now, on the *one* hand, I'd be surprised indeed if the chair of DNSEXT had NOT been paid by somebody to do BIND consulting somewhere along the line. On the other hand, if Olafur is in fact making a living doing BIND9 development and coding for ISC or one of their clients, that might be called a conflict of interest when the issue at hand is that a specific document is too BIND9 specific. Personally, I'm OK with Olafur making money doing BIND. I'm even OK on him possibly making more if the draft becomes an RFC in its current state. I admit I've looked through RFC2026 and found nothing about disclosure of conflict of interest(*). I hate making more work for the AD and IESG, but I think at least a We've talked to Olafur and do/dont think there's a problem is called for. (*) I'll let wiser people than I decide if there should be such a section in a son-of-2026 -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech msg09798/pgp0.pgp Description: PGP signature
Re: DNSEXT WGLC Summary: AXFR clarify
On Tue, Dec 17, 2002 at 08:58:22AM -, D. J. Bernstein [EMAIL PROTECTED] wrote a message of 26 lines which said: DNSEXT chair Olafur Gudmundsson, who has been paid for BIND work, writes: For me, this is too much. For those who use procmail: :0 * ^From:.*D. J. Bernstein /dev/null
RE: DNSEXT WGLC Summary: AXFR clarify
Please god NO... I hope EVERYONE deeply involved in a WG documentation process has deep DEEP conflict of interest problems. I mean if we are not working on the things we are documenting, how will we know if they work or not. Saying that WG chairs can not work for companies that need the efforts of the WG seems like setting up a big failure, there are checks and balances, you don't like what the chairs of a WG are doing, talk to the ADs, don't like what the ADs say go to the IAB... This is a documented process. I do not know about the DNS WG, but most working groups that I am aware of also have two co-chairs, usually from different companies/areas - and I know that my co-chair and I have to be in agreement on char descisions, reducing the effect of one of us having a massive conflict of interest. Please do not require conflict of interest rules to enter the IETF, this isn't the government, we NEED this to work Bill Strahm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 18, 2002 1:34 PM To: Stephane Bortzmeyer Cc: D. J. Bernstein; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: DNSEXT WGLC Summary: AXFR clarify On Tue, 17 Dec 2002 10:53:28 +0100, Stephane Bortzmeyer said: On Tue, Dec 17, 2002 at 08:58:22AM -, D. J. Bernstein [EMAIL PROTECTED] wrote a message of 26 lines which said: DNSEXT chair Olafur Gudmundsson, who has been paid for BIND work, writes: For me, this is too much. Now, on the *one* hand, I'd be surprised indeed if the chair of DNSEXT had NOT been paid by somebody to do BIND consulting somewhere along the line. On the other hand, if Olafur is in fact making a living doing BIND9 development and coding for ISC or one of their clients, that might be called a conflict of interest when the issue at hand is that a specific document is too BIND9 specific. Personally, I'm OK with Olafur making money doing BIND. I'm even OK on him possibly making more if the draft becomes an RFC in its current state. I admit I've looked through RFC2026 and found nothing about disclosure of conflict of interest(*). I hate making more work for the AD and IESG, but I think at least a We've talked to Olafur and do/dont think there's a problem is called for. (*) I'll let wiser people than I decide if there should be such a section in a son-of-2026 -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Re: DNSEXT WGLC Summary: AXFR clarify
On Wed, 18 Dec 2002 14:14:16 PST, Bill Strahm said: I hope EVERYONE deeply involved in a WG documentation process has deep DEEP conflict of interest problems. I mean if we are not working on the things we are documenting, how will we know if they work or not. Quite true. And I believe I said I'd be surprised if the WG chair didn't make money at it Saying that WG chairs can not work for companies that need the efforts of the WG seems like setting up a big failure, there are checks and balances, you don't like what the chairs of a WG are doing, talk to the ADs, don't I think that's what I did - if the AD or IESG says We talked to Olafur and there's nothing major I'll be happy. I'd even be OK with it if he had the prospect of a $400K consulting contract if the draft goes a certain way - we've certainly seen companies like Cisco have literally millions riding on a given RFC, but it's rare that such information isn't known. I know when MIME and ESMTP were being designed, everybody in the working group knew who had MUAs and MTAs in the pipe, and they were usually quite clear on exactly how much a given WG decision was going to cost in redesign/recoding. I don't even see the need for a formal public disclosure process - but djb *did* raise the point on the main IETF list, where probably most of the readers *dont* know Olafur's situation, so at least *some* response is probably called for. Regarding RFC2026, it looks like section 6.5 and friends *do* address the problem adequately *IF* you read the text in 6.5.1: ... (b) the Working Group has made an incorrect technical choice which places the quality and/or integrity of the Working Group's product(s) in significant jeopardy. ... as including allegations of conflict-of-interest. If that's the understood reading of it by the IESG, then I'm OK with 2026 as it stands... /Valdis msg09803/pgp0.pgp Description: PGP signature
Re: DNSEXT WGLC Summary: AXFR clarify
I hope EVERYONE deeply involved in a WG documentation process has deep DEEP conflict of interest problems. seems a bit of a stretch. it's one thing to have an interest in producing a technically sound outcome; quite another to have an interest in producing a particular outcome even when it has technical problems. Keith
Re: DNSEXT WGLC Summary: AXFR clarify
DNSEXT chair Olafur Gudmundsson, who has been paid for BIND work, writes: only you objecting to the document There have been public objections from Aaron Swartz, Felix von Leitner, Len Budney, Kenji Rikitake, Dean Anderson, Sam Trenholme (MaraDNS implementor), and of course me (djbdns implementor)---plus an unknown number of people whose messages to namedroppers have been silently discarded by Randy Bush. Meanwhile, axfr-clarify is being pushed primarily by people with financial interests in BIND. The Yokohama minutes say ``too bind specific'' with no hint of any dispute about that, and the Atlanta minutes don't indicate any further discussion. What's most damning, of course, is the simple fact that the objections are being ignored. http://cr.yp.to/djbdns/axfr-clarify.html explains in detail what's wrong with the BIND company's arguments; the BIND company responds by repeating the arguments and ignoring the objections. ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science, University of Illinois at Chicago
Re: DNSEXT WGLC Summary: AXFR clarify
At 12:45 2002-11-17, D. J. Bernstein wrote: Gudmundsson writes: DNSEXT has completed it's review of this document and requests that it be advanced to Proposed standard. Excuse me? When did that happen? The document is highly controversial. The conclusion of the July meeting was ``Not ready to go: axfr-clarify, too bind specific.'' There were no subsequent public discussions. Highly controversial is relative term, few individuals do not make a document controversial. As for the no public discussion that is answered in following email to namedroppers: http://ops.ietf.org/lists/namedroppers/namedroppers.2002/msg02116.html Where Randy explains that he had technical doubts if it was unnecessarily overly-definitive document, after off-line technical discussions with me and others he removed his hold. The minutes from Yokohama could be better on what else he said. We both knew your position when we forwarded the document to the area director. In fact, it's even worse than that: this so-called ``clarification'' is specific to _BIND 9_. It imposes requirements incompatible with BIND 8, djbdns, and probably a bunch more widely deployed servers. http://cr.yp.to/djbdns/axfr-clarify.html gives detailed explanations of my ten objections to this document. To summarize: * ``Timeline'': This document obviously does not have consensus. This is the fourth time that Gudmundsson has tried to ram this document through the process by misrepresenting the WG discussions. With only you objecting to the document and number of members of the working supporting it, how can we as WG chairs draw other conclusion that there is a rough consensus? Anyway the document is being forwarded to the IESG for review and they will issue a IETF last call where you and others that object to the document can restate your case. The following message refutes all your points better than I can http://ops.ietf.org/lists/namedroppers/namedroppers.2002/msg01885.html Your understanding of 1034 disagrees with some other implementors. Your understanding of 1034 does make it impossible to implement IXFR. My message to namedroppers was to the point WG agrees this document is a good thing, and that there are some dissenters from the consensus of the WG. Dan, no-one has veto power in the work of the IETF your childish behavior and outbursts do not harm anyone but yourself and the valid technical points you attempt to make. Olafur
Re: DNSEXT WGLC Summary: AXFR clarify
Gudmundsson writes: DNSEXT has completed it's review of this document and requests that it be advanced to Proposed standard. Excuse me? When did that happen? The document is highly controversial. The conclusion of the July meeting was ``Not ready to go: axfr-clarify, too bind specific.'' There were no subsequent public discussions. In fact, it's even worse than that: this so-called ``clarification'' is specific to _BIND 9_. It imposes requirements incompatible with BIND 8, djbdns, and probably a bunch more widely deployed servers. http://cr.yp.to/djbdns/axfr-clarify.html gives detailed explanations of my ten objections to this document. To summarize: * ``Timeline'': This document obviously does not have consensus. This is the fourth time that Gudmundsson has tried to ram this document through the process by misrepresenting the WG discussions. * ``AXFR client security issues'': The document ignores an essential security requirement for AXFR clients. This is important background for the next two objections. * ``Parent-child discrepancies'': The document allows violation of one of the fundamental RFC 1034 database-consistency requirements. It forces perfectly legitimate, widely deployed, implementations to change their database structures to handle those violations in the same way that BIND 9 does. * ``What is allowed in a zone?'': In response to an interoperability problem added to the BIND 9 AXFR client, the document attempts to outlaw perfectly legitimate, widely deployed, AXFR server behavior. * ``Records outside the answer section'': The document outlaws some perfectly legitimate, widely deployed, AXFR parsing techniques. * ``Unauthorized clients'': The document outlaws the perfectly legitimate, widely deployed, behavior of dropping AXFR connections from attackers. * ``Clients checking RCODE'': The document outlaws some perfectly legitimate, widely deployed, AXFR parsing techniques. * ``Clients checking IDs'': The document discourages some perfectly legitimate, widely deployed, AXFR parsing techniques. * ``Servers repeating questions'': The document discourages some perfectly legitimate, widely deployed, AXFR response formats. * ``Servers repeating records'': The document discourages some perfectly legitimate, widely deployed, AXFR response formats. My web page also mentions, for completeness, two problems that were fixed in axfr-clarify-02. ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science, University of Illinois at Chicago
