We've seen (1) new participants from, e.g., NSA showing up to WGLC and
receiving NSA money to do so; then (2) new volunteers showing up on the
public-interest side after I posted a public notice advocating this,
explicitly in response to #1; and then (3) attacks leveled against #2 as
supposedly corrupting the IETF process despite following IETF rules.

This raises a number of questions about why the source of #3 waited
until after #2, selectively aimed the attacks against #2, and suppressed
mention of #1. I asked various questions; I still don't see answers.

Kevin Milner writes:
> I assume you mean my email, given that (from a quick skim, admittedly)
> I’m the only other new TLS participant in support.

One counterexample suffices: I mentioned "the messages from NSA's
Nicholas Gajcowski supporting the two solo PQ documents" and noted that
those are "the only two messages that he ever sent to the TLS mailing
list". (Note that having to repeat this is inefficient; please get in
the habit of reading messages before replying.)

> And I agree with Filippo: frankly, my opinion should probably be less
> weighted on this matter!

Obviously you can withdraw your own support statement at any time, but
advocating disenfranchisement of other people is advocating violations
of a variety of IETF promises and policies: "Anyone can participate by
signing up to a working group mailing list"; "51% of the working group
does not qualify as 'rough consensus' "; WG-issued RFCs have "consensus
of the IETF community"; "IETF activities are conducted with extreme
transparency, in public forums. Decision-making requires achieving broad
consensus via these public processes."

Also, disenfranchising the public in favor of organizations that can
afford to pay for continual participation in IETF violates IETF's
statement that its "lack of membership ensures its position as the
primary _neutral_ standards body because participants cannot exert
influence as they could in a pay-to-play organization where members,
companies, or governments pay fees to set the direction".

Is anyone claiming that a government agency _should_ be able to buy IETF
standardization of a controversial spec? If not, why do we see continual
violations of the RFC 2418 requirement for disagreements to be "resolved
by a process of open review and discussion"? Enforcing this requirement
would turn both #1 and #2 above into no-ops and would make the handling
of solo PQ vastly more efficient.

---D. J. Bernstein


===== NOTICES =====

IETF BCP 78, "Rights Contributors Provide to the IETF Trust", Section 5
(normative), "Rights in Contributions", provides a modification right
"unless explicitly disallowed in the notices contained in a Contribution
(in the form specified by the Legend Instructions)".

The official language from IETF's "Legend Instructions" for the
situation that "the Contributor does not wish to allow modifications nor
to allow publication as an RFC" is as follows: "This document may not be
modified, and derivative works of it may not be created, and it may not
be published except as an Internet-Draft."
<https://trustee.ietf.org/wp-content/uploads/Corrected-TLP-5.0-legal-provsions.pdf>

The same language is used in, e.g., RFC 5831. The same language hereby
applies to this document. This is not disclaiming or limiting the
applicability of IETF policies; it is strictly following IETF policies.

IESG claims that the "explicitly disallowed" provision in BCP 78 is
limited to the examples in Section 3 in BCP 78. That is incorrect. BCP
78 states that Section 5, "Rights in Contributions", is normative, while
Section 3, "Exposition of Why These Procedures Are the Way They Are", is
informative. The opt-out provision in the normative text is clear, and
cannot be limited by an informative section. BCP 78 does not give IESG
any authority to issue changes or purported clarifications of the rules.

Rationale for exercising the BCP 78 opt-out provision: I'm fine with
redistribution of copies of this document. The issue is instead with
modification, such as (1) IESG's May 2025 posting of an IESG-mangled
version of an appeal that I had filed and (2) IETF management selling
IETF mailing-list text to AI companies. This goes far beyond what
copyright law allows as fair use (such as giving quotes for purposes of
commentary). When I complained about the mangled document, the IETF
Executive Director responded not by apologizing but instead by asserting
that IETF management had the power to do whatever it wanted.

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to