We've seen (1) new participants from, e.g., NSA showing up to WGLC and receiving NSA money to do so; then (2) new volunteers showing up on the public-interest side after I posted a public notice advocating this, explicitly in response to #1; and then (3) attacks leveled against #2 as supposedly corrupting the IETF process despite following IETF rules.
This raises a number of questions about why the source of #3 waited until after #2, selectively aimed the attacks against #2, and suppressed mention of #1. I asked various questions; I still don't see answers. Kevin Milner writes: > I assume you mean my email, given that (from a quick skim, admittedly) > Iâm the only other new TLS participant in support. One counterexample suffices: I mentioned "the messages from NSA's Nicholas Gajcowski supporting the two solo PQ documents" and noted that those are "the only two messages that he ever sent to the TLS mailing list". (Note that having to repeat this is inefficient; please get in the habit of reading messages before replying.) > And I agree with Filippo: frankly, my opinion should probably be less > weighted on this matter! Obviously you can withdraw your own support statement at any time, but advocating disenfranchisement of other people is advocating violations of a variety of IETF promises and policies: "Anyone can participate by signing up to a working group mailing list"; "51% of the working group does not qualify as 'rough consensus' "; WG-issued RFCs have "consensus of the IETF community"; "IETF activities are conducted with extreme transparency, in public forums. Decision-making requires achieving broad consensus via these public processes." Also, disenfranchising the public in favor of organizations that can afford to pay for continual participation in IETF violates IETF's statement that its "lack of membership ensures its position as the primary _neutral_ standards body because participants cannot exert influence as they could in a pay-to-play organization where members, companies, or governments pay fees to set the direction". Is anyone claiming that a government agency _should_ be able to buy IETF standardization of a controversial spec? If not, why do we see continual violations of the RFC 2418 requirement for disagreements to be "resolved by a process of open review and discussion"? Enforcing this requirement would turn both #1 and #2 above into no-ops and would make the handling of solo PQ vastly more efficient. ---D. J. Bernstein ===== NOTICES ===== IETF BCP 78, "Rights Contributors Provide to the IETF Trust", Section 5 (normative), "Rights in Contributions", provides a modification right "unless explicitly disallowed in the notices contained in a Contribution (in the form specified by the Legend Instructions)". The official language from IETF's "Legend Instructions" for the situation that "the Contributor does not wish to allow modifications nor to allow publication as an RFC" is as follows: "This document may not be modified, and derivative works of it may not be created, and it may not be published except as an Internet-Draft." <https://trustee.ietf.org/wp-content/uploads/Corrected-TLP-5.0-legal-provsions.pdf> The same language is used in, e.g., RFC 5831. The same language hereby applies to this document. This is not disclaiming or limiting the applicability of IETF policies; it is strictly following IETF policies. IESG claims that the "explicitly disallowed" provision in BCP 78 is limited to the examples in Section 3 in BCP 78. That is incorrect. BCP 78 states that Section 5, "Rights in Contributions", is normative, while Section 3, "Exposition of Why These Procedures Are the Way They Are", is informative. The opt-out provision in the normative text is clear, and cannot be limited by an informative section. BCP 78 does not give IESG any authority to issue changes or purported clarifications of the rules. Rationale for exercising the BCP 78 opt-out provision: I'm fine with redistribution of copies of this document. The issue is instead with modification, such as (1) IESG's May 2025 posting of an IESG-mangled version of an appeal that I had filed and (2) IETF management selling IETF mailing-list text to AI companies. This goes far beyond what copyright law allows as fair use (such as giving quotes for purposes of commentary). When I complained about the mangled document, the IETF Executive Director responded not by apologizing but instead by asserting that IETF management had the power to do whatever it wanted.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
