--On Saturday, 14 October, 2006 09:05 +0200 Eliot Lear
<lear(_at_)cisco(_dot_)com> wrote:
Ned,
I am torn with the proposal. On the one hand, I am
sympathetic to DDOS attacks on the process. On the other
hand, I agree with you that serious contributors need a way to
appeal decisions. In particular, I don't like the need to
require support from additional serious members, and I would
only support that if other avenues failed.
If we look by analogy at the legal system (always a hazardous
thing), we see that there are often special rules in place
when it comes to access to the courts for those who have been
judged vexatious litigants. We could do something similar.
While that alone doesn't prevent me from creating an anonymous
email address and filing an appeal, some rule around that plus
some indication of previous participation would be useful. So
I would include a very liberal set of people, like those who
have ever attended an IETF or produced an RFC or have been
published in ACM, IEEE, USENIX, SAGE, and or some other list
of credited networking organizations. If you've shown that
you've contributed to the community in some meaningful way
then we should give you the benefit of the doubt.
Eliot,
It seems to me that, if there is a "right track" here --and that
is not obvious to me-- that you are on it or at least on a
parallel one. I suggest that implies several changes to the
draft, YMMD:
(1) The "supporter" procedure/requirement should be
triggered only is someone shows symptoms of being a
vexatious appellant. People who are entering their
first appeals don't trigger it. People whose last
appeal was successful, even in part (that would need to
be defined, of course, and that might not be easy) don't
trigger it. The only folks who need to look for
supporters are those who have appealed before and whose
appeals have been rejected as without merit.
(2) The definition of someone permitted to be a
"supporter" must, as several people have pointed out
(Ned, IMO, most eloquently), be broad enough to include
active IETF contributors who don't attend meetings.
One class of action that might need appealing would be a
procedural decision that would [further] impede the
ability of those people to effectively get work done in
the IETF and they _must_ have standing to appeal such
measures by themselves or in conjunction with others who
are similarly impacted.
I would have no problem with a requirement that someone
actually be a human being with some active interest or
involvement in the IETF -- what some other standards
bodies describe as a "materially concerned party". But
requiring meeting attendance as proof of that seems to
violate all sorts of IETF principles.
(3) The idea that, if someone successfully appeals, or
supports an appeal, on one action, they should be
permanently barred from supporting similar appeals in
the future is seriously broken. It could only have a
chilling effect on the generation of appeals, legitimate
ones as well as bogus ones, because one would want to
save endorsements for important-enough occasions. It is
also at variance with a principle that has been
discussed recently on the IETF list wrt mailing list
behavior and complaints: how an appeal is processed and
considered should depend on its substance and merits,
not on the identity of the submitter. This is
particular important if someone who is relatively more
familiar with IETF processes and fluent in English is
asked to prepare an appeal on behalf of someone who is
not -- a situation that, if anything, we want to
encourage since I believe that well-drafted appeals tend
to take less IESG and IAB time than ones in which those
bodies have to spend time figuring out what the real
problem is or what is wanted.
Now, clearly, the above has the implication of "one free appeal
per customer". If the bad guys whom Olaf is trying to protect
against got themselves organized into a cabal, they could manage
a denial of service attack. But I'm not sure that is a real,
as distinct from theoretical risk and, more important, I think
it is a risk we have to run if we want to have a viable appeals
process.
However, as I read the above, I wonder if the model of the I-D
is backwards and your observation about "vexatious litigants"
should be carried a bit further. Suppose we consider this
situation as somewhat more like the mailing list abuse issue
than one in which we assume that every person filing an appeal
is the enemy until proven otherwise. If we adopt a model of
that sort, then:
We change the possible responses to an appeal from, broadly,
"yes" or "no" to "yes", "no", and "no, and this is irrational
and/or obviously totally without merit". The latter, which
could itself be appealed but not by the subject (only by someone
else on his, her, or its behalf), would imply something
analogous to posting restrictions: a period in which the person
was barred from appealing, or needed supporters, or something
else. Similar to posting restrictions, the requirements/
barriers could be escalated if they needed to be applied
additional times.
That is obviously just an outline with a number of details that
would need filling in, but it seems to me it has the important
property of shifting the balance from "everyone who considers
filing an appeal is presumed to be an attacker on the process"
to "those who abuse the appeals process get their leashes
shortened". Since I believe that the ability to easily appeal
silly or inappropriate actions is a key part of our process
model --one that wards off the need for much more heavyweight
and complex procedures-- it seems to me that is the right way to
balance things.
john
p.s. for those who have had in-the-hall discussions with me
about appeals and prevention of DoS attacks in the last few
years. Yes, I have changed my mind. Making things harder for
those who use the appeals mechanisms to insist that the IETF
follow its own procedures and conventions about proper review
does not seem to me to be in the community's best interest.
And, of course, if the IETF leadership --the IESG in
particular-- wants to avoid appeals of that variety, that can be
accomplished by the rather simple expedient of following the
procedures. One might even assume that the relative sparseness
of such appeals indicates that they mostly do that... or that
the barrier to appeals is already too high.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf