ietf
[Top] [All Lists]

Re: Review of draft-hartman-webauth-phishing-05

2007-08-21 17:36:56
"Paul" == Paul Hoffman <paul(_dot_)hoffman(_at_)vpnc(_dot_)org> writes:

    >> I do hope that we have consensus these are good requirements,

    Paul> We absolutely do not have any such consensus. There was
    Paul> barely any discussion during IETF Last Call. There was not a
    Paul> mailing list for discussing the draft. 

Hmm.  I actually think that as ad-sponsored informationals go this got
a lot of constructive discussion in ietf last call.  It was discussed
on the dix and http-auth lists and at the WAE BOF.  My perception of
the room at WAE was that with the exception of the requirement about
mutual authentication this was relatively non-controversial and that going 
forward with such a document would be useful.

Now, we may actually be saying the same thing.  I think this document
has received review similar to other IETF informational documents.
There's a lot of open question about what the status of such documents
is; absent evidence such as an IESG note I assume such documents have
rough consensus of the IETF.  Others may not read things that way or
may assume a different level of support behind informational documents
for which we do an IETF last call.

Ultimately though the issue of adequacy of review rests with Lisa and
the IESG.  I'm obviously recused from formal participation in that
process.


Paul> Speaking for myself,
    Paul> I didn't comment because I thought it was meant to be an
    Paul> Informational RFC saying what Sam Thinks About These
    Paul> Requirements. 

If I wanted to publish such a document I would have gone to the rfc editor.

    Paul> The IETF Last Call announcement said *nothing*
    Paul> suggesting that this was a consensus call. 
I thought all IETF last calls are consensus calls.

    Paul> It is inappropriate to change the intended use of this
    Paul> document after IETF Last Call. 

Here we agree.  I'm not asking for treatment any different than any
other AD-sponsored informational document.


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf