Hmm... I'm still not sure what you're trying to say. My point
is that there shouldn't be any consensus calls by anyone on
the ietf-http-auth mailing list.
Why not? Does the IETF have a patent on IETF processes?
It's not a WG.
Why not?
Of course, you probably mean that any consensus calls on the
ietf-http-auth mailing list would not be considered IETF consensus calls
because that list is not formally an IETF WG and is not formally
following all IETF processes.
In any case, a WG is not supposed to be formed unless there is already
some work done and that work has reached some consensus among interested
parties. One would expect that people working on a draft would try to
use some of the IETF process in order to get to the point of either
publishing a draft or forming a WG.
Unless of course, the IETF has some exclusive intellectual rights in
running WGs and having consensus calls...
I have no problem with Sam soliciting opinions in his
document on any forum of his choice. What I object to is the
notion--again implied in your above comments--that this
document has some formal standing. As I said initially, this
is an individual submission that failed to obtain consensus.
As such it doesn't need shepherding or shepherding ADs, any
more than any other individual ID.
Really, this is irrelevant. Either there is or is not a group of people
who have done some work and reached some consensus that the work needs
to be completed in the IETF. If there is work and consensus, then even
if it was published and rejected as an individual draft, there is no
reason for the work to stop and the people to go away.
It makes more sense to channel the work appropriately rather than
rejecting it and castigating the group. We all know that the Internet
has many security issues made worse by the immense scale of the network
in this day and age. There is an entire IETF area decicated to Security
with 17 or 18 WGs in it. It seems to me that we should be advising the
people working on this draft to take their work to the Security ADs and
see if it fits into an existing WG or whether a new AD could be created.
The process nits are entirely irrelevant to the work and do not advance
the IETF in any way.
Personally, I would like to see some more criticism of the fact that
this draft is about Phishing, a symptom of security problems, rather
than about strengthening a weakness in Internet security. It is entirely
possible to "solve" the phishing problem without strengthening the
network, and possibly even introducing new weaknesses. Being too focused
on one symptom is not a good way to approach security. Indeed, it is
entirely possible that the solution to phishing lies with the banking
system, not with the Internet or IETF.
--Michael Dillon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf