I do not support publication of this document as a Proposed Standard via
the AD-sponsored route, for several reasons:
a. I believe that this document should have been handled as a WG work item.
It should not be commonplace for standards track security documents to be
handled outside of a WG. This issue has been addressed in IPsec (via
IPSECME), and TLS needs to follow suit. If the TLS WG does not wish to
deal with this and other documents, then the IETF should considered formation
of a new WG.
b. This document has become a lightening rod for attacks on the integrity
of the IETF and IESG. While many of these attacks are groundless, proceeding
with the approval of this document without addressing the underlying problems
would send the wrong message about the IETF's commitment to ethics.
-----Original Message-----
From: ietf-announce-bounces at ietf.org
[mailto:ietf-announce-bounces at ietf.org] On Behalf Of The IESG
Sent: 14 January 2009 16:18
To: IETF-Announce
Subject: Fourth Last Call: draft-housley-tls-authz-extns
On June 27, 2006, the IESG approved "Transport Layer Security
(TLS) Authorization Extensions,"
(draft-housley-tls-authz-extns) as a proposed standard. On
November 29, 2006, Redphone Security (with whom Mark Brown, a
co-author of the draft is affiliated) filed IETF IPR disclosure 767.
Because of the timing of the IPR Disclosure, the IESG
withdrew its approval of draft-housley-tls-authz-extns. A
second IETF Last Call was initiated to determine whether the
IETF community still had consensus to publish
draft-housley-tls-authz-extns as a proposed standard given
the IPR claimed. Consensus to publish as a standards track
document was not demonstrated, and the document was withdrawn
from IESG consideration.
A third IETF Last Call was initiated to determine whether the
IETF community had consensus to publish
draft-housley-tls-authz-extns as an experimental track RFC
with knowledge of the IPR disclosure from Redphone Security.
Consensus to publish as experimental was not demonstrated; a
substantial segment of the community objected to publication
on any track in light of the IPR terms.
Since the third Last Call, RedPhone Security filed IETF IPR
disclosure 1026. This disclosure statement asserts in part
that "the techniques for sending and receiving authorizations
defined in TLS Authorizations Extensions (version
draft-housley-tls-authz-extns-07.txt) do not infringe upon
RedPhone Security's intellectual property rights". The full
text of IPR disclosure 1026 is available at:
https://datatracker.ietf.org/ipr/1026/
This Last Call is intended to determine whether the IETF
community had consensus to publish
draft-housley-tls-authz-extns as a proposed standard given
IPR Disclosure 1026.
The IESG is considering approving this draft as a standards
track RFC. The IESG solicits final comments on whether the
IETF community has consensus to publish
draft-housley-tls-authz-extns as a proposed standard.
Comments can be sent to ietf at ietf.org or exceptionally to
iesg at ietf.org. Comments should be sent by 2009-02-11.
A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-housley-tls-authz-extns-07.txt
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf