ietf
[Top] [All Lists]

Re: Draft IESG Statement on Removal of an Internet-Draft from the IETF Web Site

2012-09-20 11:50:09


--On Wednesday, September 19, 2012 23:38 +0200 Carsten Bormann
<cabo(_at_)tzi(_dot_)org> wrote:

...
Until there is a court decision impacting this usefulness (or
one can be reasonably expected), the legal angle is simply
irrelevant.

(Just keeping the thread alive so it doesn't seem that
everybody agrees with the strangely luddite position taken
here.)

Carsten,

Without completely agreeing with Joe (I don't), let me suggest
that the above may be the wrong way to look at this.

First of all, the "court decision impacting this..." argument
should be approached like any other risk-benefit analysis.   If
things were to get into a court and we were to lose, the
consequences could be nasty indeed.  While it is possible that a
judge might say "well, you were bad and shouldn't be doing this,
but I won't punish you if you promise to clean up your act in
the future", it isn't terribly likely.  If things were to get to
that point, prompted by a legal action by someone who could
actually claim to have been damaged by the current policy, it is
far more likely that the IETF would end up feeling significant
pain, possibly accompanied by penalties severe enough to prevent
us from keeping and getting the insurance on which we depend in
the future.

I personally don't consider it very likely that someone would
actually sue or convince some appropriate prosecutor to come
after us.  But, however one assesses the likelihood of that
happening and of that party winning, I think an attitude of
"don't worry about it until that happens and we lose" would
represent severely bad judgment.

Perhaps more important from my point of view, the IETF depends
on a social contract with its participants.  For many years,
participants had reason to believe that "expire after six
months" meant that the IETF would not publicly facilitate, or
directly provide public access to, expired I-Ds.  They also had
reason to believe that any rights they gave the IETF by posting
a document as an I-D did not extend beyond the IETF especially
after that six months -- that anyone else who wanted to make use
of the material would have to come and discuss it with them.
Whether that view was generally held or not is an almost
meaningless question: I'm pretty sure that the vast majority of
IETF participants, and even that of I-D authors, didn't give the
issue a moment's thought.

That same set of assumptions mostly applied even after that
changes that led to the current BCP 78/79 language: the IETF
Trust was granted (non-retroactively wrt earlier documents) the
rights to do a number of things that the community might need,
but there was no explicit assumption that all of those things
_would_ be done unless the community necessity (not just
convenience or wishes) were clear.  Again, opinions differed
about what was reasonable and appropriate in the normal case (an
issue the IPR WG definitely did not reach a consensus conclusion
about) and the evidence is (and was) that that vast majority of
IETF participants still didn't care enough to pay attention.

But that is precisely where the social contract becomes
important.  BCP 78 clearly gives the IETF the right to take a
document you have written without asking you, remove your name
from it, and publish it, possibly with modifications of which
you might not approve, under someone else's name.  That just
doesn't happen, not because the written rules prohibit it (or
because the IETF Trust is certain those provisions would hold up
in court), but because there is general understanding that it
would be in bad taste.  Equally important, many of us would
respond to such an action, at least one taken without a very
good and clear reason, by deciding that the IETF is not a place
where we care to do work any more.  The "contributions", at
least from those thus offended, would stop.  And, to the extent
that those contributions, and the credibility of the
contributors as a group, were important, the IETF would be in
serious, perhaps fatal trouble.

So, like you, I'm really not concerned whether Joe's arguments
are on firm legal ground or not even though I completely reject
the idea of "let's keep doing it until court to which we have to
pay attention tells us that we are wrong".   But I am concerned
that he and other authors of I-Ds, especially I-Ds that long
predate RFC 5378, made good-faith assumption, based on practices
at the time, about how their documents would be handled
post-expiration.  I think that, as a community, we ought to
respect those assumptions more than saying, effectively, "we are
going to maintain a public archive no matter what commitments
you thought were made to you because we can and because we don't
think you will actually sue us".  The latter is just bad for the
community, whether it "works" or not.

best,
   john








<Prev in Thread] Current Thread [Next in Thread>