> I would like clarification of what question is being asked (if the chairs
> don't withdraw the question), in part so that I can figure out an appropriate
> response and in part so that other people have a chance to answer the
> question that they didn't know the chairs were asking.
I agree with this. The question was not clear to me, therefore I could not
comment. In practice, I'm used to seeing individual I-D authors ask for
adoption, when they feel ready, and chairs formally triggering adoption calls.
Not sure why PQC support is being treated differently.
Cheers,
Andrei
-----Original Message-----
From: D. J. Bernstein <d...@cr.yp.to>
Sent: Thursday, December 19, 2024 8:58 PM
To: tls@ietf.org
Subject: [EXTERNAL] [TLS] Re: PQ Cipher Suite I-Ds: adopt or not?
Sean Turner writes:
> Part of chairing is gathering input, i.e., trying to read the room.
Simply reading the list shows unresolved WG controversies about (1) whether to
go ahead with PQ signatures and (2) whether to go ahead with non-hybrid PQ.
Content-wise, I favor #1 and oppose #2, but the more basic procedural point is
that demonstrated WG controversy on X should be resolved before the WG does X.
As I said before, the only PQ draft on the table avoiding these controversies
is ecdhe-mlkem.
Until the controversy regarding X is resolved, it's puzzling to see WG chairs
taking formal action (email signed by "The Chairs") that asks whether there's
consensus on adopting X ("adopt or not?"). Mushing this together with a
question about a non-controversial draft is wrong.
If I'm understanding correctly (see below), the action that the WG chairs are
actually taking is a bizarre two-layer action, namely asking whether there's
consensus to ask whether there's consensus on adoption.
As I wrote in my previous message: It's inefficient to stretch WG decisions
into many formal stages, such as "have an adoption call or not?" and then
"adopt or not?" and then "RFC or not?". Realistically, this inefficiency ends
up encouraging votes ("+1" etc.), which is not how IETF is supposed to work. If
there isn't clear authorization for the current procedure, then the procedure
shouldn't be happening at all.
Being online doesn't mean that "trying to read the room" requires formal
action. Anyone can read the list, and can send around email asking questions.
Btw, each WG message from someone who holds a WG chair role should say either
~"writing as chair" or ~"writing as individual".
> The part of the procedure we are following is, what I would refer to
> as, the consensus process. We, as the chairs, need to determine
> whether there is consensus to do a thing or not. In this case, that
> thing is to run one or more adoption calls.
This generic "thing" explanation (1) isn't internally consistent and (2)
doesn't answer the question at the top of my previous message.
Regarding #1: You're claiming that, for each X, the chairs can't do X without
first asking whether there's consensus to do X.
If this were true then, yes, the chairs wouldn't be able to ask whether there's
consensus on adoption without first asking whether there's consensus to ask
whether there's consensus on adoption.
But did the chairs precede that by asking whether there was consensus to ask
whether there's consensus to ask whether there's consensus on adoption? No.
Evidently the chairs aren't following the principle that they claim to be
following.
Regarding #2: My request was specifically to "clarify which procedure from RFC
2026 (or from RFCs updating RFC 2026) is being followed here".
For example, one might point to RFC 2026 saying "Last-Call - A public comment
period used to gage [sic] the level of consensus about the reasonableness of a
proposed standards action". But this isn't a generic authorization for chairs
to call for consensus on any "thing"; it's authorizing a call for consensus on
a "proposed standards action".
An example of a standards action is moving a "specification onto the standards
track at the 'Proposed Standard' level" under RFC 2026 Section 4.1.1. More
broadly, RFC 2026 Section 6.1.1 says that "A standards action is initiated by a
recommendation by the IETF Working group responsible for a specification to its
Area Director"; a proposal can't be for a "standards action" if the action
doesn't have AD review.
These quotes from RFC 2026 are obviously not authorizing the weird two-layer
thing that the chairs seem to be doing. Maybe there's something else in RFC
2026 that authorizes that, but are WG participants supposed to keep going
through further guesses for which procedure is being applied here?
Any chair action needs authorization from the documented Internet standards
process. The chairs have to refrain from actions for which they're unable to
pinpoint the authorization.
> > The question
> > in the message that began the thread can easily be read in two ways,
> > and the replies are split in the question they're answering. Specifically:
> > * The message asks an adopt-or-not question in the subject line, but
> > it then says that the chairs _aren't_ asking this question yet
> > ("not actually do the calls"), and it instead asks a call-or-not
> > question ("Is the WG consensus to run four separate adoption calls
> > for the individual I-Ds").
> > * Some of the replies are answering the adopt-or-not question, at
> > least for some drafts; other replies focus on the call-or-not
> > question. For example,
[ ... ]
> As far as people responding one way and others another, all I can say
> is people are going to respond how they are going to respond.
Talking about "people responding one way and others another" makes it sound as
if the issue here is people having different answers. No, the issue here is
that the chairs have posed an ambiguous question.
(The mis-presentation of the issue at hand is exacerbated by the failure to
respond inline. I've reshuffled things above to show some context.)
I would like clarification of what question is being asked (if the chairs don't
withdraw the question), in part so that I can figure out an appropriate
response and in part so that other people have a chance to answer the question
that they didn't know the chairs were asking.
Concretely, the adopt-or-not question in the subject line was wrong if the goal
was instead to collect input on the call-or-not question.
Sure, the people who have advocated adoption obviously also want a call; but
various other people have spoken up against adoption. Are the latter people in
favor of having a call, for example to end up with a formal record showing that
there are objections? Are they opposed to having a call, for example because a
call misinforms readers into thinking that objections haven't been stated
already? _If_ it's important to collect the call-or-not information, then these
gaps are a problem. The problem was caused by a lack of clarity in the
top-of-thread message.
---D. J. Bernstein
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
