While I have a hard time seeing how having an adoption call for an adoption
call will reduce the volume of messages, I think the three TLS chairs are doing
a very good job, I cannot see that they have done anything wrong, and based on
the TLS shunning cipher suite I-Ds for years, I think their actions make sense.
I certainly don't envy them, being a chair is a very hard job, and it is not
made easier by what we in Sweden call "rättshaverister". Anybody thinking they
can do a better job should sign up to be a chair or other IETF positions.
D. J. Bernstein wrote:
>ends up encouraging votes ("+1" etc.), which is not how IETF is supposed to
>work
I think +1 is a quite good way to express that you agree with the arguments put
forward by a participant in an earlier mail. See for example.
https://mailarchive.ietf.org/arch/msg/cfrg/riJtDF3uqepZJ2NZ79dgf_ud4CM/
Sean Turner (and other people) wrote:
>Cipher Suite I-Ds
The term cipher suite has a very exact meaning in TLS, and none of five
discussed I-Ds contain cipher suites. Maybe cryptographic algorithm I-Ds would
be a good term in future discussions.
From: D. J. Bernstein <d...@cr.yp.to>
Date: Friday, 20 December 2024 at 05:59
To: tls@ietf.org <tls@ietf.org>
Subject: [TLS] Re: PQ Cipher Suite I-Ds: adopt or not?
Sean Turner writes:
> Part of chairing is gathering input, i.e., trying to read the room.
Simply reading the list shows unresolved WG controversies about (1)
whether to go ahead with PQ signatures and (2) whether to go ahead with
non-hybrid PQ. Content-wise, I favor #1 and oppose #2, but the more
basic procedural point is that demonstrated WG controversy on X should
be resolved before the WG does X. As I said before, the only PQ draft on
the table avoiding these controversies is ecdhe-mlkem.
Until the controversy regarding X is resolved, it's puzzling to see WG
chairs taking formal action (email signed by "The Chairs") that asks
whether there's consensus on adopting X ("adopt or not?"). Mushing this
together with a question about a non-controversial draft is wrong.
If I'm understanding correctly (see below), the action that the WG
chairs are actually taking is a bizarre two-layer action, namely asking
whether there's consensus to ask whether there's consensus on adoption.
As I wrote in my previous message: It's inefficient to stretch WG
decisions into many formal stages, such as "have an adoption call or
not?" and then "adopt or not?" and then "RFC or not?". Realistically,
this inefficiency ends up encouraging votes ("+1" etc.), which is not
how IETF is supposed to work. If there isn't clear authorization for the
current procedure, then the procedure shouldn't be happening at all.
Being online doesn't mean that "trying to read the room" requires formal
action. Anyone can read the list, and can send around email asking
questions. Btw, each WG message from someone who holds a WG chair role
should say either ~"writing as chair" or ~"writing as individual".
> The part of the procedure we are following is, what I would refer to
> as, the consensus process. We, as the chairs, need to determine
> whether there is consensus to do a thing or not. In this case, that
> thing is to run one or more adoption calls.
This generic "thing" explanation (1) isn't internally consistent and (2)
doesn't answer the question at the top of my previous message.
Regarding #1: You're claiming that, for each X, the chairs can't do X
without first asking whether there's consensus to do X.
If this were true then, yes, the chairs wouldn't be able to ask whether
there's consensus on adoption without first asking whether there's
consensus to ask whether there's consensus on adoption.
But did the chairs precede that by asking whether there was consensus to
ask whether there's consensus to ask whether there's consensus on
adoption? No. Evidently the chairs aren't following the principle that
they claim to be following.
Regarding #2: My request was specifically to "clarify which procedure
from RFC 2026 (or from RFCs updating RFC 2026) is being followed here".
For example, one might point to RFC 2026 saying "Last-Call - A public
comment period used to gage [sic] the level of consensus about the
reasonableness of a proposed standards action". But this isn't a generic
authorization for chairs to call for consensus on any "thing"; it's
authorizing a call for consensus on a "proposed standards action".
An example of a standards action is moving a "specification onto the
standards track at the 'Proposed Standard' level" under RFC 2026 Section
4.1.1. More broadly, RFC 2026 Section 6.1.1 says that "A standards
action is initiated by a recommendation by the IETF Working group
responsible for a specification to its Area Director"; a proposal can't
be for a "standards action" if the action doesn't have AD review.
These quotes from RFC 2026 are obviously not authorizing the weird
two-layer thing that the chairs seem to be doing. Maybe there's
something else in RFC 2026 that authorizes that, but are WG participants
supposed to keep going through further guesses for which procedure is
being applied here?
Any chair action needs authorization from the documented Internet
standards process. The chairs have to refrain from actions for which
they're unable to pinpoint the authorization.
> > The question
> > in the message that began the thread can easily be read in two ways, and
> > the replies are split in the question they're answering. Specifically:
> > * The message asks an adopt-or-not question in the subject line, but
> > it then says that the chairs _aren't_ asking this question yet
> > ("not actually do the calls"), and it instead asks a call-or-not
> > question ("Is the WG consensus to run four separate adoption calls
> > for the individual I-Ds").
> > * Some of the replies are answering the adopt-or-not question, at
> > least for some drafts; other replies focus on the call-or-not
> > question. For example,
[ ... ]
> As far as people responding one way and others another, all I can say
> is people are going to respond how they are going to respond.
Talking about "people responding one way and others another" makes it
sound as if the issue here is people having different answers. No, the
issue here is that the chairs have posed an ambiguous question.
(The mis-presentation of the issue at hand is exacerbated by the failure
to respond inline. I've reshuffled things above to show some context.)
I would like clarification of what question is being asked (if the
chairs don't withdraw the question), in part so that I can figure out an
appropriate response and in part so that other people have a chance to
answer the question that they didn't know the chairs were asking.
Concretely, the adopt-or-not question in the subject line was wrong if
the goal was instead to collect input on the call-or-not question.
Sure, the people who have advocated adoption obviously also want a call;
but various other people have spoken up against adoption. Are the latter
people in favor of having a call, for example to end up with a formal
record showing that there are objections? Are they opposed to having a
call, for example because a call misinforms readers into thinking that
objections haven't been stated already? _If_ it's important to collect
the call-or-not information, then these gaps are a problem. The problem
was caused by a lack of clarity in the top-of-thread message.
---D. J. Bernstein
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
