W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: [Ietf-http-auth] Next step on web phishing draft (draft-hartman-webauth-phishing-05.txt)

From: Alexey Melnikov <alexey.melnikov@isode.com>
Date: Sun, 09 Sep 2007 19:30:01 +0100
Message-ID: <46E43BA9.3080407@isode.com>
To: Eric Rescorla <ekr@networkresonance.com>
CC: ietf@ietf.org, discuss@apps.ietf.org, ietf-http-wg@w3.org, ietf-http-auth@osafoundation.org, saag@mit.edu

Eric Rescorla wrote:

>Alexey wrote:
>  
>
>>This message is trying to summarize recent discussions on 
>>draft-hartman-webauth-phishing-05.txt.
>>
>>Several people voiced their support for the document (on IETF mailing 
>>list and in various other off-list discussions). Ekr doesn't think that 
>>the document should be published in the current form and he has some 
>>good technical points that need to be addressed. At least one more 
>>revision is needed to addressed recent comments from Ekr and SecDir review.
>>
>>It is quite clear that some people got confused about intended status of 
>>this document and whether it represents IETF consensus. Sam has 
>>clarified what was his intention, but another consensus call is needed 
>>to make sure people agree with Sam.
>>
>>Subsequent discussions and consensus calls on the document would happen 
>>on <ietf-http-auth@osafoundation.org>.
>>
>>Alexey,
>>in my capacity of shepherd for draft-hartman-webauth-phishing
>>    
>>
>I object to this procedure.
>
>This document has already had an IETF Last Call, where it failed to
>achieve consensus.
>
Ekr, I have to disagree with you.
One objection about the document and one objection about the intended 
status doesn't constitute "failed consensus", considering there are at 
least 8 other people who are in favor of publishing the document. I can 
publish the list of reviewers, if you insist.

>At this point, it doesn't need additional last
>calls to "make sure that people agree with Sam", but rather to go back
>to the authors to try to build support in the community.
>
I was probably not clear enough in my previous message:
1). The document needs more work.
2). The document needs more reviews. Discussions of future revisions 
should happen on ietf-http-auth@osafoundation.org
3). The document was effectively reset to pre-IETF LC state.

>Not liking the result of the previous Last Call is not a sufficient basis for
>issuing another one.
>  
>
This statement taken in isolation is certainly correct. However if the 
original LC didn't ask the right question, don't you think this makes 
answers meaningless?

>At some point in the future, it may be appropriate to issue another
>consensus call, but since this is not a WG mailing list--indeed, the
>IESG has twice declined to charter a WG in this area--nor are you the
>chair, it doesn't seem to me that you have standing to do that. When
>that time comes, I would expect the IESG to designate an appropriate
>time and place.
>  
>
I have support of the shepherding AD.
Do you think this is insufficient?
Received on Sunday, 9 September 2007 18:29:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:15 GMT