[October 5, 1999]
This is the IAB's response to an appeal against IESG action lodged on May 1, 1999 by William Allen Simpson. The appeal (accessible at http://www.ietf.org/appeal ) specifically concerns the IESG's rejection on March 1, 1999 of Mr Simpson's appeal to the IESG summarised in his words as:
> Pursuant to the process detailed in RFC-2026 sections 6.5.1 and 6.5.2, > and ultimately 6.5.3, I appeal the IESG decision to publish > draft-ietf-ipsec-ciph-cbc-03.txt and all documents referencing it, > together with the failure to publish draft-simpson-cbc-01.txt, > draft-simpson-desx-02.txt and draft-simpson-des3v2-03.txt (or earlier > versions thereof).
The IAB is not a court of law; in fact it has a very narrow scope of possible action under RFC 2026 (either annul an IESG decision and send the matter back to them, or simply make a recommendation to the IESG). In addition to that the IAB has the option of making suggestions about the IETF standards process.
In this case, the IAB followed as closely as possible the procedure adopted for previous appeals - a call for comments on the IETF list, short speaking slots in an open hearing, and then a private discussion within the IAB. The open hearing was held during the Oslo meeting of the IETF, on July 15, 1999.
Four IAB members recused themselves from decision-taking on this appeal: Fred Baker (IESG Chair), Harald Alvestrand (IESG member at the time), Ran Atkinson (former IPSEC WG co-chair) and Geoff Huston (Chair of the ISOC Board).
Prior to the hearing the IAB received written comments from Bodo Moeller, Ozan Yigit, and requests to speak from Bill Simpson, Ted T'So, Eric Brunner, and Donald Eastlake. All of these requests to speak were granted, subject to a time limit of ten minutes for Mr Simpson and five minutes for the others. Mr Simpson spoke by telephone connected to the open hearing, since he was unable to be present in person. Mr Simpson provided additional detailed arguments and on-line references. Additional speakers at the hearing were Paul Lambert and Scott Bradner.
Not being a court of law, the IAB has not responded to the appeal point by point in detail, nor has it examined the working group record in exhaustive detail. However we checked the record of relevant IESG discussions.
We have specifically not responded to Mr Simpson's claim of "plagiarism and misappropriating copyright" as this is clearly outside our competence.
Mr Simpson's appeal to the IAB makes the following major claims:
> 1) The decision was not timely. The documents had already been published. > The RFC Editor had promised not to publish the documents until the > issues had been resolved.
The response from the IESG (dated March 1, 1999) to Mr Simpson's appeal (dated October 22, 1998) was indeed delayed until about four months after the IESG's minuted decision to approve publication of the contested documents. However, RFC 2026 explicitly avoids setting a time limit for the response to appeals, nor does it forbid publication of documents during the course of an appeal, so there is no process violation here. It does require appeal responses to be communicated "within a reasonable period of time" which was not respected in this case.
> 2) The answers by the IESG are non-responsive; particularly to points > #9, #14, #15, #17, #18. The appeal explicitly listed "other > documents" in its subject, and explicitly addressed issues of cross > reference.
The appeal was very complex but clearly centered around four specific documents. The IESG restricted its response to those four documents, which are the nub of the matter. We consider this restriction reasonable and do not find the IESG's answers to be non-responsive.
> 3) The answers contain numerous false statements, unsupported by the > WG record.
The allegedly false statements primarily relate to spoken communications that were not transcribed. There is, therefore, no basis upon which to review Mr. Simpson's claims. We note, though, that the allegedly false statements concern matters which we would not expect to be on the written record. The comments made in the open hearing confirm a continuing disagreement about these matters between Mr Simpson and other members of the IPSEC WG.
> 4) The answer concludes with an ad hominem attack on appellant.
Since the appeal was personal in nature, it would have been hard to respond to it in completely impersonal language. However, the nature of the WG and appeal processes is such that it is always easier to arrive at reasonable and reasoned decisions if all parties involved can maintain a spirit and tone of calm and professional discourse. That said, it is clear that regrettable, intemperate and pejorative language has been used over a period of years by several of the participants in the process.
Technical issues are settled in the IETF by WG rough consensus as judged by the WG chair(s). We find no process violation here, merely the fact that Mr Simpson did not agree with the rough consensus.
On the point of key length, formal decisions in the IETF are taken according to RFC 2026, not by the IETF plenary. The clear preference of the Danvers plenary for strong keys was embodied in RFC 1984 and has certainly not been ignored, but the mandatory requirements of a Proposed Standard are matters in the purview of the WG and the IESG. We do not find a process violation here.
We agree that the sentence referring to 40 bit keys is poorly phrased and might be subject to the misunderstanding that all cited ciphers allow 40 bit keys, which the table shows is not the case.
However, the general quality of the text of RFC 2451 is unsatisfactory. We also note that it confuses two topics: a general framework for ESP with CBC mode, and the specification of how certain ciphers should be used within that framework.
As noted above we take no position on the claim of "plagiarism and misappropriating copyright". However, we note that the long-standing tradition in the IETF, understood by all regular participants, is the free flow of text and ideas between drafts and RFCs, as required by progress in the working groups. This principle is embodied in RFC 2026, which provides (10.2) that "[n]o contribution that is subject to any requirement of confidentiality or any restriction on its dissemination may be considered in any part of the Internet Standards Process ...." and (10.3.1.1) that "to the extent that the submission is or may be subject to copyright, the contributor ... grant[s] an unlimited perpetual, non-exclusive, royalty-free, world-wide right and license to the ISOC and the IETF under any copyrights in the contribution", including the right to prepare derivative works.
Clearly such free flow requires due acknowledgment, but does not automatically imply formal authorship. We find the acknowledgements of Mr Simpson's contributions in the IPSEC document set to correspond generally to the IETF tradition. We note that particpants in the original conception of IPSEC have differing recollections about the sequence of ideas, which we find unsurprising.
Finally we note that Mr Simpson has a pending request for the publication as RFCs of draft-simpson-cbc-01.txt, draft-simpson-desx-02.txt and draft-simpson-des3v2-03.txt which has never been handled by the IESG. We understand that the IESG did not wish to see them published prior to RFC 2451, but that is long past. In our opinion these documents are now overtaken by events, but their status needs to be resolved. In general the IESG should make clear its position on pending documents as soon as reasonably possible.
Mr. Simpson asked for the opportunity to appear before the IAB to personally argue each point in detail. As we observed before, the IAB is not a court of law. Furthermore, RFC 2026's procedures for conflict resolution and appeals (6.5) do not call for or anticipate that the IAB should be required to hold hearings or receive oral argument. Although the IAB would have discretion in an appropriate case to hold such proceedings, we do not believe that they are necessary here.
This page is maintained by the IAB Executive Director for the IAB.