November 5, 1998
This is a complaint against the IESG and the RFC-Editor about publication of RFC-2188 (Efficient Short Remote Operations - ESRO) as an Informational RFC. A lot went wrong in the process of publication of RFC-2188. The highlights are:
I (Mohsen Banan - email@example.com) have used very strong words in the above list to characterize the problems in this specific case. Use of those words are in no way extreme. Use of ALL of those words are justified in this message.
The fact that a lot went wrong in the case of publication of RFC-2188 is known to many. Steve Coya and Scott Brander have admitted that there were a number of problems and have apologized for them.
Scott Bradner> ... the iesg fucked up and I'm trying to fix the issue ... Steve Coya> You DO have a valid complaint, but not with the RFC Editors. Scott Bradner> ... As I said things slipped through Scott Bradner> the cracks and I am sorry that happened. ...
I accepted their apologies and after the publication of RFC-2188 I was going to let this drop. However, since then I have seen even more evidence of the IESG being way out of control and now feel that something needs to be done.
This note is complete and includes all that is necessary to allow people to judge for themselves the validity of my complaints.
My goal is to PRESERVE the so far mostly open Informational RFC publication process from censorship by the likes of IESG. We need to find a way to ensure that what went wrong in this case never happens again. I am preparing this complaint because I think that it can help a number of areas which are critical to the continued success of the Internet.
In the absence of any sort of accountability by the IESG and the RFC-Editor to anyone, I am hoping that peer pressure and public embarrassment can be used as tools to bring the IESG under control and restore the Information RFC publication process to the open process that it is supposed to be.
Internet Standards are better than other standards because we realize that no entity (IETF/IESG/IAB) has exclusivity on good ideas. Many (if not most) good/successful Internet protocols have come from outside of committees, task forces, groups or boards. (If you are looking for examples, consider the web.)
Fair and equitable access to the RFC publication service is fundamental to the success and growth of the Internet. Good protocols (as well as bad protocols) coming from outside of the IETF should have access to the RFC publication service, so that they can be used and even sometimes compete with IETF/IESG work. The network and the market place ultimately decides the winners and the loosers.
Now, my experience with the publication of RFC-2188 has convinced me that:
If any of the above is true we have a problem. Unfortunately, this note clearly demonstrates that all of the above were true in the case of RFC-2188. I am also now convinced that the problems in the case of RFC-2188 were not isolated to that case alone. There is a serious problem.
The rest of this note substantiates my claims about the problem. Because this deals with a concrete and specific case, because it deals with history of what has already happened, because it is a complete case, I hope that this note can be used to identify and fix the serious problems that exist.
Because this note is documentation of a complete case, it is somewhat lengthy.
This note is organized in 4 sections.
In this section, I substantiate all of the above mentioned claims and problems.
In theory, "The Internet Standards Process" (BCP-9, RFC-2026) defines at a high level a very reasonable process for publication of non IETF protocols as Informational RFCs. The problem is that in practice that process is not followed. The IESG is allowed to indefinitely delay the publication of RFCs or simply reject them because the IESG does not get them or because the IESG does not like them.
The highlights of the process of publication of non IETF protocols as Informational RFCs (taken from sections 4.2.2 and 4.2.3 of RFC-2026) are:
In that case the document may still be published as an Informational RFC with an IESG disclaimer.
This process is very reasonable. Irrelevant or sub-standard specifications (such as Internet Porn Protocol - IPP) will be stoped by the RFC-Editor. Reasonable protocols get a chance to be published in a timely manner. The IESG is not allowed to censor anything in favor of its own activities or opinions.
In practice the role of the RFC Editor for documents coming from outside of the IETF/IESG/IAB has been reduced to that of a glorified clerk of the IESG. In other words in practice the IESG has already expanded its limited role as a conflict detector to a commentator and the authorative reviewer and the final decision maker.
In practice, the RFC Editor is not in charge the IESG is.
Neither the IESG, nor the RFC Editor have any respect for the requirement of "timely" processing of the non IETF Informational RFCs.
During the process of publication of RFC-2188 when it became obvious that the process being followed is not that of BCP-9. I started asking the following questions. These questions were asked a number of times from the RFC-Editor and the IESG. They have never responded to any of them. They remain unanswered.
In light of everything that happened in the case of RFC-2188, I consider all of these questions valid and legitimate. These questions have been asked many times to no avail. They remain unanswered.
Because of the RFC-2188 experience and other interactions that I have had with the IESG and the RFC-Editor, I have some suggestions for improving the non IETF Informational RFC publication process and practice.
The IESG is a hand-full of volunteer engineers with a fancy group name. Based on my interactions with them, I have concluded that they hardly reach the "average" level of competence in my book - both in their technical and in their management abilities. The IESG often has little relevant experience and knowledge in the specialized subject matter of the RFCs that it needs to review.
Instead of functioning in its limited co-ordination and conflict detector role as defined in section 4.2.3, in practice the IESG has already expanded its own role and has assumed ultimate authority over publication/non-publication of non IETF originated Informational RFCs.
The IESG should not be permitted to engage in censorship or delay of publication of work coming from outside of IETF because they just don't like it, because they don't understand it, because they think that it may be competing with IETF/IESG work or because they think that it may be bad for the Internet.
Based on the case of RFC-2188, I have concluded that the IESG is out of control and irresponsible. It needs to be checked and managed.
In practice the role of the RFC Editor for documents coming from outside of the IETF/IESG/IAB has been reduced to that of a glorified clerk of the IESG.
If and when the IESG does not complete its review of the refered documents, it is the RESPONSIBILITY of the RFC Editor to go ahead and publish the document. The RFC Editor should not permit the IESG to introduce long delays in the publication of documents.
The RFC Editor should ensure that the IESG note going into an Informational RFC is in fact reasonable and correct and provide the author an opportunity to see the IESG note prior to publication.
The RFC Publication Service can benefit from additional resources. I am pretty sure that getting funding for such a critical service is not going to be difficult if we look at it the right way.
The spirit of sections 4.2.2 and 4.2.3 of BCP-9 is just right.
However, the case of RFC-2188 clearly shows that in practice the procedures of BCP-9 are not being followed.
We need to find a way to make sure that what BCP-9 says is in fact what happens.
Tighten BCP-9 to be more clear about minimum technical requirements for RFCs. Introduce an appeals process for when a document is rejected. More clearly define "timely"... Provide mechanisms that safeguard against mistakes and negligence by the IESG or the RFC Editor.
Define specifically, what is supposed to happen when the IESG does not complete its limited review in a timely manner.
Re-orient everything towards responsibilities of the publication service providers instead of their authorities.
The RFC Editor task is primarily a Publication Service. The IETF/IESG/IAB is JUST one of the users/customers of the the RFC Publication Service.
There has been talk of putting the RFC Publication Service under management and funding of IETF/IESG/IAB/ISOC. That would be totally wrong.
There is an obvious inherent problem with allowing a common Publication Service to be managed and funded by one of its users. The problem is that IETF/IESG/IAB is likely to claim control over the entire RFC Publication Service and delay the publication or exclusion of protocols coming from outside of it and suppress standards competition even more.
Clear separation of powers is a good thing. It is a good way of introducing accountability and checks and balances.
A powerful and independent RFC Editor role which would oversee a fair and equitable RFC Publication service is ESSENTIAL for the Internet.
In practice, the RFC Editor role has been weakened over the years. We need to strengthen it.
Let's look at what needs to happen in the bigger picture. Standardization process iterates through 4 essentially distinct steps.
IETF/IESG are just one of the entities developing protocols. Many good protocols are developed by non-standards related entities.
A wide open, quick and fair publication service is needed to allow for anyone who wants to build or play with protocols to have access to its specification. The fundamental characteristics of the RFC Publication Service for the most part have been working real well. Any relevant protocol coming from essentially anywhere which meets a minimum technical and/or editorial standard should have speedy access to the RFC Publication Service.
If it is anything useful and is done right, it will be used. How it gets used is very important and unpredictable.
Some entity (e.g., IETF/IESG/IAB) blesses the protocol by putting some label on it. Although necessary, this function is mostly ceremonial. The real legitimacy comes from usage and the market place.
Without a question, IETF/IESG/IAB should play some role in step (1).
Without a question, IETF/IESG/IAB need to focus on step (4).
But, I am saying that putting step (2) under management and funding of IETF/IESG/IAB/ISOC is WRONG. Because it has the potential of further suppressing the results of step (1) coming from outside of IETF/IESG.
Note, that I don't have a problem with the spirit of the relationship between The RFC-Editor and IETF/IESG/IAB/ISOC as described in BCP-9. My point is that by making step (2) completely and truly independent of management and funding by IETF/IESG/IAB/ISOC, we will bring about the necessary checks and balances that are needed for a healthy overall process which needs to even encourage competition in step (1).
All the communication between the Authors, the RFC Editor and the IESG were in the form of email exchanges. There were no phone calls or face-to-face conversations of any sort.
The email exchanges are factually summarized below and reference to the actual email is included.
At that time our only contact point was the RFC Editor. The Editor neglected to reply to that message. Those questions remain unanswered even today. Had the RFC Editor responded to that message in April, we would have saved a lot of time. The above instance alone justifies my fair use of the word "negligently" with respect to the RFC Editor.
Having not heard from the RFC Editor since April 3rd (nearly 4
months), I prepared a detailed message which explained that the RFC
Editor and IESG's treatment of this RFC is totally unreasonable.
The RFC Editor (Mary Kennedy) forwarded my message to Steve Coya.
At that time (6 months after initial submission and a week after my previous detailed request for explanation) Steve Coya and the IESG had still not responded to ANY of our messages and requests.
Our repeated requests for an explanation kept being ignored. The
IESG's actions up to that point combined with their dictatorial
attitude and arrogance at that point, at a minimum, justifies my use of
the words "negligent" and "irresponsible".
After more than 6 months, this is the first time that anyone at the
IESG has communicated with us. In that message, Steve Coya tells us
that the IESG requested that the document not be published. This is a
clear violation of the procedures of BCP-9. No where in RFC 2026 is
the IESG given the authority to stop the publication of a non IETF
Informational RFC. Now, add to that the level of arrogance that says
IESG can ignore the Authors' inquiries for 6 months and provide no
explanation what-so-ever to why IESG has prevented the publication of
the RFC. Then add to it, that later it becomes clear that Steve Coya
was just wrong.
Scott Bradner tells us that it appears that it might be worth while to
issue an IETF last call on it and advance it as a proposed standard!
Obviously that was contradictory to what Steve Coya had said earlier
that same day.
I re-iterate the sense of urgency here.
I check on status of progress and mention that a lot has gone wrong so far and that is why we are impatient.
Scott Bradner tells me that no abuse should be directed towards the
I explain that my use of the words "irresponsibly and negligently" do
not constitute abuse towards the RFC Editor. And I justify them again.
Scott Bradner in a message only to me suggests that if I can't see
that the tone of my messages are abusive I should talk to a friend.
I do not consider this a personal or private message. On a personal level, I wish to have no relationship what-so-ever with anyone on the IESG. I simply want them to fulfill their particular responsibilities with respect to facilitation of publication of my Informational RFCs.
The key point not to be missed here is that if the IESG has been doing its job, we would not be discussing the tone of my messages.
I did not dignify that message with a response.
Scott Bradner tell us that ex-transport co-AD feels that this ID
represents a significant technical contribution and feels that it
should be advanced on the IETF standards track.
Scott Bradner asks us to choose between the Informational RFC publication route or the Proposed Standard route.
The Authors choose the Informational RFC route because the urgency for
publication in this case outweighs our interest in getting this
document on the standards track.
Scott Bradner asks: What is causing this feeling of urgency?
Scott Bradner informs us of his recommendation of ESRO for publication
and that he hopes we will put this specification on standards track
when it is ready.
I thanked him and said that I will.
Scott Bradner forwards a technical comment from Harald Alvestrand to
the Authors. This is the *ONLY* technical comment that we ever
received from the IESG or the RFC Editor.
I respond to that technical comment.
I explicitly ask that he keeps me posted on his communications with
the RFC Editor related to this RFC.
If there was to be an IESG Note, I wanted to have a chance and see it before publication.
Scott Bradner informs us that he publication was approved by the IESG.
But does not mention anything about the IESG note.
I ask about the expected publication date.
The RFC Editor announces publication of RFC-2188.
The text of RFC-2188 is materially same as what we submitted to the RFC Editor on Jan 15, 1997, with the exception of the IESG note.
To our surprise we discovered the following IESG note in our RFC.
IESG Note This protocol has not had the benefit of IETF Working Group review, but a cursory examination reveals several issues which may be significant issues for scalability. A site considering deployment should conduct a careful analysis to ensure they understand the potential impacts.
A few key points about this IESG Note:
If any of my employees were to ever be responsible for a small fraction of the types of arrogance, negligence and mistakes that were commited during the process of publication of RFC-2188, I would fire or demote them immediately.
But, the IESG is a collection of volunteers which answers to no one.
Unless we can find a way to deal with problems like this and fix them, I am afraid that arrogance, negligence, irresponsibility and incompetence will be institutionalized inside of the IESG.
ALL of the messages related to this case that I originated or received starting from the time of initial submission up until the time of publication of the RFC are included as 30 email messages below. Other than deleting the attachments of the original specification, these messages have not been edited in any way.
My interactions with individulas at the IESG and the RFC Editor were in the context of them functioning in their roles as Service Providers. I consider none of these email messages private or personal or confidential.