Appeal Re: Complaint regarding threat (D. J. Bernstein) - 2025-02-20
Response - 2025-03-18

Summary

The IESG received an appeal from Daniel Bernstein on February 20, 2025. This is a “re-file” of his prior appeal filed on December 15, 2024 (the “original appeal”).

Since the reason for this appeal appears to be appellant’s dissatisfaction with the original appeal’s handling by a Security Area Director on January 20, 2025, this second appeal is timely per RFC 2026, Section 6.5.4. The appeal to the Security Area Director was handled privately.

The Security Area Director overseeing the TLS Working Group, Paul Wouters, did not take part in the handling of this appeal.

The appeal is denied.

Procedural History and Original Appeal

On December 14 2024, the appellant was issued a warning about repeated instances of disruptive behavior on the TLS working group’s mailing list, under the authority given to working group Chairs by RFC 3934 (part of BCP 25). The original appeal followed.

In sum, the IESG declined to process the original appeal on procedural grounds, namely that the appellant had not followed the procedure defined in Section 6.5.1 of RFC 2026 (part of BCP 9), choosing instead to address allegations of a working group process failure directly to the IESG rather than to the responsible Area Director (“AD”) as prescribed. The IESG therefore directed that the appeal be re-addressed to the AD responsible for the Transport Layer Security (“TLS”) working group (“WG”), as the action being appealed originated with the Chairs of that WG, and thus the responsible AD is the correct first appeal step.

Notably, the original appeal included, as a basis for this procedural deviation, collateral claims of Conflicts Of Interest on the part of the ADs of the IETF’s Security Area. The IESG dismissed these claims on the basis of prior dispositive decisions germane to these claims by the Nominating Committee (“NomCom”).

Dissatisfied with the responsible AD’s disposition of the original appeal, the appellant has now amended and re-submitted this appeal.

Discussion

This appeal, as does the original, and to the extent comprehensible, presents a litany of issues across multiple venues, including some RFC citations applied ostensibly to support the appellant’s position while deprived of meaningful context. As a result of such presentation, this response may well be received by the appellant as unresponsive to some or even all of the issues under appeal. The remedy to this would be to restate the appeal concisely, observing restraint with respect to exposition and citation.

This subsequent appeal first claims errant application of subsections of Section 6.5 of RFC 2026 on the part of the IESG, accusing the IESG of, inter alia, “selective” citations and “shirking” its responsibility, “delaying” the outcome, ultimately resulting in a “mishandling” of the original appeal. These accusations expose a clear lack of understanding of how the Internet Standards Process works. It is plain from a reading of prior sections of RFC 2026, especially Section 6.1.1, that there are two phases of development of the IETF-stream RFCs, those being the WG phase in which the IESG is minimally involved, and the post-WG phase in which they are much more active. As none of the activity relevant to this appeal refers to a document that has been recommended for publication by the TLS WG to its responsible AD, the Internet Standards Process has not yet been invoked. As such, Section 6.5.2 is not operative for any part of this dispute. Rather, it is plain that Section 6.5.1 is effective, and the appellant’s assertions of “mishandling” are factually in error. Details of how working groups execute their part of the process can be found in BCP 25.

Throughout this lengthy appeal and its antecedent, numerous claims of inadequate process are raised, especially with respect to IETF antitrust procedure. IETF processes, as set out in various RFCs, have been assessed by IETF Counsel, specialists in SDO law, and multiple external antitrust counsel, and determined to be consistent with applicable antitrust law. The accusations that action taken as part of these processes is “a violation of the procedural requirements of antitrust law, such as the requirement of due process and the requirement of an appeals process” are not consistent with that determination. Moreover, WG Chairs and the IESG are tasked with execution of the IETF’s policies and procedures, are not empowered to render legal opinions about the compatibility of those policies versus civil law, and certainly do not have discretion to disregard or strike down those policies on that basis. Rather, any change to IETF processes to address claimed antitrust issues is the purview of the broader IETF community, and the appellant should – and, we note, has already – engaged more appropriate venues such as the antitrust mailing list with these concerns rather than persistently disrupting WG progress by prosecuting the issues there.

The appeal then enumerates a number of claimed “procedural problems” and “violations”. The most well-formed of these is an assertion that RFC 3934 (part of BCP 25), which lays out a process for suspending WG mailing list posting rights, was violated when a public warning (see supra) was sent to the appellant by the WG Chair without a requisite prior private warning. This claim neglects the provision in RFC 3934 stating that the private warning is required “[u]nless the disruptive behavior is severe enough that it must be stopped immediately [...]” Section 6.1 of RFC2418 (BCP 25) notes that “The Working Group Chair is concerned with making forward progress through a fair and open process, and has wide discretion in the conduct of WG business.” As in a separate recent appeal, we defer to this discretion. Moreover, irrespective of this deference, on direct review we find that the behavior being addressed by the WG Chairs was a discussion sustained by the appellant that the WG Chairs had already determined, with supporting evidence, was not appropriate for that venue. Therefore, in addition to deference to discretion, the IESG directly affirms the WG Chairs’ decision to issue the RFC 3934 warning.

There are a handful of other claimed “procedural problems” and “violations” that appear to refer generally to behavior of the WG Chairs and other participants that the appellant finds objectionable and which were not addressed to his satisfaction. Neither the original appeal nor this appeal included direct references to these incidents, nor were we provided with any evidence that attempts were made to address them under RFC 2026, Section 6.5.1 (see supra), which would render those actions ripe for appeal.

The appeal goes on to make a further assertion that the warning should be vacated because it was not labeled as a message from the WG Chair, to whom the appellant refers as a “dictator” and claims to have “arbitrary unreviewable power”. We find this both needlessly dramatic and unpersuasive, in no small part because this appeal and its response are part of such review. We conclude that while including an explicit “from the Chair” notation would have been preferred, it is typically understood by participants who the WG Chair(s) are and that their assertions regarding working group operation are done under that authority, so this notation is often omitted. Still, this defect does not render that warning invalid since such an admonition lacks potency unless issued by the WG Chair, and a warning from someone that is not the WG Chair would be treated as inappropriate. Furthermore, the identity of the TLS WG Chair(s) is a matter of public record, and thus easily discoverable. If this was something that needed to be confirmed, such tools are easily within reach.

The next claim appears to be an assertion that RFC 3934 itself should be considered invalid as it fails to meet the “procedural requirements of antitrust law, such as the requirement of due process and the requirement of an appeals process”. This too is unavailing given that the warning included a link to RFC 3934 which says explicitly that “[l]ike all other WG chair decisions, any suspension of posting privileges is subject to appeal, as described in RFC 2026”, and that this process was indeed correctly applied.

We come finally to the appeal’s assertion that a conflict of interest exists with respect to the Security Area Directors, that the IESG’s prior rejection of this claim in the original appeal suggests that the IETF is “fundamentally corrupt”, and cries foul that the NomCom’s deliberations are secret. The operating procedures of the NomCom are described in RFC 8173 (BCP 10), and we recommend a full reading of that document. Importantly, the deliberations of the NomCom are necessarily secret because the NomCom has access to personal and possibly sensitive information. The process by which it accepts feedback is an open one and well publicized, and we trust the appellant availed himself of the opportunity to have input to this process. Moreover, nominees are required to disclose their affiliations, experience, and usually opinions on contemporary topics of interest to the broader IETF as well as the specific roles for which they have been nominated. The IESG, furthermore, is required to re-assert or update those affiliations regularly. The affiliations, interests, and beliefs of the Security ADs were most certainly disclosed to the NomCom prior to their appointments, and the NomCom is routinely reminded that, inter alia, potential conflicts of interest are key considerations for their selection process. Finally, the slate of candidates appointed to the IESG by the NomCom are subject to further review, with necessary background, by the Internet Architecture Board (“IAB”). Thus, the IESG concludes that a general conflict of interest, if one exists, would have been identified by the NomCom and a different appointment would have been made, and they are moreover in a possibly more informed position about this than the IESG is itself. It would defy reason for the IESG to make a contrary finding, or to assert that duly appointed Security ADs must recuse themselves from all decisions related to cryptography. We therefore affirm our prior finding. If the appellant continues to assert that a conflict exists which he cannot overcome through the appeals process, he can seek to recall the parties he feels are conflicted, a process also described in RFC 8173.

Conclusion

The IESG determines the following:

  1. The TLS WG Chairs reasonably determined that the behavior being addressed was disruptive, and so application of RFC 3934 was within the discretion afforded them under BCP 25. The warning was properly delivered. Their decision is affirmed, and the warning is therefore upheld.
  2. RFC 2026, Section 6.5.1 is operative over the original dispute, as it relates to conduct within a working group and not specifically to decisions regarding development steps of a document as part of the Internet Standards Process. Working Group behavior is not anticipated by Section 6.5.2.
  3. The IESG affirms its prior finding on the topic of conflict of interest regarding the current Security Area Directors, and declines to intervene. Other remedies exist of which the appellant may engage.

Accordingly, none of the remedies requested by the appellant are appropriate. The appeal is denied.

The IESG observes that this appeal, and the numerous threads that have led to it, have cast a shadow over an otherwise productive working group. The IESG urges both the appellant, and all involved WG Chairs and list moderators, to dedicate themselves to cooperative and productive engagement going forward.

The appellant may avail himself of his right to further appeal to the IAB at his discretion.