Re: recourse if our rules are violated?

[Frank Ellermann <nobody at xyzzy.claranet.de>]

todd glassey wrote:

>> Nothing, only the status line on the front page can be changed.

[[ Harald corrected that already:  the status can be changed,
   but not the status line on the published RFC front page. ]]

> And this is why the IETF becomes liable for each and everything
> it publishes, because it has no Take Down Policy or method of
> enforcing one

I don't see that, it's like a newspaper, once published you can't
undo that.  You could only promise to never publish it again.

> it is responsible for the publishing of the content it publishes

The IETF might have to do something about violations brought to
its attention.  Wrt IPR it explicitly solicits feedback in those
long and boring boilerplates in any posted I-D.  And there's a
procedure to publish 1st + 3rd party IPR claims, Simon has just
tested it for SHA, you can check the effect on the IETF IPR page.

There's nothing more that could be done with RFCs once they are
published, they are immediately copied and redistributed by
thousands of mirrors and individual collectors.  It's impossible
to undo that.  It's only possible to publish a better document,
stating that the old document turned out to be a bad idea, with
an "obsoletes RFC NNNN" or "updates RFC NNNN" hint on its front.

> analogy here - Its the Sale of the Gun argument... I sell you
> a gun I (stole, built or bought for resale) and you go out and
> shoot someone with it... Who is responsible for the Guns Use?
> Me or you?

In my country there's a chance that it's also you, not only me.
Comparing RFCs with guns isn't much better than my comparison
with donated cookies, it leads nowhere.

> who is liable for those damages (me for submitting the stolen
> gun to you or you for replicating the gun and making it freely
> available as a 'gift from you - again the IETF in this case???).

You have to promise that the RFC is not stolen.  And anybody who
thinks that it's stolen or otherwise harmful, no matter what you
say, is invited to state this.  Publishing an RFC takes about
three years, there's a realistic chance to find problems with it.

At some point you've to "let go gracefully" and hope the best,
otherwise you would wait forever for wild and wonderful problems.
Check out <http://tools.ietf.org/html/rfc4677#section-8.2>

Your concept of the IETF is IMO clearly wrong, it's no company.

Nobody can "invest time", and then sue if this doesn't work as
expected.  They can "donate time", letting some of their staff
contribute individually.  They can sponsor travels to meetings.
They can admire the effect of the <organization> element on any
I-D posted by their employees.  And more important others will
admire it.  They can stop to donate if they're not happy with
the effect.  If they want something else or more they probably
confused the IETF with Unicode.org, the W3C, ECMA, or what else.

> I think the IETF is also liable for the profits against the use
> of that same information and any derivatives thereof, and ISOC
> is where that damage claim money is coming from.

You could try to sue them for intentionally causing harm.  IMO
your chances would be zero, you'd have to explain why you didn't
state your concerns in time, why you didn't use your right to
appeal decisions, why you didn't post a "better" Internet Draft,
the works.  It's obvious when folks prepare to go this way, and
that's why there's a point "1F" in the questionnaire.

> Simply put , if the individual assigns any and all rights to the
> submission to the IETF then the IETF is publishing 'its own
> property' and not the property of the person that submitted it.

"Any and all rights" would be a rather short "inbound rights" I-D,
the version I've seen was somewhat longer.

> the IETF also has a legal responsibility to exercise due care in
> republishing that IP so it can respond to nefarious or policy
> violations in the IETF process

"The IETF" is a community of volunteers without clear membership
for most contributors.  A proper subset of that are the folks who
went to 3 of the last 5 meetings, thereby becoming eligible for
the NomCom lottery.  Another proper subset (in practice a subset
of the second subset) are the folks appointed to be ADs etc. by
the NomCom.  Nobody in this community is "legally responsible" if
I post a nefarious draft (i.e. nobody but me).

It's a mere courtesy of the secretary that they add a blank in
the subject of draft announcements where they feel that this is
considerably worse than the average.  And they're not forced to
check this, with the new automatical tool nobody will check the
content as long as it's formally an Internet Draft without nits.

Of course the IETF procedures allow a "Do Not Publish" (as RFC)
decision for say using a single bit to count "", "0", "1" => 3.

I think there's no serious problem to remove nefarious I-Ds from
the IETF repositories when that's necessary.  If somebody else
already copied it, too bad.  And in practice thousands will have
copied it, worldwide, among them Googlebot.

> What we need are rules and processes that are both transparent
> and open and fair.

BTW, did you note that an additional "note well" page behind the
mailing list link on the main page was inserted, after you made
a fuss about the "note well" acceptance ?  One click more... :-(

Frank



_______________________________________________
Ipr-wg mailing list
Ipr-wg at ietf.org
https://www1.ietf.org/mailman/listinfo/ipr-wg