Date: 13 Dec 2000 18:13:51 -0000 Message-ID: <20001213181351.20339.qmail@cr.yp.to> From: "D. J. Bernstein" To: iab@isi.edu Cc: djb@cr.yp.to Subject: Re: namedroppers mismanagement References: <1744373768.976701949@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Once again: My complaint is about every Bush/Gudmundsson/Narten/Baker incident described on http://cr.yp.to/djbdns/namedroppers.html. The text of the web page, without links to the relevant email, appears below. I realize that the web page is a few hundred lines long. That is because there have been many troublesome incidents. I am not going to withdraw my request that the IAB respond to every incident. If the IAB ignores some or all of the incidents, as Narten and Gudmundsson and Baker have done, then I want that fact to be clear from the record. If, on the other hand, the IAB honestly reviews each incident, then why shouldn't it report the results of those reviews? Klensin's summary of my complaint is horribly inaccurate. For example, he talks about mailing lists ``moderated to eliminate inappropriate materials, including spam and off-topic postings,'' even though Bush's censorship of _on-topic_ postings is a major theme of my web page. I suggest that the IAB find someone more competent than Klensin. ---Dan Management of the namedroppers mailing list Background The DNS protocol is covered by various IETF specifications. Unfortunately, obeying those specifications is not sufficient to ensure interoperability with BIND, in part because the specifications are ambiguous or otherwise flawed, and in part because BIND violates the specifications in many ways. These facts have hurt competition, and contributed to BIND's market share, at the expense of the users. For example, one site using lbnamed, a special-purpose DNS implementation, has had interoperability problems with BIND, and has been planning to abandon lbnamed in favor of BIND, even though this means giving up some useful features. In late 1999, after yet another BIND security hole was announced, I wrote a free BIND replacement. Interoperability among DNS implementations is, of course, essential. I found the IETF specifications horribly inadequate. The namedroppers mailing list IETF carries out its DNS protocol standardization activities within the DNSEXT working group. The DNSEXT mailing list is namedroppers@internic.net, also known as comp.protocols.dns.std. ``Within the scope of this WG are protocol issues, including message formats, message handling, and data formats,'' the DNSEXT charter says. Several specific issues have been identified as work items, but other DNS protocol issues remain clearly within the charter. In particular, namedroppers is obviously the right forum for implementors to discuss current and future DNS interoperability problems. Unfortunately, namedroppers is being run in a way that slows down, and sometimes prevents, public communication among DNS implementors. Messages to namedroppers are not forwarded directly to subscribers. They are first sent to Randy Bush. They wait for Bush's review. Bush discards, edits, or misdirects messages that he doesn't like, and passes along what's left. Here are some specific examples. Many of these incidents involved opsmail.internic.net, which used some painfully slow, creaky, obsolete software to distribute messages to subscribers. * 1998-12: Bush discarded a message from Richard Sexton commenting on a proposed extension to MX records, a DNS protocol element. * 1998-12: Bush edited a message of mine, unilaterally removing a paragraph at the top that asked why opsmail was so slow. How is someone supposed to find out what the namedroppers subscribers think of how the mailing list is run, if complaints to the list are censored? * 1999-01: Bush discarded a message from Richard Sexton about client interpretation of the AA bit, a DNS protocol element, by NSI, the operators of some well-known DNS TLDs. * 1999-12: Bush discarded a message of mine concerning yet another DNS protocol violation by BIND. ``This belongs in bind-users@isc.org, not namedroppers,'' Bush told me, incorrectly. * 1999-12-31: opsmail finally sent a message that it had received on 1999-11-04, nearly two months earlier, to a namedroppers subscription address that had been removed from the list on 1999-11-25. * 1999-12-31: I sent an urgent message to namedroppers attempting to confirm rumors of a DNS server bug that, if true, would have been triggered on occasion by my new DNS cache. Someone else sent a message to namedroppers 14 hours later, and then another message 4 hours after that; 12 minutes later, Bush sent those two messages to opsmail; several hours later, opsmail finally forwarded the messages to me. A day later, I asked Bush why my message hadn't appeared yet. He finally sent my message to opsmail three days after I had sent it. I saw a copy from opsmail several hours after that. * 2000-01-12: I sent another message to namedroppers pointing out a security problem that I had described on bugtraq, and asking DNSEXT to fix the relevant RFC, which had been co-written by Bush. My message never appeared on namedroppers. Bush didn't send me an explanation. I learned much later that Bush had deliberately misdirected my message, sending it to the dnsop mailing list. * 2000-01-28: I sent a message to namedroppers pointing out how Bush's censorship activities had biased DNSEXT discussions, and a message to namedroppers criticizing Bush's unilateral statement of the namedroppers scope. These messages were direct responses to recent namedroppers messages, the first by Thomas Narten, the second by Bush. Bush sent both messages back to me, without saying explicitly what he had done with them. * 2000-02-20: I pointed out on namedroppers that thousands of system administrators were using dotted-decimal domain names in MX records. There was some discussion on namedroppers. Rob Austein and Bill Manning asked for evidence; Bush claimed that he couldn't find even a single example ``in almost twenty thousand zones secondaried here from all over the world.'' A few days later, I sent survey results to namedroppers showing that there were approximately fifteen thousand second-level .com domains with dotted-decimal domain names in their MX records, usually with no other MX records. My message never appeared on namedroppers. ``Please report bugs in peoples zone files to the people with the bugs, not namedroppers,'' Bush told me. * 2000-02-21: Bush discarded a message from Dean Anderson supporting expansion of the MX protocol definition to allow dotted-decimal domain names. * 2000-02-23: I sent another message to namedroppers objecting to Bush's censorship. Bush discarded my message. * 2000-03-12: I sent a message to namedroppers asking about DNS query transmission strategy. Bush wrote back: ``if your question is about the protocol, then fine. if it is about how the dns operates and how folk's implementations effect that, then post it to the mailing list for that implementation or to the dnsop list. i.e. keep your bind bashing off this list.'' I responded: ``My message asks about an efficiency problem in the DNS protocol, and gives some illustrative examples. Are you going to pass my message along to the list, or not?'' Bush discarded my messages without further comment. IETF review 1998-12-03: I sent a message to the IESG and a few other people, describing two of the incidents listed above. I didn't know who was responsible. I asked whether the IESG was aware that this sort of thing was happening. I also asked whether all previous subscribers were aware of it. ``There was some discussion some time ago when spam started to be a problem,'' Robert Elz said. But what actually happened, according to namedroppers archives, was that Bush responded to some spam in 1996-04 by unilaterally restricting the mailing list. He said, at the time, that he would reject ``just the spam and administrivia.'' There is no evidence that the IETF DNS working groups ever approved of Bush's censorship of on-topic messages. ``Randy Bush and Mark Kosters jointly moderate namedroppers, just to keep spam out,'' BIND maintainer Paul Vixie said. That's consistent with what Bush claimed on the mailing list in 1996, but it's not true. What Bush did was not ``just to keep spam out,'' but to actively and deliberately bias the mailing list discussions. I requested (twice) that the IESG stop using censored mailing lists for standardization activities. Scott Bradner told me that the IESG had discussed my request, and that I should be receiving a formal response from the IETF chair. I never received any such response. However, I decided that I had made myself sufficiently clear, and that I wouldn't press the issue unless I saw evidence of continued misbehavior by Bush. 1999-12-19: Unfortunately, the incidents continued. I sent another complaint to the IESG. ``The IESG recognizes that the moderating of IETF mailing lists is a sometimes necessary and appropriate tool to help manage WG activities,'' Narten said, ignoring the facts of the case. He told me to complain to the two WG chairs: Olafur Gudmundsson and Bush. 2000-01-08: I sent a complaint to Gudmundsson, with a copy to Bush. Gudmundsson sent me a useless response two days later: * He didn't address Bush's removal of Sexton's two messages. * He didn't address Bush's censorship of my complaint about namedroppers operations. * He didn't address the broader issue of Bush deliberately biasing namedroppers discussions. * He repeated Bush's incorrect claim that my second message was ``off topic.'' * He characterized Bush's massive delay of my third message as ``out of order due to moderation errors'' and said that this ``must be tolerated as long as there are moderators.'' He then advocated ``security related censorship'' and said that my message should have been discarded. Most revealing was Gudmundsson's final remark that he had an ``agenda'' for DNSEXT and would not tolerate ``disruptions.'' Evidently he thinks that fundamental interoperability questions and suggestions from a new implementor, all clearly within the DNSEXT charter, are ``disruptions.'' I explained my interoperability concerns to Gudmundsson. I asked him to obey RFC 2418, section 3.2, which allows working groups to consider mailing-list controls but requires IESG approval of those controls. I asked him to reveal Bush's activities to the working group. In the next five days, Gudmundsson sent several messages to namedroppers within his ``agenda,'' but he didn't respond to my message. 2000-01-15: I sent a complaint to the area directors, Erik Nordmark and Narten. I didn't receive a response. 2000-01-20: Gudmundsson announced that namedroppers would be moving to ops.ietf.org, another name for Bush's machine psg.com, in a week. (psg.com is slow by modern standards, but not as slow and hopefully not as fragile as opsmail.internic.net.) Gudmundsson still didn't mention this web page. I noticed that the obsolete software on opsmail had been configured with a namedroppers-outgoing address that would allow anyone to send a message directly to the subscribers, without Bush having a chance to censor the message. It was clear that this opportunity wouldn't last. I sent a message to the subscribers, pointing out this web page. The responses included evidence of further misbehavior by Bush. Meanwhile, I sent a complaint to the IESG. ``Some of the incidents were caused or exacerbated by software problems, which the WG chairs are finally attempting to fix,'' I said. ``However, most of the incidents were selectively and deliberately caused by one of the WG chairs. The other WG chair has made clear that he is not going to fix those problems.'' I explained that I had already contacted the area directors without receiving a response. ``Your complaint was received by the Internet ADs over the weekend,'' Narten wrote. ``We are currently evaluating the complaint and developing a response. You can expect to get a more detailed response by sometime next week.'' ``What's taking you so long?'' I asked. ``Why don't you say what you think right now? This isn't some tricky technical issue. It's simple abuse of power by an IESG agent.'' I also asked whether Bush's behavior had already been approved by the IESG. There was no response to these questions. 2000-01-26: Narten (apparently also speaking for Nordmark) sent me a useless response, which arrived from opsmail 17 hours later: * ``The Internet ADs are aware that the mailing list is moderated and support the chairs efforts in keeping WG activities focussed on WG chartered deliverables,'' he said, ignoring the fact that my messages are clearly within the DNSEXT charter. * One of my messages was ``rejected as off-topic,'' he said, again ignoring the fact that the message was clearly within the DNSEXT charter. * I should have been notified when another message was ``forwarded to dnsop,'' he said, ignoring the fact that Bush had censored my message from namedroppers. * He explicitly refused to consider the 1998 incidents ``due to statue [sic] of limitations considerations,'' ignoring the fact that the IESG had ignored my complaints at that time, and ignoring the fact that Bradner had promised me a response that never came. * He characterized Bush's massive delay of my third message as ``lack of timely approval of a posting'' and said that this was ``inevitable with a moderated list.'' * He didn't address the problem of Bush acting without DNSEXT approval, and apparently without IESG approval, in violation of RFC 2418. Narten didn't explain why this content-free message had taken him so long to write. I sent yet another complaint to the IESG. I received no response. 2000-02-02: I sent a complaint to the IAB. IAB chair Brian Carpenter refused to consider my complaint ``until the IESG has responded.'' He added that ``responses to appeals generally take one to two months to prepare.'' I explained that the IESG had already had ample opportunity to respond, and that Bush was blatantly violating RFC 2418 if the IESG had not already approved his censorship. Carpenter again refused to consider my complaint. 2000-02-04: I sent a complaint to the ISOC board of trustees. ``Executive summary: The IAB/IESG/IETF standardization procedures, as written and as used in practice, fall far short of the requirements of United States antitrust law,'' I wrote. I gave an example of misbehavior by Bush, an example of a misbehavior by John Klensin in another working group, and pointers to details of other incidents. ``My complaint is not merely with the behavior of these people, but also with the procedures that have allowed such behavior,'' I wrote. I explained some of the FTC requirements on standards organizations. After ISOC president Don Heath sent me a useless response, I sent a second message to the ISOC board of trustees. ``How many years do I have to wait before you engage in the review required by RFC 2026?'' I asked. Heath did not respond. RFC 2026, section 6.5.3, specifically requires that Heath ``advise the petitioner of the expected duration of the Trustees' review'' within two weeks; Heath did not do this. In fact, it appears that the ISOC board of trustees is completely ignoring the RFC 2026 requirements to review this situation and report to the IETF. ``The ISOC Board is a nonentity,'' one board member wrote to me privately. ``It won't fix anything until it is forced to.'' 2000-10-11: IESG chair Fred Baker sent a response to the complaint that I had sent IESG eight months earlier: * Baker finally answered my questions on whether the IESG had approved Bush's methods of controlling the namedroppers mailing list. He found no evidence of approval before my December 1998 complaint; obviously Bush was violating RFC 2418, section 3.2. By December 1999, however, the IESG had approved namedroppers moderation ``in order to reject SPAM & other postings unrelated to WG,'' which of course does not excuse Bush's behavior. * Baker failed to address Bush's censorship of on-topic messages. He didn't claim that the messages were off-topic; he didn't claim that censorship of on-topic messages was acceptable; he simply didn't respond. * Baker failed to address Bush's massive delays of some messages. * Baker failed to address Bush's censorship of my complaints about namedroppers operations. ``Problems with moderation can be dealt with through normal IETF processes,'' he said, ignoring the fact that the normal IETF process is for subscribers to openly decide their own list policy. * Baker failed to address the broader issue of Bush deliberately biasing namedroppers discussions. Baker also announced a policy on mailing list censorship: * The policy requires that the Area Director ``approve of a list being moderated.'' Apparently the IESG is trying to evade its responsibility under RFC 2418, which has a much stronger requirement: the methods of mailing list control ``must be approved by the AD(s) and the IESG.'' * The policy prohibits ``selective editing of messages to remove off-topic content.'' Unfortunately, it implicitly allows other forms of editing not authorized by message authors; it says that this ``should'' not happen but doesn't say ``must.'' * The policy says that the group ``should be kept informed of a mailing list's moderation policy.'' How many subscribers are aware that Bush has been hiding on-topic messages from them? More importantly, why are censors being allowed to operate without prior approval by the subscribers? 2000-11-15: I sent another complaint to the IAB.