Wednesday Night Plenary * Welcome - Harald and Leslie Doing different split than usual - report Wednesday, listen Thursday Attendance - smallest IETF since 1997, 1211 attendees far fewer countries than Vienna - 29 vs 40 severe visa problems for many contributors 256 companies Kudos for the NOC who chased down ad hoc nodes Next meeting in Korea, hosted by Samsung, organized by KIEF, Feb 28-March 5 Summer and Fall likely back in the US RFCs 3550-3645, DHCPv6, Diameter, Draft RTP, Security Considerations, many SIP documents, many others Finances don't look good, real income from meetings significantly lower than budgeted Secretariat staffing was reduced - less room for projects * Advisory Committee (ADVCOMM) Report - Leslie Daigle - IAB publishing documents - looking for input on Congestion Control for Voice Traffic, Internet Research and Evolution published RFC 3639, Security Mechanisms for the Internet, ISOC BoT Appointment Procedures - ICANN commentary on VeriSign wildcarding in .com/.net - Tony Hain appeal response Available on IAB website, IAB upheld IESG upholding AD upholding WG chairs... - IANA Report - John Crane Michelle is especially productive (headed for maternity leave) Have hired general manager at IANA and added staff New registry matrix available next week Testing workflow software Doug Barton joining IANA from Yahoo! - RFC Editor Report - Joyce Reynolds Mark Crispin - can I have nroff source back? Yes, and we are also accepting XML - don't start over! Charles Perkins - corresponding author for I-Ds approved for publication? People change jobs, or just disappear - what to do? Some authors have been removed by ADs because we can't find them - IRTF Update - Vern Paxson AAAArch - energy and work moving to GGF ASRG - may have reverse MX ready for IETF - Paul Judge stepping down, replaced by John Levine DTNRG - coupling ad hoc IP routing and DTN store-and-forward, documents ready for publication GSEC - still meeting IMRG - bandwidth estimation workshop coming up in December, designing protocols to aid measurement, packet sampling NMRG - SMIng publishing as Experimental NSRG - closing P2P - kicking off SIREN - stalled for problem statement SMRG - actively seeking members and topics RRG - new chair, Avri Doria, routing requirements draft MOBOPTS - from Vienna, research MIP counterpart Topics - loc-id split, DDOS defenses, network intrusion detection, security mechanism evaluation/testing - please send feedback to irtf-chair@irtf.org Melinda Shore - CFRG? didn't file summary, so don't have report, but still out there - NOMCOM - Rich Draves Watch your mail for incoming questionnaires... Still looking for nominations (noon deadline on Friday) nomcom@ietf.org, office hours at this meeting * Advcomm Report - Leslie Daigle participants were IETF-experienced, especially aware of the oral history of the IETF for data gathering part of the task 00 draft will be published after these plenaries, followed by final report and recommendations expect to shut down by mid-December this is NOT the reorganization effort, or the standards track change effort important support organizations aren't familiar to participants - CNRI, Foretec, USC/ISI, ICANN stress points - - informal - oral heritage of procedures and knowledge - institutional records stored across multiple organizations - manual labor and lack of coordination - negative trends in meeting attendence, hence revenue for IETF Top-down requirements, some currently met - stewardship - accountability, persistence and accessibility of records - resource management - clarity in relationships, budgetary autonomy and unity, flexibility in service provisioning, admistrative efficiency - working environment - minimal overhead and volunteer effort as our heritage, but maybe need service automation, tools Recommendations - administrative structure changes are required - IETF organization should be formalized Next Steps - report, wrap up ADVCOMM, collect comments Harald and Leslie Conclusions - IETF legal existence is irregular - good work by fellow travelers - not easy to get all this right - need to make it easier to get work done - proposing IETF and IAB chairs to run the process with support - is this OK? Scott Bradner - fuzzy "when appropriate" is fuzzy - can you clarify? - either do it at the plenary or fess up at a plenary - can't wait for a plenary for every decision, especially for detailed legal discussions - do we have the right level of accountability? - last call process used where appropriate Bob Hinden - generally supportive - need periodic status reports - not just a last call Pete Resnick - "fellow travelers"? corporate status a given? - No! Keith Moore - do we get to see the plan? - won't wake up one day and find out the IETF has been incorporated - yes, you will get to see the plan - there are parts we can only describe after the fact - most of the secrets will be personnel topics Eric Flieshman - incorporated in Norway, or elsewhere? - have to figure this out, don't know yet Graham Challice? - what if IAB and IESG disagree? - then we won't have consensus John Snitzler - conditions for retroactive notification? is plenary attendance a condition for participation? plenaries aren't transparent (posted agendas, etc.) - plenaries are important - we aren't a membership organization, so can't vote - we hear you, and recognize need for advance notification Tol Badge? - please explain proposals in words we can understand! we are an international body - as Norweigen and Canadians, we hear you * IESG Work on IETF Process - Ted Hardie, Margaret Wasserman, Alex Zinin A collective hallucination that doesn't lose money and works well together... Our mission statement was too long - maybe "we make the net work" Too many roles that fall to the same group of people - Edu team, AdvComm, Experimental/Informational review ... we can differentiate based on functions - need to support critical core value: cross-functional review more than just participating in a working group - IETF-wide last call, IESG review, WG "tourism" huge IETF resource is "off the books" - participants' time - need to ask for help as more than a general appeal to a large group - need to match management to change under consideration NEWTRK vs "Working Group Secretary for minutes production" John Loughney - who is "we"? IETF? IESG? you, plus help? IESG presentation was agreed by IESG, my drafts weren't - they were individual proposals Brian Carpenter - tools? is this EDU? don't forget it! no, different set of skills. IESG and non-IESG are working on this, but IESG isn't driving it. Margaret working from Problem Statement - management structure not matched to size and complexity of IETF - span of authority, workload, concentration of influence in too few hands We have more managers than we think - with inefficiently distributed authority and responsibility Increase authority and responsibility of WG chairs - focus now is moving AD authority and responsibility to WG chairs - other possibilities exist for the future Proposed changes - No WG document ownership handoff - Ensure document quality - Manage document production - Manage WG mailing lists Many specifics, including - document writeups for IESG review - managing document editors - suspend posting privileges of disruptive participants We think WG chairs can do some of these things now - reinforce this! WG chairs get more responsibility and more work. They have more control, though And a transition is required - not a flag day Scott Bradner - I-Ds have touched on some of this previously - WG chairs on review calls, etc. - have discussed this, but need help with logistics - too little discussion time for a document to make participation possible proposal is to patch 2418 - lots of other suggested patches, too - doing only this? - this is one patch, but other patches can be considered, too - just not tied to an open discussion 2026 also needs to be updated, if no document handoff takes place in new vision - yes, this is possible Keith Moore - can we read the draft? - yes, it's available ??? - shock treatment - what possibility for gradual implementation? - don't know yet - need a project plan John Snitzline - accountability of new WG chairs? Selection process for WG chairs? WG chairs tend to be advocates now... - no proposal to change how WG chairs are selected Dave Crocker - we have one month to review changes? - maybe it will take longer what do ADs do then? - my opinion - scope of IETF work and stds-track document approval current authority of some of these items is actually with the WG, not the ADs - we'll talk tomorrow Ed Juscoviscious - how close to full time is a WG chair job? - depends on the WG, have to delegate, too Mark Crispin - current system of checks and balances is being thrown out - how is new system established? - we're getting abuses today, according to the problem statement is there a vision about how problems are prevented? - only document written is an update to 2418 Bob Hinden - WG chairs have to resolve AD comments? this area needs more work - shepherding AD doesn't have authority to ask for discuss removal now... Jim Bound - why not POISED? - it's closed Alex speaking on Cross-functional Review Crosd-functional reviews today can be community or management - tends to be late in the process - leads to surprises and frustration - IESG review won't scale - expert groups not widely known - no general process support for early review Many reasons for early cross-functional review in problem statement document Transition likely to cover two IETF periods Discussion on Solutions list Scott Bradner - what's the real timeline? February is aggressive... - discussion period is short, transition is at least two IETF periods James Polk - concerned with each proposal - no reference to load on security area - we review every document - each area review team has a security person not enough language or appreciation for the amount of work required Melinda Shore - "make a decision" - what does that mean? - decision by IETF consensus * Harald - these proposals include "figure out what the proposal is, discuss with community, reach consensus, and then do it" Is the IETF a standards organization? Is the IETF making standards for the Internet, or for "what's on the Internet"? Is functional differentiation reasonable? What should we go after first? Is WG chair proposal right(er)? MUCH more work required for document review topic. ------------------------------------- Thursday Plenary * Insecurities at the Edge - Bernard Aboba, with help from friends - please think broadly! what should the IETF be doing? What additional questions should be asked? - International extortion threats over the net, exploiting security problems - The Internet is an ideal environment for the spread of epidemics, and the environment is taking us where we'd expect - Bernard presented anecdotal evidence for virus spreads (Blaster, etc) and longevity of infected and infecting hosts - Spam growth rate much higher after SoBig - not getting better - the end is not trustable - middle taking action to protect the ends? - authentication helps, but infected hosts may be authenticated - legal and economic forces interact, too - Dave Crocker has a taxonomy of control points - what should we be doing? - Studies, accountability, detection, epidemiology (post hoc) - "The attackers don't have to go through the IETF" - distributed attack, but no distributed defense - hard to deploy defenses - what will attackers/attacks look like in five years? no short-term fixes Keith Moore - lack of genetic diversity in devices being infected - not on the list now if vendors punt on the easy stuff, what can the IETF do? MIME prohibition against executing arbitrary content SPAM spread by viruses, so can't solve the SPAM problem until we solve the virus problem, but ... OS problems, not network problems Paul Hoffman - terminology would help, especially if the press can use it effectively Keith is right, viruses become spam vectors our terminology will keep us from helping anyone - need a doc for us and others Michael Richardson - MIME - what can the IETF do? We did something a decade ago, and it was the right thing evolution will take care of this problem did we do the wrong thing when we published MIME? All our prohibitions didn't matter - what do we do now? Eric Rescorla - we had a spam problem before viruses, and we'll have one after viruses - problem is bigger than that we have an end-to-end architecture, and we liked it. Is it killing us? Leslie - what are implications for the end-to-end model Ted Lemon - Paul Vixie proposed IP addresses for relays in the DNS - this would help kill SOBIG why didn't we do this? a lot of small solutions get proposed - what if there's no big solution? Bob Hinden - we haven't seen anything yet! lots of always-on, always-reachable devices - need more control themselves it's going to get worse Alan DeCot - I get a million delivered spam per day. Not a problem because no one notices - it's the common cold need pneumonia to get results - do something! Spencer Dawkins - could we use what we learned from .com DNS wildcarding to talk about MIME? but people aren't suffering yet Pekka Sarola - not biology, but microeconomics - what does it cost to respond? Focus on denial of service John Wroclowski - there are number of different problems, that's why we have different points of view and solutions we need terminology to do prioritization ??? - not always technical solutions to management problems - best defenses may be legal, political, social Dave Crocker - this is not one problem, but a range, with different participants accountable spammers and rogue spammers - we live in a different threat world - we've moved to New York City solution-rich environment, need to identify long-term solutions Itojun - lacking two things - ease of use by everyday people in security technologies and public key infrastructure ??? - spam and viruses are mail from strangers I didn't want to receive - not only commercial/religious/political/etc. still need to be able to accept mail from strangers Lee Gimaden - receiver has no way to slow down/stop a sender - how to shut up a host? Keith Moore - configuration management of access points that we used to rely on endpoints for * Rich Draves - Nomcom Chair - Randy Bush is resigning his position, so NOMCOM needs to fill an additional position in OPS - extending deadlines * Brett Thorsen - local network - LOTS of machines running ad hoc ietf58 - we think this is because OSes are trying to be "friendly" - 53 hosts at once - LOTS of infected machines - using a Penalty Box routing to nowhere - next time we'll do it sooner - external scans, controlled from routers - reports to 58crew - we read every one * Open Mike Session - feedback from yesterday's presentation - Harald - gotten some feedback already - IESG responding to community urgency from Vienna - were we overanxious? about schedules? "earliest possible time?" - Slides were proposals, not announcements of decisions - not trying to surprise the community, if we did, we blew it Directed questions from IESG session Melinda Shore - these are the wrong questions - there was no consensus in Vienna to kick this to IESG we have a problem with decision-making. we don't need the IESG to identify solutions, but to make decisions process is not open now, and that's exactly from the problem statement now! needs to be more participatory, more collaborative how to make decisions? if process is open and collaborative, I can live with majority decision, not consensus Charles Perkins - presentations last night were surprisingly good expanding participatory role of WG chair is a good thing IESG decisions on documents seem to be arbitrary and undocumented - will WG chair decisions be better documented? Can they all be as good as Russ Housley's document on security requirements for Mobile IP? Joel Halperin - no matter what process you use, you're gonna get grief for it, so you're doing just fine Margaret's document is very good - can you last call it after the meeting? EDU group help WG chairs to review for quality? David Perkins - meaning of words change over time - we are a technology invention body, not a standards body Susan Harris - IETF built on 15 years of collaboration for technical excellence - that's untouchable can't build trust quickly - we are so different from corporation-based standards bodies proposals yesterday were a network flag day-equivalent - can't do it with people proud of people, not proud of technologies build collaboration slowly, and shoot it quickly WG proposal was a poor proposal - who really wants to work at layer nine? cross-area review needs personal relationships to succeed Alex - we've been discussing for a long time - need to fix a flying plane and not crash it Harald - we're an Internet organization, and a people organization, too. Susan was right Eric - "I just want to do engineering, not politics" - but we're a 2000-person organization. 25 people need management Pete Resnick - concerned about moves to give more power to WG chairs. Don't need more power, need to use power they've got don't increase it! WG chairs as document shepherds is great - also helps with openness. ID tracker helps, but this would help more. WG chair is part of process that never gets appealed ("discuss") - be prepared! John Loughney - WG chairs - want to be more equal in getting a document approved, discusses removed, etc. most review proposals overlap - just need more accountability and interaction/feedback when I've collaborated with the IESG, that's been the best part of the IETF - make/keep it collaborative Thomas Narten - one critical difference in proposals is who review go to - please think about this Ted Hardie - WG chair changes role from being a reviewer to being an advocate - how does this fit in the WG environement? Keith Moore - first cuts at solutions needed to come from IESG - thank you! WG chairs managing document process is brilliant doubt about giving WG chairs more control - conflict of interest, maybe more appeals WG process needs help - we don't know how do to engineering *here* - charter to solution doesn't work Randy Bush - quality of documents? Eric Burger - we're always whining about how we need to change - we've gotten enough leadership to have a doc to shred! Maybe we could do the January-impossible - we're engineers we're getting to more normal levels of income and participations - let's make this work for us Steve Bellovin - not one of the drafts was draft-iesg! we don't have consensus and didn't try to get it these proposals are not the answer - we took our shot, now take yours Melinda Shore - Vienna looked like "we can't make consensus decisions, so now you have to" what about other (non-IESG) proposals? how are you getting participation? Brian Carpenter - we got an initial burst of enthusiasm for SIRs, but have now done seven reviews... needs weight behind it to succeed - needs to come from you Dave Crocker - not a lot of call for reviews - that's the critical thing. Rob Austein - IETF value-add is review of other people's stuff - we need management to make sure this happens Ted Hardie - we don't have a lot of tools to make this an open process, but we are planning to use mailing lists, both IETF and SOLUTIONS - if you have suggestions, please help out John Wroclowski - Lots of merit in Margaret's proposal, because it offloads IESG that is staggering, but overlooks how people work and how they are motivated people come here paid by sponsors, or at least on a mission where are the checks and balances? we're trying to engineer a political process, and that's not going to be easy document not ready for prime time yet Alex - not fair to ask WG chairs to ensure document quality and be fair? John - collaboration needs to be the expected goal what is motivation? Bernard - IESG is accountable to NOMCOM, WG chairs are not - this is a check/balance Harald - we have checks/balances in place that doesn't work well enough, but we aren't changing everything now Allison - document isn't complete, need to document more of relationships, expect ADs have more time for WG chairs Eric - issue John raised is important - social issues are the most important here - you get to help... John - there is a difference between incentives and checks and balances - when incentives fail, you use checks and balances Alex Kinder - had nightmares from presentations last night - WG chairs not elected, have names all over specifications already have lots of power - how neutral are they supposed to be? no term limits, ... where are the tools? Thomas Narten - in order for this to work, there's a culture change - clear expectations for role of WG chairs Ted Hardie - nothing in the current proposal about changing the way ADs choose chairs - but having two chairs helps Alex Kinder - two equal chairs from opposite camps is actually rare - more senior chair drives the process can violate the will of the working group Harald - good idea for chair empowerment? 60% good, 10% bad, 10% don't know - not consensus change document review - 50% good, 2 people bad, lots of people don't know if we can do only one? document review done first keep talking Ted Lemon - IETF has embarrassment of riches of really smart people, and that's a big problem too many competing proposals to solve the same problem - can't get consensus very pleased with what I saw last night, some problems, don't wait for perfection or consensus Ted Hardie - draft-hardie-alt-consensus - could you provide feedback? may need another tool in the toolbelt when we have to make a decision April Marine - both good and bad ideas! IETF is traditionally a volunteer organization, wouldn't exist without it not everyone out here gets the same level of support from employers as IESG/IAB - have the same problem finding candidates you're not the boss of me, and you can't tell me what to do, but you can? needs to be really collaborative can't be us/them - have to be we... if we forget about volunteerism, we'll have a big change Thomas Narten - not about offloading IESG, about making system work better and faster Alex - do you have specific suggestions? April - not sure it's possible - we're not looking at the fact we're running out of money Melinda - IESG got the token because our decision process is failing - we need to focus on consensus process next meeting is in Seoul, demographics depend on location, plenary is decision making body ??? what if we can't come to consensus? what then? need a comfort level in the process going forward Jonnes - liked yesterday's proposals - good step forward, take it as a baseline need accountabilities for WG chairs so we don't have the same issues one level down Pete Resnick - ADVCOMM - there is a problem, I agree. Is becoming a corporation a done deal? Have you talked to lawyers? is there another clever plan? Would we have corporate officers with responsibilities to the money? Not-for-profit might have other responsibilities (other than our purpose) - need to remain open, accountable to membership ... Rob Austein - don't want to be a guinea pig for a new form of legal entity... Bernard - we have to deal with money, but it's not our primary objective. If we don't deal with it, someone else will. Pete - because of the nature of the organization, we're going to be guinea pigs anyway... Harald - lots of organizations have aspects of weirdness that we have - we may not be as novel as we think "Ole Victorshawn" - proposals are in line with my thinking - implementation is harder than proposing WG chairs need help in their new role - prioritizing, for example Spencer - documents, not standards organization Mike Stamford? - how much additional work really? An hour per week? How many areas can we be attached to? look to generalists to help with review? I could be the entire review committee for one area... John Schnitzlein - our structure isn't scaling, but we're changing our process, not our structure we have a large, complex organization, full of people trying to work an agenda changing the workflow won't solve our problems don't take old fantasy of how WGs work and push it out, expecting things to work Ted Hardie - we proposed more structural changes than we presented last night. Please give us feedback. we need to look at the whole, we need to project a vision, we have to achieve it incrementally. John - don't blame the community for not reading enough drafts Ted - please help us change Alex - change process doesn't stop us from what we are doing John - need a design first ???? - power to the working group, not just the chair - let the chairs be part of the working group need to be more democratic - let the WG choose/replace chairs, etc. Harald - if we have elections, we have to have membership, so we have membership criteria (and don't put this on nomcom!) Ralph Droms - my internal pushback against the proposals last night - were any current WG chairs involved? Steve Bellovin - well, we have several WG chairs on IESG now... Ralph - process looked like you waited to involve us - first shooter gets to paint the bulls-eye target, so... James Kempf - community was involved in problem statement document. we responded to the problem statement Thomas - is this a design team fait accompli? Ralph - yes, the target is now on the wall Raj Patel - it takes so long to get anything done - everyone here has an agenda, so taking too long chases people away can't build consensus - too many smart people things have changed in last 3-4 years, and many people here started attending in last 3-4 years we have a proposal on the table - do we have to take a couple of years to discuss it? people are afraid of changing things Alex - we are trying to change standards track, improve quality, etc. what should we do if we can't achieve consensus? Raj - it's like writing code - every person's answer is different - let people review it, and then make a decision Harald - at least we have consensus that we ought to do something... John Wroclowski - assumption that we are actually a standards organization getting in the way of improving the Internet? Steve Bellovin - we're codifying a lot of existing code, and that's not good Greg Daley - WG chairs are really appreciated and doing mostly a really good job in some cases, they do a lot of technical work because no one else will interaction between chair-as-editor and chair-as-shepherd WG chairs get to see work done - will they enjoy shepherding work? Harald - if I had one wish for IETF, make it more fun Barbara Fuller - I spent 3 painful years at an organization that was grasping at its last dollar (ISOC) we now have .org, and things look better - let's look back here, at the IETF we had a cushion a couple of meetings ago, but the cushion went away last night's graph didn't track those numbers - what is our financial situation today? we're getting ready to do an international meeting, and traditionally we have lower attendance and higher expenses Harald - Foretec's forecast loss for this year is $400K - that's half the cushion we have left they forecast $120K next year. this isn't acceptable. ADVCOMM points out funding distinctions impractical and stupid Koreans have guaranteed money for expenses, but we don't have a guarantee for attendees Foretec won't go under in 2004, but this isn't good Barbara - we have 2004 to get our finances in order? Leslie - that's why we thought we needed to do ADVCOMM - and see expenses before we incur them don't know what will happen in 2005, could be a lot better or worse, so we do have a year Bernard - we have been consistently underperforming budget estimates, and organizations that do this tend to keep doing it knowing the situation becomes critical, and our organizational structure doesn't make this easy - there is no whole would like to correct this in some way before end of 2004 - need to build working capital before life becomes hard Barbara - just keep us informed - we all understand the people issues here and have a great stake in it Randall Gellens - analogies to technology are misleading - these changes are drastic, but changes are desperately needed three major areas of proposed change - we should go faster on one thing, slower on everything else prefer early and quality document review - don't do everything at once Donald Eastlake - surprised at scope of changes, too much chance of chaos, pick high runners not afraid of WG chair changes proposed never had an employer direct my work here (except one who wanted an interoperable protocol) Dave Crocker - 11 years ago we had a revolution, but it was really small - nomcom and time limits, moved a decision process that was all of the Kobe revolution - the scope of proposals yesterday is stunning - don't throw them all away, don't do them all at once - any change has unexpected side effects, and most of them are bad what are the pieces? bite-sized? manageable-sized? do thing that make us work better some pieces aren't well-understood - not even sure who supports them Randy Bush - this organization isn't under financial control - getting real numbers isn't possible we're not even a real organization. this needs to be pursued James Polk - size of proposals was scary. agree about unexpected effects. membership to make nominations to nomcom? poll the group out here, instead of silence? poll nomcom-qualified participants? Leslie - in Problem Statement context? James - putting 11 drafts forward, can't focus on Problem Statement with that load Leslie - not enough input from the whole community? wasn't Problem Statement that? James - but they didn't solve the problems? Leslie - clearly, but proposals addressed specific Problem Statement sections we're trying, but we're not there yet James - didn't see consensus in the room at 10:00 Randy - restart POISED? (but no one remembers it) Rob Austein - from Problem Statement, don't know what the goal is. People going the same direction, but not the same place we don't have a unified sense of purpose James - same problems year after year? (several) probably Harald - we're getting closer James - probably Harald - suggestion is interesting Ted Chown - increased responsibility in WGs is a good thing - use more WG chairs? Scott Brownberg(?) - support last night's proposals, especially cross-area reviews - would like to help with tools Ted - don't forget to talk to NOMCOM - please help Rich and his team build our team Steve Bellovin - not only hire-and-fire - also feedback Harald - same sentiment as Atlanta - changing airplane engines in flight, so do it carefully we had some of the right ideas, but need to prioritize as a community (what's important? what's safe?) it's the community that does the work - the leadership needs to make this easier community needs good technology, good standards going back to the IETF list and SOLUTIONS list (solutions-request@alvestrand.no) if we can't find rough consensus, we can figure out what makes sense we can't *not* act, we'll do the best we can