"Adult supervision"
Bound, Jim
Jim.Bound at hp.com
Tue May 6 15:06:13 CEST 2003
.
> >
> > But what I am asking is pretty simple. Use language that
> is clear and
> > direct in response to ideas in the IETF community, and
> defend them as
> > we all have to do. This is completely orthogonal to your
> mail below.
>
> no, I don't think so. what is clear and direct to an AD is
> often taken as capricious and unsupportable by WGs. and it's
> completely infeasible to expect an AD to defend every bit of
> direction in detail.
No one is asking for that. Saying this will kill the Internet and
nothing else is totally unacceptable though without more context. That
is not a request for a lot of work.
> >
> > Yes. Recall my mail here on that we must chase out assumptions in
> > addition to the problem statements we are doing now. No
> one picked up
> > on this here but we must have discussion of assumptions
> prior to work
> > that is controversial or compromise is not evident in
> time-to-market
> > time frame.
>
> so you'd prefer to delay the group's work for several years?
I do not think flushing out assumptions will take more than 1 month on a
mail list if directly asked.
>
> > > In about 90% of cases I suspect you'd agree that the IESG
> > > member's concern is valid, though perhaps not expressed as
> > > well as it might be, and the constraints imposed might be
> > > either overbroad or insufficient to address the concern. (of
> > > course, the other 10% is a problem...) But from personal
> > > experience, getting agreement on a document that outlines the
> > > concerns and constraints around a thorny issue can take
> > > several years - even when there's a general agreement that
> > > the concerns are valid and that some constraints are
> > > appropriate. For this reason I'm firmly convinced that ADs
> > > need to have fairly broad discretion to make tactical
> > > decisions about things that affect the Internet. But I'd
> > > also like there to be some way to deter ADs from being
> > > entirely capricious.
> >
> > I agree with the above. But in their communications they
> need to make
> > it clear in depth what they want.
>
> I remember telling one group about security: "you need to
> understand and document your threat model and select
> authentication mechanisms that are sufficient to ameliorate
> those threats. and it's not acceptable to assume that the
> local network is trustworthy, or that your servers are not
> accessible from the public Internet." They told me that was
> arbitrary and capricious and lacking in detail. I realize
> this seems odd, but I don't view the AD's job as one of
> designing the security mechansisms in their WG's protocols
> nor of writing the security considerations sections in their
> documents. It's the WG's job to understand the requirements
> and to obtain the necessary expertise to solve them.
The example you give above is acceptable for me anyway.
>
> > > a. the affected party asks the AD for a formal statement of
> > > the constraints
> > > and the reasons for them, copying the IETF chair
> > > b. the AD is expected to reply within a reasonable amount of
> > > time c. if the affected party still doesn't agree, he/she can
> > > appeal to IESG and
> > > if necessary, to IAB.
> >
> > Agree but there is an issue before this process during WG
> > deliberations. Ted L. and my issue on this thread can
> happen in a WG
> > meeting or even in a hallway.
>
> that's when you say "I need this in writing". and if the AD
> doesn't provide it, then you send a mail to the iESG as a
> whole. cc the IAB if necessary. or
> even the IETF list. make it sufficiently visible that it will
> get dealt with.
Yes and this is what I do. But a statement about using cliches and
bullshit answers to working groups as AD should somehow be weasle worded
into some formal statement.
>
> Keith
>
More information about the Problem-statement
mailing list