To me, it's actually more amazing for the things that didn't happen.
Consider:
One reason for the relative peace and quiet of this session may be the short time since the last meeting: Only 3 months, with a large hole in the middle labelled "holiday season"; the number of groups that didn't have all the intended drafts out before the meeting probably exceeded those that did, and the last-minute flurry of I-Ds was even more dense than usual.
This was also the "changing of the guard meeting"; 6 members of the IESG and 6 members of the IAB had terms that were running out, and new candidates were being placed in the slots, including the IESG chair, by the Nominating Comittee.
More of this later.
Some claim that anyone wanting to be renominated for the IESG is a raving lunatic, but still, a fair number do.
The following replacements were made:
Terms run for 2 years, so only half the team of each comittee was up
for possible renomination.
All others continued as before.
Now that the storm is over, the rest of the network management area seems to be waking up; multiple sessions were held, including beginning work related to application management; the "applmib" WG, the "madman" WG and the "httpmib" BOF relate strongly to "upper layer stuff".
However, there is another movement in the shipment of products to disregard SNMP altogether for application management and just ship equipment with builtin HTTP servers; what could be simpler than finding the status of a printer's paper trays in a Web form? (Well, if you had 1000 of them to manage, life might not be so simple....) Anyway, it's time and beyond time to get the issues surrounding application management out on the table.
However, getting from knowing how to do it to the point of getting
everyone to agree that it should be done that way is proving a hard,
hard struggle; PEM, MOSS, S/MIME and MSP are just a few of the
acronyms being hurled like hand grenades across the battlefield,
together with ElGamal, RSA, IDEA, RC4, Triple-DES and the NSA
bogeyman, with the export control rules being everyone's favourite
target for throwing ripe tomatoes.
It's a mess, and shows little sign of growing cleaner.
However, a few bright lights in the wilderness:
Go figure.
The net result of some rather incredible verbal exchanges seems to be
that the IPSEC WG now has no document edited by anyone called Simpson.
The basic property that they have two competing proposals (SKIP and
the Diffie-Hellman based model, now called "Oakley") hasn't changed,
however.
In this case, 2 may be less than one.
The good thing is that the stuff is implemented, and seems to work: Given two entities that have never cooperated before, they can now set up a secure channel that cannot be tapped, and that can then be used to exchange information needing this protection.
The IP security framework hasn't solved the basic question of WHY you should trust this random stranger, of course; that is left to other parts of the puzzle.
These other parts include the DNS Security (storing key information for hosts, signing zones and lots of other stuff), certificate formats (SPKI - the Simple Public Key Infrastructure - is now an official competitor to the X.509-based PKIX effort) and trust webs.
This ain't easy, and it's only getting worse. AND - "everyone" agrees that this is "critical to getting commerce on the Web", which translates to "everyone with a patent in the area is making maximum trouble" - to make a bad situation worse, add money.
Consider the World Wide Web Consortium, which is not a standards organization, and wholeheartedly supports the IETF standardization efforts, but nonetheless insists on finishing its proposals for standards and asking their members to implement them before suggesting that they should be discussed in the IETF.
Or consider Microsoft and Netscape, who will both claim support for HTTP/1.1 and HTML/3.0, even before the IETF has reached closure on what is going to be in that standards, but with only a few people, if any, in the Web groups.
Or consider the rising star of the Web firmament, Sun's Java, which was literally nowhere to be seen in the standardization activities, including the "agents BOF", but nonetheless claims that its product will be an "Internet standard", whatever they mean by that.
But a good many people were there, and with lots of proposals for further work. And perhaps we even got some progress made....
Anyway, the promises made by the main Web groups were:
I am not terribly optimistic about standardization in such a field. Standards take months to make, may take years to get agreement on, and even then may fail in the marketplace, while products that are 6 months old on the Web are regarded as "hopelessly old-fashioned". Go figure.
But we're working on it, and we're making progress. That's the optimistic view of things.
See you on the front lines....