A 100.000 foot perspective on "what is the problem"

[Theodore Ts'o]

On Mon, Dec 16, 2002 at 08:33:55AM -0800, Randy Bush wrote:
> > The experience in midcomm sounds more like a certain amount of
> > resentment that some architectural clue was forced into the
> > process rather late in the game.
> 
> the clue was sent early and repeatedly, the force came later, as it
> seemed necessary to get it to penetrate the group beyond the chair
> and a few with clue.
> 
> > Perhaps if we had a way to introduce architecture earlier, and
> > the process was normal rather than being an exception, it would
> > help.
> 
> send dmso equivalent for architectural clue, restraint, ...

I can think of other examples were attempts were made to inject
security clue into various working group early on, which were rejected
by the working group.  (Get out the way so we can ship product.)  

Part of the problem is that we don't seem to have any kind of "stick"
to use besides outright rejection or delay of the draft by the IESG,
at which point some AD gets made out to be the bad guy.  It really
gets bad, if (for example) the applications AD isn't willing to
threaten to fire the working group chair, or disband the working group
(which realistically are the only levers even the home AD has to
discpline a wayward working group), just because some security weanies
are complaining that they aren't getting heard.  Then when a security
area director votes "discuss" on the document, it's very convenient to
blame him or her for delaying the draft.

(Of course, the PACT document will solve this by simply not allowing
another AD from blocking a draft.  So in the case where some future
applications AD doesn't care about security, they will be able to ram
a document through the IESG over the security AD's objections, unless
the security ADs' can muster a near unanimous objections from all the
other IESG members.  This is a feature?  I'm not convinced....)

But I digress.  The central point I want to make is that we need to
take into account both cases where the working group is genuinely
interested in doing the best job it can do, adhering to the internet
architecture, and producing quality work, as well as working groups
where the core constiuency (and it might be from the telephony
industry, or it might be folks are certain that their office
productivity application will always be used behind a firewall) are
actively hostile to parts of Internet architecture, and are used to
working in arenas where they can simply ram a standard through while
ignoring advice from the experts (and in the 802.11 WEP case and the
DVD CSS case, they did have compentent advice from security experts,
telling them that their crypto was fucked well before the relevant
standards was finalized and published; those experts were just
blatently ignored).

The argument has been made that if we don't accomodate people who want
this, they will simply move to other forums.  I suggest that there are
plenty of forums (both standards bodies and industry consortia) that
crank out standards such as 802.11 WEP and DVD CSS, and if we lower
the bar too much, we will simply be going into that market niche, and
it's one which is well filled already.  :-)

					- Ted