Trusting the IESG to manage the reform process (was:Re:Doingthe Right Things?)

Eric Rescorla ekr at
Sun Jun 8 19:36:17 CEST 2003

Randy Bush <randy at> writes:

> > The IESG held TLS for nearly a year because they insisted that
> > their be a mandatory algorithm and that it be DH/3DES/SHA.  No
> > other group of 13 people in the IETF could have done that, no
> > matter how big a stink they raised. In point of fact, 2 or 3 ADs
> > could have done this.
> false.  the authors could have.  the editor(s) if they existed
> could have. 
In this case, the editors wanted something different. But 
you're wrong about what they could have done. Editors have been
removed from documents based on WG consensus before. 

> the wg chair(s) could have.  
The chairs are again subject to WG consensus, and occasionally
do get removed for this kind of thing.

> respected members of the
> security directorate could have.  ...
There was no security directorate at the time, but the security
directorage has no power per se. The only power they have is
to lobby the AD.

The only people in the IETF who can realistically block a 
document semi-indefinitely over the will of the WG are the
ADs. However much we might will it to be so, the IETF is 
not a democracy. At best, it's a republic, and not much
of one at that. 

> > I ask again: what incentives do the WGs have to produce documents
> > that meet the IESG's definition of quality?
> as a multi-decade manager of O(20^(2-3)) engineers, i came to the
> conclusion that 82.3% of whether an engineer produces quality is
> whether they have pride in their work and their team.  the classic
> hiring manager's joke about engineers is that we ask "what is the
> project and with whom will i be working.  ....  oh yes, my spouse
> told me to ask about salary and benefits."

Hmm... I'm not sure I subscribe to this theory, but in any case...

I think that there are two things going on:

(1) The WGs have a genuinely different definition of quality from
    that of the IESG. As a consequence, many arguments about quality
    are really about whose standard will be enforced. The perennial
    arguments about security come to mind. In cases like this,
    no amount of pride in work will solve the problem since
    the issue is a difference of opinion. The IESG can of course
    force people to comply with their view but that only works
    if people are consistently rewarded for doing so (or
    punished for not doing so).

(2) Protocol quality and document quality are not necessarily
    the same thing. In many cases, people are interested in
    having a protocol they consider good (with the caveat above)
    but don't much care about the technical writing. Engineers
    skimp on tech doc all the time. We don't want that, but again
    we have to force people to do it because it doesn't come
    naturally to them.

Consider the following thought experiment: take all the documents
that come before the IESG in a year. Rank them in terms of quality.
Then plot quality against "time to approve". Ask what the correlation
is. If there's not a high correlation, why would you expect people
to produce high quality work?


[Eric Rescorla                                   ekr at]

More information about the Problem-statement mailing list