"trouble maker"

Hallam-Baker, Phillip pbaker at verisign.com
Tue Jun 24 09:20:17 CEST 2003

"i.e. there should be no place for the term "trouble maker" in IETF
documents. "

I agree, I think that the problem here is that it becomes very easy for a
partisan chair to further reinforce his power by invoking this phrase.

DNSSEC has just produced a spec that cannot be deployed. The WG was in favor
of fixing the spec but the chair as we all know had other ideas.

Pointing out that the spec was broken resulted in numerous atempts to
intimidate me by 'reporting me to my management' as a 'trouble maker'. Like
get a clue, who do you think had asked me to push for the protocol changes
in the first place?

>From my point of view the "trouble maker" was a WG chair acting in a clearly
partisan manner.

The first time I spoke in a DNSEXT WG the chair in question gave a loud hiss
as I gave my name and company. Despite being prompted to do so he has
refused to appologise. The is hardly the behavior I expect from an
organization claiming to be open and inclusive.

It is very easy to get a WG to adopt the consensus you want if you are
prepared to drive away supporters of contrary views. This is what happened
in ASRG. At the start there were a lot of people interested in
authentication based approaches. Then I see that any proposal they make is
attacked on non-technical grounds, the proposers insulted, called 'a snake'
etc. Pretty soon I am the only person left proposing authentication based
approaches so having marginalized my position the faction can now dismiss me
as a 'trouble maker' for proposing ideas that are opposed to the consensus
they have formed by driving away any supporters.

I fail to see the point of the IESG. It does not appear to be providing much
in the way of direction or architectural guidance. It is not even providing
the most basic guidance one would expect such as "this spec must work for
all the Internet".

The Internet has major structural security problems that are likely to be
tested in the near future. We already have spam senders hijaking unused IP
address blocks with BGP spoofing, expect them to shortly start hijacking
used address blocks. The proposal on the table for BGP security meanwhile is
to replace all routers with new ones that support BGP over IPSEC, a very
likely occurrence.

At this point there is no deployable security solution for BGP OR DNS. I see
little likelihood that the IETF will play a positive role in solving either


More information about the Problem-statement mailing list