"Adult supervision"
Keith Moore
moore at cs.utk.edu
Tue May 6 15:16:49 CEST 2003
> > Should IESG members really have to debate with each document author or
> > working group chair (for instance) whether it's okay to assume that a
> > device or server will only be accessible from a local, trusted network and
> > that therefore no authentication is needed?
>
> Absolutely not. It would take forever. ADs are too busy already.
> But the contrary position is also wrong. You can't just say "look,
> man, everybody knows you can't just have no authentication, so shut up
> and go away." There is a middle path, where you write up documents
> documenting issues like this and publish them as RFCs, and then you can
> say "look, man, I don't have time to explain this to you, but your
> protocol needs to conform with RFCmumble, please go read it."
RFC 2964 and 3205 were both attempts to do this; each took several years to
publish.
I do agree that there's such a thing as being too curt in giving direction.
But I don't think we can expect ADs to write and get approval on an RFC
every time a WG thinks it's being dealt with capriciously.
More information about the Problem-statement
mailing list