[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf
Subject:    Re: Looking for Area Directors Under Lampposts
From:       Scott Bradner <sob () sobco ! com>
Date:       2015-11-17 12:18:52
Message-ID: 5F4AEDC8-7B60-4174-8EDF-EEF56674CDD6 () sobco ! com
[Download RAW message or body]

inline

> On Nov 17, 2015, at 6:42 AM, tom p. <daedulus@btconnect.com> wrote:
> 
> ----- Original Message -----
> From: "Scott O. Bradner" <sob@sobco.com>
> To: "IETF discussion list" <ietf@ietf.org>
> Sent: Sunday, November 15, 2015 8:10 PM
> 
> Maybe I missed it, but I do not recall seeing mention in this thread of
> a significant aspect
> of an ADs role – reviewing documents from outside there area – i.e., the
> cross-jurisdictional review step that the IESG review represents.
> 
> This is a major differentiator between the IETF and most other IT
> standards development organizations.   In most other organizations
> the only technical expertise applied to a proposal comes from within a
> working group (working party etc) – a group that will always have a
> limited scope of expertise
> 
> The IESG’s cross-area review ensures that proposals undergo
> review by experts in areas that will likely not be represented within
> a particular working group.
> 
> Documents, no matter how clearly written, produced by an individual
> working group, no matter the level of subject matter expertise, can
> benefit from careful review by experts who have expertise outside the
> scope of the people participating in the working group.
> 
> When I was an AD (a rather long time ago now) I saw many documents
> where inadequate attention had been paid to security, congestion
> control,
> manageability, etc.
> 
> <tp>
> Scott,
> 
> I find it significant that security comes first on your list, congestion
> control second.  I see security and transport (UDP usually) as the two
> arcane topics that are the commonest source of infelicities, even to the
> extent of ADs creating DISCUSS which, at times, appear to me to be based
> on misunderstandings.  I think that the Security Area, in particular,
> should be more proactive in making it clear what other areas should be
> doing, by way of Security Considerations, choice of options and so on.

having clear security direction to working groups and having security expertise 
that working groups can call on when they need it has been a desire since I
first got on the IESG (1993) - I would love it to be different but, at this time,
having a backstop is about as good as the IETF has been able to do

Scott

> 
> A minor example of what I have in mind is seeing an I-D in WGLC
> recommending the use of an RC4 cipher suite, something that was
> 'prohibited' last February (RFC7465). You could argue that this is
> cross-area review in action, since I track both lists and noticed the
> discrepancy.  But there is also a Standards Track protocol from some
> time back which still recommends its use, something which someone else
> had already picked up on and is likely to fix.  It was good of the
> Security Area to make it known that RC4 is now seen as having
> unacceptable weaknesses but it would have been better if they had gone
> the extra mile to see who was or had recommended it, perhaps using
> RFC7465 to make the necessary update.  I think that the bases are now,
> or will be, covered but they could have been done so more efficiently,
> at less cost to the time of those whose time makes the IETF possible.
> 
> Tom Petch
> 
> i.e., it is not sufficient to say, as has been said during this thread,
> that the
> onus should fall on a working group chair to ensure the quality of the
> documents that are produced by a working group, the best documents
> can be made better, in terms of being used on the Internet, by the
> cross-area review done by the IESG.
> 
> Scott
> 

[prev in list] [next in list] [prev in thread] [next in thread]