On Tue, Aug 23, 2022 at 12:24 PM, Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:
On Tue, Aug 23, 2022 at 10:35 AM Salz, Rich <rsalz=40akamai.com@ > wrote:dmarc. ietf. org If the rules say one thing, and literally everyone else does something else, who is at fault? It seems that a case can be made for three possibilities:- Those who didn't follow the rules- The rules are wrong- The rules were not clear enoughDoes it matter? The only thing that we have left to do now are:* Decide if we want to fix the issue for the future* If so, decide how to fix it* Try to work out some general principles on how to design such systems.
Hi all,
I'm assuming that I missed some discussions, but assuming that we end up changing the process **for future nomcoms**, why wouldn't we just select an additional 0.5*NOMCOM backup members, according to the normal rules, including no more than N from a company, etc.
E.g: if we need 4 people (limiting it to 4 for simplicity and so I don't need to make up more names) we select:
Appointes:
-----
1: Lucija Steffie - Acme Tool and Die
2: Hunter Nikomedes - Techfluent
3: Sandra Jarah - Techgenics
4: Hana Luke - Acme Tool and Die
Backups:
---------
5: Vilmos Ida - Ratchet Technologies
6: Lawali Dudley - Networks-R-Us
(when running the algorithm, it also selected Wilma Flintstone, but we discarded Wikma because she also works for "Acme Tool and Die").
Now, if we are unable to reach Hunter Nikomedes (or there is some other reason that Hunter cannot serve, like we discover that Techfluent is actually a wholly owned subsidiary of Acme Tool and Die[0]) the nomcom simply slots in Vilmos instead.
We already have an "unconflicted" list, and companies (easily) cannot game this by having one of their employees not participate so that another one can, etc..
I really feel like I must be missing something super obvious here - please point out where :-)
I also wonder if we may be going slightly overboard here: we are choosing a nomcom to appoint Area Directors, not elect the next pope.
Although ADs *are* often mistaken for gods, in actual fact that are only very minor deities - demi-gods at best, and often just satyrs. This is backed up by the fact that we often have a hard time finding candidates willing to be apotheosized; often this is because they simply don't have support from their employers. If companies cared enough to try and stack the nomcom process through complex trickery like the above, surely we'd also be seeing them fighting to propose and support AD candidates, and gain influence in other ways (like trying to poach ADs and WG chairs and similar)?
Yes, we should *clearly* make the process clear and transparent and deterministic and minimize opportunities for gaming (it's also a fun technical challenge), but we should also (IMO) keep in mind what it is that we are trying to accomplish.
I'm slightly worried about some of the tone in parts of this thread — if we end up creating an absolutely perfect nomcom selection process, but end up losing our culture (and friends) in the process, have we really won? Perhaps I'm naive (and again, we should make the process as perfect as we can), but I also don't think that it is necessarily true that there are great forces stacked against us, waiting to swoop in and try and get their favorite candidate appointed — let's save some of this energy and passion and use it to move document along, etc…
W
P.S: Hmmm… I'm starting to have a horrible suspicion that I may have accidentally climbed onto a soap-box…..
[0]: Clearly, getting people onto the NOMCOM is worth creating many many shell companies in order to stack the deck…. or something…
The only one that interests me here is the last because I think NOMCONs smack of the sort of schemes Trotskyites used to engineer to ensure they maintained control over organizations. The real function of the scheme is to insulate the appointees from accountability by making it impossible to know who they will end up being accountable to.The general principle I learn from this is that if you want a system to be unambiguous, reduce as much of the system as possible to code. Introducing ceremony is one way of doing that. It isn't an accident that there is a shinto ceremony for making sword steel, the ceremony is the embodiment of the knowledge of how to make a particular quality of steel in a repeatable fashion.One of the main reasons security policy schemes fail in deployment is that you cannot apply security policy effectively unless the policy data itself is reliable. And that is only possible if the generation of that policy is automated.