Hi,
Thanks for the response.
I don't know whether I am in a severe minority on this particular position, and hope that my arguments do not come across as a DOS attack. At a certain point I will accept that rough consensus has passed this concern by.
To start, I must admit I have trouble equating an individual or community's disagreement with a decision to a DOS attack, though I do know how disconcerting and distracting an insistent complaint can be. I just don't see equating people's concerns with maliciously motivated attacks, no matter how persistent or obnoxious.
I also have no problem believing that the better option in any such disagreement would be to respond early and with due diligence with a public response (accountable and transparent) as opposed to just deleting it because it appears frivolous. I think we need to be very careful in defining an objection as frivolous before having given it due diligence. But once having reviewed an issue and publishing a response, then there would be no reason to re-review, thus avoiding an effect similar to that from a DOS attack. I think this differs from the case of a discussion in a WG since that is an intentional and ongoing exchange of ideas, and traction is often difficult to gauge on a WG list where the majority remains silent.
I also think that history has shown us that appeals are relatively rare and generally not frivolous. It is for this reason that I advocate extending the current model of appeal, with the caveats about not voiding contracts etc, to the IAD and IAOC. I think creating the procedure to avoid so called 'DOS attacks' is, in effect, fighting a problem we do not have.
a.
On 13 jan 2005, at 13.19, John C Klensin wrote:
--On Thursday, 13 January, 2005 12:06 -0500 avri@xxxxxxx wrote:
Hi,
Either I don't understand it or I don't agree. I allow that I don't understand it.
Since the model is partially my fault, let me try to explain.
In the first paragraph it seem like anyone can ask for a decision to be reviewed.
And a sensible IAOC will initiate reviews after any well-reasoned and sensible request, especially one that contains information they didn't consider and should have. If they regularly don't, they should be fired.
In subsequent paragraphs it appears that anyone is limited to IAOC, IAB and IESG members because no one is required to review the questions of anyone other then those in an I*. And while someone can ask for help from the IAB/IESG when their question is ignored, I don't understand why the level of indirection. I think that anyone in the community should be able to go to the IAOC with an issue.
I, Scott, and probably others are very concerned about denial of service attacks on the IAOC. We have all seen instances (even on the IETF and IPR list in the last few weeks) in which determined people will post small variations on the same complaints over and over again, never noticing that they aren't getting any traction in the community. If the IAOC is required to respond to every similar note with a formal review, it can almost be guaranteed that they will get nothing else done.
One way to deal with the problem would be to say "no one gets to talk to the IAOC other than the IAB or IESG". That impresses me as fairly bad news for several reasons. So I tried to strike a compromise that says:
(1) The IAB and IESG get to initiate requests for review and insist that the IAOC respond. (2) Any member of the community can initiate a request for review. The IAOC gets to decide whether to respond or to hit "delete". It isn't explicit in the document, and I don't think it should be, but an IAOC that blows off all such requests without any good reason should be headed for retirement. (3) If the community member doesn't get the expected review, he or she gets to mount a mini-appeal to see if the IESG or IAB can be convinced to endorse the question and demand a review. If the IESG or IAB blows off those requests unreasonably, _they_ ought to be headed for retirement, using normal mechanisms.
The text seems consistent with that. If you can suggest better text, I'm sure the editors would be interested.
I also think it is a work overload issue. In a sense the IAOC is being created to offload the administrative issues from the IAB/IESG. So why buffer them from the public's problems?
I would suggest that if "the public" has a legitimate problem that the IAOC refuses to address after input and a request from "the public", then the IETF has a problem and the IAB and IESG should be aware of it.
I think the IAOC should be required to respond to a request for review from the IETf community without requiring IAB or IESG intervention.
As I said, the concern is about denial of service attacks. One could, of course, eliminate or reduce that problem by setting up some procedure requiring that the IAOC respond to a community request endorsed by at least some minimum number of people (>> 1). But that seemed more complicated than it was worth: I'd rather say to the IAOC "if you blow off substantive and constructive requests for review from community members, we will blow you off" and just stop there.
john
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf