One small point.....
--On 11. august 2005 07:52 -0700 Michael Thomas <thomasm@xxxxxxxxx> wrote:
Brian E Carpenter wrote:
Michael, you've had some quite concrete responses which I hope
have clarified things, but I really want to say that making
Internet protocols secure isn't a hoop jumping exercise; it's
more like a survival requirement, and has been for ten years
at least.
Where did I say that? My issue is that if people are going
to invoke process, they should be prepared to define what
the process is. And not just hand waving; concrete pointers
to documents that have been through the rough consensus
mechanism so that all parties can shoot for a common
goal.
I did not hear at any stage Russ claiming that asking for a threat analysis
was "invoking process". He was asking for information that would allow him
to make up his mind about whether or not to support DKIM becoming a WG.
As far as I know, there is no formal process called "ask for a threat
analysis". Some people would argue that there should be, and if that
argument were to be adopted, it should certainly have guidance attached to
it.
But in this case, I believe all the formal process there is is "AD, using
his or her best judgment, will decide".
This is contained in RFC 2418 section 2.1 (quoted below). The threat
analysis asked for seems to be intended to improve the basis for judgment
on the first 3 points....
-----------------------------------------------------------------------
2.1. Criteria for formation
When determining whether it is appropriate to create a working group,
the Area Director(s) and the IESG will consider several issues:
- Are the issues that the working group plans to address clear and
relevant to the Internet community?
- Are the goals specific and reasonably achievable, and achievable
within a reasonable time frame?
- What are the risks and urgency of the work, to determine the level
of effort required?
- Do the working group's activities overlap with those of another
working group? If so, it may still be appropriate to create the
working group, but this question must be considered carefully by
the Area Directors as subdividing efforts often dilutes the
available technical expertise.
- Is there sufficient interest within the IETF in the working
group's topic with enough people willing to expend the effort to
produce the desired result (e.g., a protocol specification)?
Working groups require considerable effort, including management
of the working group process, editing of working group documents,
and contributing to the document text. IETF experience suggests
that these roles typically cannot all be handled by one person; a
minimum of four or five active participants in the management
positions are typically required in addition to a minimum of one
or two dozen people that will attend the working group meetings
and contribute on the mailing list. NOTE: The interest must be
broad enough that a working group would not be seen as merely the
activity of a single vendor.
- Is there enough expertise within the IETF in the working group's
topic, and are those people interested in contributing in the
working group?
- Does a base of interested consumers (end-users) appear to exist
for the planned work? Consumer interest can be measured by
participation of end-users within the IETF process, as well as by
less direct means.
- Does the IETF have a reasonable role to play in the determination
of the technology? There are many Internet-related technologies
that may be interesting to IETF members but in some cases the IETF
may not be in a position to effect the course of the technology in
the "real world". This can happen, for example, if the technology
is being developed by another standards body or an industry
consortium.
- Are all known intellectual property rights relevant to the
proposed working group's efforts issues understood?
- Is the proposed work plan an open IETF effort or is it an attempt
to "bless" non-IETF technology where the effect of input from IETF
participants may be limited?
- Is there a good understanding of any existing work that is
relevant to the topics that the proposed working group is to
pursue? This includes work within the IETF and elsewhere.
- Do the working group's goals overlap with known work in another
standards body, and if so is adequate liaison in place?
Considering the above criteria, the Area Director(s), using his or
her best judgement, will decide whether to pursue the formation of
the group through the chartering process.
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf