> Behalf Of Dave Crocker > For another, individual pique is best pursued either by > private exchange or > through formal complaint. Neither requires burdening the > full IETF list. I disagree, hard cases make bad law, good cases make bad procedure. It is easy to see why process is unnecessary in good cases. It's the bad ones where there is a problem. Recently an IRTF WG chair decided to effectively turn the group into a publicity engine for his own company and banned anyone who objected to this or disagreed with him, at one point he had banned about a third of the active members. He is no longer the chair and the normal process took its course but what would have happened if there had been no open process? The point is that we cannot assume that WG chairs always operate in good faith and that any objections that appear on the lists are from cranks despite the simplicity that model provides. WG chairs are not elected, the ADs are not elected. The accountability processes of the IETF are not designed for the type of action suggested. If the consensus processes are blocked then complaints are more likely to end up being littigated rather than thrashed out in public. My objection to this thread is that people appear to have rushed to judgement that this is a disciplinary issue before considering the substance of the point raised. People seem to be saying that there is no time to read the message because they are too busy shooting the messenger. I do not understand the objection that Dean is raising, I certainly do not see that a defect in DNSSEC should constrain DNS operations. However I will point out that four years ago we had a similar argument about a defect in DNSSEC that I predicted would prevent deployment in the major TLDs for at least five years. The procedural abuses that took place in that instance have resulted in the current situation where phishing is a real problem and there is justified concern that DNS based attacks - pharming will become a threat. There is a simple way to settle this issue, state that it is a requirement for DNSSEC to work with anycast. This is not impossible to achieve, an RSA signature is only 256 bytes, a DNS response can be 500 bytes without difficulty and in practice can be up to the ethernet MTA of 1400 bytes without significant operational issues. A response from a TLD is small. I don't see why packet fragmentation would be a problem for the anycast TLDs. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf