On Tue, Nov 07, 2006 at 05:37:37AM -0800, Harald Alvestrand wrote: > I think some of Laksminath's concern is valid. > But I think the solution to the problem is simple: > > Make it publicly known who is on the technical staff that supports the > Nomcom, and make it clear that these people: > > 1) May learn Nomcom information as a side effect of their technical work to > support Nomcom > 2) Have promised not to reveal that information to others, and have > promised not to take any other action based on that information (apart from > fixing technical problems) > > This is analogous to the role of an email postmaster: He *can* read any > mail on the system, if he really wants to, but we trust him to not *do* it > - or, if he has to during debugging, we trust him to "forget" what he's > read. If people are so paranoid^H^H^H^H^H^H^H^Htouchy about this subject, that's a good thing of course. But unless people are using PGP or S/MIME to encrypt all traffic to and from the nomcom list these days, note that this list won't be complete. You would also need to include all of the e-mail postmaster staff servicing the e-mail addresses of everyone on the nomcom.... And if you don't force people to encrypt traffic on the inbound side, and just do the PGP encryption at the reflector (a common setup), someone who is sniffing packets in the corporate intranet of any of the nomcom members could also acquire quite a bit of significant information, from the quoted replies as well as the from the posted text of said nomcom members --- and let's not forget the fileserver/backup admins if people are decrypting the messages and storing the messages in their decrypted form in their NFS home directories. <For the joke impaired --- I'm taking this to extremes just to show how silly we can get --- or, if you are truly paranoid and wanting to treat this information as carefully as the US government might want to treet Top Secret classified information, to point out how hard this would be and how this would almost certainly impact on the productivity of the nomcom. Some amount of common sense is required here, obviously.> > I trust that Henrik thought this was "so obvious it didn't need mentioning". I would have thought this was kind of obvious, but maybe that's because I had postmaster duties at MIT for almost a decade.... - Ted _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf