Lakshminath Dondeti wrote: > The way I see it though is that the process and the mechanisms > were not discussed within the community. Conventional wisdom > says that security protocols/mechanisms designed without proper > peer review tend to be broken. A few people I have spoken to > seem to think that the notion of the tools team knowing who > nominated whom is not acceptable, It's always good to check privacy issues, but please don't get carried away. It's the job of the tools team to develop new tools. When they're ready these tools could be hosted by the IETF secretariat (or elsewhere, you proposed the Nomcom Chair). The tool has to be tested, it already turned out that some less usual browsers don't like RFC 2617, but could handle Auth Basic over https (one hopes). And maybe the "loginmgr" tool could be extended to some OpenID concept later, integrated into other tools - I-D submission by upload is an idea. At the moment folks can also still send their comments etc. by mail, then they never touch the tools server. One disadvantage with that approach is that I never know if the feedback arrived, all I see is "waiting for moderation". And of course a Web form can enforce some minimal structure for the feedback, with ordinary mail what you get can be anything - maybe a *.doc file and you have no way to read it. Or some anti-spam mechanism on overdrive deletes it before you see it. The sender would never know that it vanished in a black hole. > the community does not seem to quite care about who knows what > was said in the nomcom, generally speaking. Is that the case? I'm interested, but not worried. Your info how it's handled could be integrated into a privacy statement for this particular Web form. Maybe the tools list is a better place to discuss technical details. Frank _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf