One important thing needs to be considered in the Security and O&M
Areas. There are two ADs, and they are expected to have somewhat
different skill sets. For contrast, here are the requirements that
were provided to NomCom2006 for these positions.
Russ
-----------------------------------------------
Operations & Management Area:
The primary technical areas covered by the Operations & Management
area include: Network Management, AAA, and various operational
issues facing the Internet such as DNS operations, IPv6 operations,
Routing operations.
Unlike most IETF areas, the Operations & Management area is logically
divided into two separate functions: Network Management and Operations.
David Kessens is currently responsible for the Operations portion
of the OPS area, so specific expertise required for the open
position would include a strong understanding of Internet operations,
as well as the ability to step into Network Management issues
when necessary.
The Operations AD is largely responsible for soliciting operator
feedback and input regarding IETF work. This is a challenging task
that requires strong contacts in the operations community and a great
deal of persistence.
Another important role of the Operations AD is to identify potential
or actual operational issues regarding IETF protocols and documents in
all areas, and to work with the other areas to resolve those issues.
This requires a strong understanding of how new and updated protocols
may affect operations, and the ability to gather information from the
operations community and translate that information into suggestions
for protocol architecture and design within the IETF. It also
requires a strong cross-area understanding of IETF protocol
architecture and technologies.
The Operations portion of the OPS area intersects most often with the
Routing, Internet and Security areas. So, cross-area expertise in any
of those areas would be particularly useful.
-----------------------------------------------
Security Area:
The WGs within the Security Area are primarily focused on security
protocols. They provide one or more of the security services:
integrity, authentication, non-repudiation, confidentiality, and
access control. Since many of the security mechanisms needed to
provide these security services are cryptographic, key management is
also vital.
Security ADs are expected to ensure that all IETF specifications are
reviewed for adequate security coverage. They also manage a set of
security resources that are available to most IETF areas and WGs.
Specific expertise required for a Security AD would include a
strong knowledge of IETF security protocols, particularly IPsec, IKE,
and TLS, and a good working knowledge of security protocols and
mechanisms that have been developed inside and outside the IETF, most
notably including PKI.
Also, a Security AD should understand how to weigh the security
requirements of a protocol against operational and implementation
requirements. We must be pragmatic; otherwise people will not
implement and deploy the secure protocols that the IETF standardizes.
The Security Area intersects with all other IETF areas, and its ADs
are expected to read and understand the security implications of
documents in all areas. So, broad knowledge of IETF technologies and
the ability to assimilate new information quickly are imperative for a
Security AD.
At 02:44 PM 7/24/2007, Narayanan, Vidya wrote:
Some additional comments on the topic:
In particular, taking the security area requirements as an example, the
description provided talks about expertise needed based on the current
ongoing work in the security area. While this is one part, we want ADs
that can bring in/ evaluate new work which may or may not be related to
any of the ongoing work in the area. Especially in the security area,
such relation to other work is very hard to predict.
Personally, I don't think it is a requirement for an AD to have a deep
understanding of all the protocols produced by the area; rather, for the
security area, for example, I think it is important that the ADs are
capable of analyzing threat models and evaulating the security
implications of work happening in other areas, or have a sufficient
security background to grasp issues raised by experts of a certain
protocol, etc. I think it is much less important that the AD has a
top-to-bottom understanding of TLS or Kerberos or IKEv2 or any one thing
in particular.
I provided this input last year as well and I think it is very important
for us to select an "area generalist" as an AD over a specialist in a
particular set of protocols.
Vidya
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf