Lets look at this from a security usability point of view.
The whole nomcon process is opaque, all meetings and discussions are secret. Requests for comment are solicited in confidence. Given those circumstances it is a reasonable assumption for a participant to make that all nomcon actions are strictly confidential. In fact that is by far the most reasonable assumption to make.
When you have a process that is vested in such a high degree of secrecy you will inevitably end up with a very high degree of suspicion. Secret processes are antithetical to accountability.
The worst failure mode here is not that the nomcon is going to make the wrong choices and the IAB is unable to rescue them. The worst failure mode is that information that is released with a reasonable expectation of confidentiality is then disclosed.
I would much prefer to have a process that is completely open except in regard to actual balloting. To paraphrase Dave Crocker: Why would we expect to be experts in the area? We do bits on the wire, design of political institutions is certainly not an area in which competency has been demonstrated.
But a process that is assumed to be more confidential than it actually is would appear to be the worst of all cases.
-----Original Message-----
From: ietf-bounces@xxxxxxxx on behalf of Steven M. Bellovin
Sent: Mon 17/03/2008 10:08 PM
To: Christian Huitema
Cc: 'Fred Baker'; Dan Wing; 'IETF Discussion'
Subject: Re: Confirming vs. second-guessing
On Mon, 17 Mar 2008 18:44:49 -0700
Christian Huitema <huitema@xxxxxxxxxxxxxxxxxxxxx> wrote:
> > > And in order to make the confidentiality issue more concrete
> > > (ie, real) would folks offer some examples of what falls under
> > > it.
> >
> > "I accept the nomination of area director. The current area
> > director, Mr. J. Sixpack, has been attempting to impose his
> > opinion that beer should contain rice. This is causing a rift
> > in the working groups within the area. I would follow the area
> > consensus that we should outlaw rice in beer and thus my
> > appointment as new area director would achieve peace and
> > harmony within the area."
>
> Why should such a statement be confidential?
>
Try this one, quite non-hypothetical: a candidate for the IESG is
contemplating switching jobs. His or her current employer does not yet
know this. It has a clear bearing on whether or not that person can do
the job of AD, but equally clearly should not be broadcast to the world.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf