>>>>> On Wed, 17 Dec 2008 07:40:30 -0800, Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx> said: ER> That list contains 14 names. Let's say that I have a 95% chance of ER> getting any one of those people to give consent. The joint probability ER> that I will obtain all the required consents is .95^14, less than 1/2. ER> I imagine the situation is similar for other large, old ER> documents such as RFC 3261 (SIP) or 2616 (HTTP). The problem with both open processes and open source is that when they hit issues like this the tendency is to be either: 1) too loose 2) too strict We're now switching from #1 to #2. And switch is what's going to bite us. I'm sure that some of the contributors to some past documents aren't even alive which will make some of this paperwork really interesting. The only thing you can adjust in the above math is the success rate of your contacts. That means you need to improve your accuracy a bit Eric or you'll certainly fail! Maybe the IETF needs to hire a private investigator? The problem is that when it comes signing paperwork like that, I'd assume (not being a lawyer I'm good at assuming) that it's the company paying the individual that has to authorize at the least or more likely sign the paperwork. If the company and the individual are not on good terms or if the company doesn't exist any longer or has no recollection of even sending someone to the IETF because their "strategic directions" have changed that 95% may seem a bit too generous. Maybe it would be easier to start from scratch on everything and do a complete rewrite (by fresh people that have never read the previous documents and thus can't be influenced by the text). As far as actually operating in a "too strict" mode: some open-source projects require signing copyright assignment papers before they can contribute to the project (FSF does this, for example, before contributing to Emacs (or nearly everything else)). The downside, of course, is reduced contribution. The upside is you've successfully pulled of the "strictness" quite effectively. The downside of the IETF, however, is that contributions occur at the microphone and on public mailing lists. You could, I suppose, require everyone attending the IETF to sign a legal document assigning their contributions away. However, how many people have you all met that have come to the IETF (promising not to eat the cookies) without paying because they had no sponsor and couldn't afford it and gotten up to speak at the microphone? How many people contribute only on the mailing list without ever attending an IETF? How many chairs show the note-well screen at the start of each meeting long enough so that people actually could read it? How many chairs have forgotten to show it? How many people have read RFC5378 vs those that have not? I'm sure the overlap is a very non-zero. Until we get rfid chips that turn on the microphone and X.509 certs that state we're authorized to contribute to mailing lists I fail to see how all this helps. I suspect others are in the same boat of confusion. As I mentioned, I'm not a lawyer. But I don't see how publishing one document in a list of documents that currently numbers more than 5400 and expecting that everyone will abide by it will solve the issue. But what do I know? I'm not a layer so I don't understand the rules. I'm just somehow supposed to abide by the rules I don't understand. -- Wes Hardaker Sparta, Inc. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf