On Fri, Jan 14, 2011 at 5:06 PM, Martin Rex <mrex@xxxxxxx> wrote:
-- Phillip Hallam-Baker wrote:I assume the number of IETF contributors is more like 5000-10000.
>
> The illusion of control is comforting to some but it is an illusion. At the
> end of the day the IETF has roughly 2000 people involved. Nobody elected us.
> We are accountable to no-one.
Everybody can get involved with the IETF and although some working groups
>
> The Internet has 2 billion users. We do not accept accountability to those
> users. We cannot even understand what their requirements might be. And even
> if we did, we may well reject them out of hand.
may have superseded rough consensus by voting these days, there are still
significant numbers of contributors involved in the IETF with non-marginal
levels of dignity about the technologies they are creating.
It is hard to imagine any structure that could provide for significantly more than one person in a million being involved in the IETF.
We can face that fact or we can pretend that it doesn't matter and that we can have power without accountability, I believe Rudyard Kippling's quote on that topic was on point.
> The first cost is the cost of maintaining the registry. Assigning codeYou are asserting here that by _not_ using an IANA registry, but instead
> points requires an administrator, it frequently requires expert review.
> That incurs time and money.
relying on ASN.1 OIDs, suddenly the use of DSA with MD4 for a digital
signature obiviates expert review and becomes technically sound?
No, the proliferation of cryptographic algorithms is a bad thing in and of itself.
In the past it was believed that having a backup algorithm was a good thing. Then we discovered that in fact the security of a scheme is usually determined by the least secure algorithm supported rather than the best and that adding a backup algorithm merely created additional opportunities to crack the system.
We should not therefore be in the business of expertly reviewing any crypto unless we believe it to be a significant improvement on the existing algorithms.
Your straw man case of DSA with MD4 is easy to reject. But what would be the acceptance conditions?
From a protocol standpoint the correct response is arguably to reject every application. But doing that is impossible as the GOST case demonstrates. If the IETF had not assigned the code points then they would have been assigned by the GRU.
We cannot stop people from shooting themselves in the foot and we should not try either.
The assignment of a code point itself is a cost infinitesimal close to
zero. No matter how you look at it, at the abstract level there is
no difference between an IANA code point assignment for something
and the assignment of an ASN.1 OID or an URIs by some organization.
From a political standpoint it is totally different. Assignment of an IANA code point is an IETF endorsement no matter how many caveats we attempt to apply.
The cost of expert review is non zero.
With an IANA registry, the IETF can (and should) enforce free availability
of the relevant specifications plus at least availability of RAND conditions
for the surrounding (known) IPR claims
Nonsense.
If the IETF refuses to issue code points people will issue them themselves. That was the original observation at the start of this thread.
Website: http://hallambaker.com/
_______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf