On 13/12/2013 19:06, Eliot Lear wrote: > Hi Brian, > > Speaking as a member of the IAB but certainly not for the IAB, I have to > take issue with you on a number of points below: > > > On 12/13/13 2:54 AM, Brian E Carpenter wrote: >> Tom, >> >> On 12/12/2013 23:23, t.p. wrote: >>> Jari >>> >>> I am wondering what the role of the IAB is in this. Statements of >>> policy such as this I have seen previously from the IAB, as in the >>> RFC2804 that has just been referenced. Whereas the IETF produces the >>> engineering, such as TLS or IPsec, which is rather different in nature. >>> Does the IAB approve or disapprove of this? Why isn't it involved? >> Like RFC 1984 and RFC 2804, this one is intended to be jointly >> issued by the IAB and IESG. I don't see any difference (except for >> the artefact that it has to be assigned to one of the streams, >> which didn't exist when the two previous RFCs were issued). > > Sort of. The current plan of record was for this to be issued as a > BCP. The document is currently in IETF last call, and then the IESG > will decide what to do with it. The intent is for the IESG to allow the > IAB to insert an IAB statement if we wish to have one in there. And the difference of principle, apart from the process artefact, is what? The document itself says "This document was initiated by both the IESG and IAB, but it is published as an IETF-stream consensus document,..." >>> And when I look at the IAB website, I am bemused. The IAB is calling >>> for papers for a conference on this precise topic, to be held in three >>> months, by which time you want this I-D to be signed, sealed and >>> delivered. >> Yes - this is a statment of principle. We can continue to waste time >> wordsmithing, or we can just put it out there and save bits. > > Well actually there is confusion about this, which is in part why there > is a debate. We've already seen one working group chair expecting the > IESG to take actions on documents based on this statement of principle. > And so some care is therefore required. Of course. >> So that the IAB can wave it at all participants and say >>> 'Discussion over'? Or what? >> The discussion of the principle *was* over in Vancouver. >> Workshops, and IETF WGs, have to apply the principle to actual >> technology. > > I couldn't disagree more. The discussion over the matter BEGAN in > Vancouver. Nobody – NOBODY – should stop a discussion of principles on > this list. No, and we have plenty of evidence in the discussion that we're aiming at a rough consensus, not a consensus. IMHO that's exactly why we should settle on a simple, bare-bones statement of general principle. Otherwise, we'll be wordsmithing while Rome burns. > And just to prove the point, you concurred with Dale Worley > at least on what one of those discussion points should be. And to take > it even further, and this is only Eliot's opinion, I suspect agreement > can be found on the following points: > > * Pervasive surveillance represents an attack on the Internet in as > much as large amounts of information that is intended to be > confidential between sets of individuals is in fact gathered and > aggregated by third parties. > * Such a broad scale attack can undermine confidence in the > infrastructure, no matter the intent of those collecting the > information. > * This is a hard problem. The very nature of some of the key > functions of the Internet allow for pervasive surveillance. It will > NOT be technically feasible to eliminate all aspects of pervasive > surveillance. > * Those working on protocol development should take seriously the > threat, and conscientiously weigh all of these considerations as > they develop technical specifications. > > The practical ramifications of that last point is that at the very > least, WGs should show their work in terms of how they weighed the > issues, even if they couldn't solve all of them. Agreed. Is that incompatible with draft-farrell-perpass-attack-02? > >>> It seems to me that this I-D is an ideal candidate to be presented and >>> discussed at the conference after which, the IAB can produced a >>> carefully considered document. >> I hope the workshop will be discussing specific technology, or at >> least specific technical guidelines, not wordsmithing the general >> principle. > > Certainly not wordsmithing, but in fact workshops are often for teasing > out general principleS (there are a few in play). All the more reason to get the over-arching simple statement of principle done ASAP. If I have any criticism of draft-farrell-perpass-attack-02, it's that it's too long. But it isn't worth the effort of making it shorter. Brian