--On Wednesday, January 01, 2014 12:18 -0900 Melinda Shore <melinda.shore@xxxxxxxxx> wrote: > On 1/1/14 11:34 AM, Andrew Sullivan wrote: >> On Wed, Jan 01, 2014 at 12:13:31PM -0800, Dave Crocker wrote: >>> ps. My own suggestion is Experimental. >> Please, no. That status has been abused enough. What would >> you be trying to learn by this experiement? What would the >> conditions be that you would conclude you knew the answer? >> If you can't answer those questions, "Experimental" is just >> wrong. > > I'd actually be fine with experimental, to the extent that it > provided background for some experiments with trying to find > a workable framework for evaluating snoop-resistance in IETF > specifications. I'm less good with publishing a BCP that's > neither "best" nor "current" nor "practice." I have to agree with Andrew. The most important parts of the document are, to me, the statement that there is an issue, that the IETF community recognizes that issue, and that there is a general sentiment that considering it and doing something about it is generally a good idea. Where I start having problems is where it seems to specify constraints on protocols or criteria that could be used to block standardization of protocol specs that don't meet someone's theory of what is possible or good enough. As others have said, we shouldn't be approving things (and claiming the existence of consensus about them) that call for action but that aren't actionable without new rounds of debate about what those actions are or that seem to specify, a priori and for most or all protocols, that some tradeoffs and constraints are more important than others without careful examination of the others. Identifying a document as experimental doesn't help with that in any way unless, as Andrew suggested, we are prepared to specify the experiments and the corresponding evaluation criteria. I've deliberately avoided making concrete suggestions, but let me give that up and suggest two alternatives: (1) Many years ago, in a discussion of formal models of various types of systems, Joe Weizenbaum [1] suggested the most of the value in such models lay in the thinking, hypothesis testing, and topic examination that went into their creation; "running" the models was less often significantly useful. Perhaps this topic is much like that: the community, and especially those of its members who have been following the discussions and thinking about the various comments, have learned a great deal. Maybe publishing it, especially with claims of consensus, would be anticlimax at best and an invitation, not just to abuse but to additional versions of the endless process debates that, as I think Randy Bush was suggesting, because a blocking factor and substitute for getting actual work on the Internet done in the IETF. That isn't a good tradeoff, so maybe it is time to just stop. (2) Perhaps it is useful to the community that we make a strong statement that pervasive surveillance is an attack on the Internet, its openness, and the ability to use the network with confidence. I don't have a problem with such a statement although, if we make it, I think we should also be considering statements about patent abuses, competitiveness among ISPs and other "open access" and "net neutrality" issues, and a collection of other issues and areas. But, if we do that, let's do that and issue it as an informational statement or RFC, not pretend that it is a standard, much less a best current practice. If that document wants to call for actions or experiments, that would be great, as long as it isn't written in a way that can easily be confused with such actions or experiments. best, john [1] For those of you who don't recognize the name, look it up -- probably would be good for you. > > Melinda >