Re: The IETF environment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



S Moonesamy wrote:
Hi Phillip,
At 10:28 26-04-2014, Phillip Hallam-Baker wrote:
There is really no precedent for discovering that a rogue agency was
conspiring to sabotage efforts to provide Internet security.

The IETF have been considering security in its protocols for the last 11 years. It has also been considering cryptography for use on the Internet. About a year ago it was found that all does not provide the security one would expect. There hasn't been such a precedent. Perpass is an unusual occurrence.

The comments on the thread describe the IETF environment as "people coming together to work on stuff" whereas people from the outside consider the IETF as more than that. The question which has not been discussed is whether the IETF accepts the responsibility for all aspects of its protocols. If the answer to that question is "yes" it would be up to the IESG to figure out how to solve the problem(s) in a timely manner.

I think it's more accurate to say that the IETF has an "official role" as the standards body for Internet protocols - and there may be a mismatch between:

- how that role is "officially defined" (such that it is)

- what responsibilities go with such a role (based on expectations and experience with analogous environments and standards bodies that have a longer history - such as IEEE, ANSI, ISO, ITU, ...)

- how IETF understands and executes its role (and given the somewhat bottom-up, ad hoc nature of IETF - how it's organization, policies, and operating procedures map onto exercising "official" roles and responsibilities"

- what holes there are that might need to be plugged, and how they might be plugged

Miles Fidelman


--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]