S Moonesamy wrote:
Hi Phillip,
At 10:28 26-04-2014, Phillip Hallam-Baker wrote:
There is really no precedent for discovering that a rogue agency was
conspiring to sabotage efforts to provide Internet security.
The IETF have been considering security in its protocols for the last
11 years. It has also been considering cryptography for use on the
Internet. About a year ago it was found that all does not provide the
security one would expect. There hasn't been such a precedent.
Perpass is an unusual occurrence.
The comments on the thread describe the IETF environment as "people
coming together
to work on stuff" whereas people from the outside consider the IETF as
more than that. The question which has not been discussed is whether
the IETF accepts the responsibility for all aspects of its protocols.
If the answer to that question is "yes" it would be up to the IESG to
figure out how to solve the problem(s) in a timely manner.
I think it's more accurate to say that the IETF has an "official role"
as the standards body for Internet protocols - and there may be a
mismatch between:
- how that role is "officially defined" (such that it is)
- what responsibilities go with such a role (based on expectations and
experience with analogous environments and standards bodies that have a
longer history - such as IEEE, ANSI, ISO, ITU, ...)
- how IETF understands and executes its role (and given the somewhat
bottom-up, ad hoc nature of IETF - how it's organization, policies, and
operating procedures map onto exercising "official" roles and
responsibilities"
- what holes there are that might need to be plugged, and how they might
be plugged
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra