Just a comment on this: On 5/4/17 1:57 AM, Mark Nottingham
wrote:
Even more so when the person misreading (or misusing) it might be a legislator or regulator who has comparatively little technical depth, but great impact. That is not the concern that you should be focused on. First, find me a legislator who has actually read an RFC, and I'll buy you one of those fancy drinks you like. Even most regulators do not read RFCs, but when they do they are generally focused on normative product requirements. This document has no such requirements to grasp. Nor should a press quote even be a serious concern, given how little press 7258 and the IAB statement generated. The only serious concern one might have is whether someone would look at the document and decide that there is a problem statement for work that would subvert security to take place, either within the IETF or elsewhere. Within the IETF we have a rough consensus process that anyone can use. It doesn't guarantee a result, but it is the best we have, and I couldn't imagine someone not being called out for taking something out of context, especially on this topic. That leaves other organizations. some of whose members might even intentionally misconstrue this work as justification to start new (bad) work. That's a real risk and it has happened before. Repeatedly. My observation is that when this has happened in the past, the long term consequences to the industry have been minimal, first because because we have happily been able to stop some of the dumber ideas, and also because our documents had good technical grounding while others did not. Furthermore, if we don't publish in order to avoid being misconstrued, it means we cannot have an honest discussion amongst ourselves, nor can we document any consequences of our decisions, and that opens this organization up to far more serious (and deserved) criticism by regulators, antagonists, academics, the press, and, well, us. Eliot |
Attachment:
signature.asc
Description: OpenPGP digital signature