|
On 3/31/19 4:14 PM, John C Klensin
wrote:
It's also possible that the mere existence of a recall procedure has served as an effective incentive to "behave"I don't believe that it is useful to go down the path of counting recalls but, if one looks at the statistics alone, one could reasonably conclude that: * The number of recall efforts that got as far as selection of a recall committee between 1996 (RFC 2027) and 2004 (RFC 3777) was zero and hence the change from "anyone can initiate" to nomcom eligibility and 20 signatures was not justified by any actual experience of denial of service attacks, only speculation (and, IIR, a near-miss or two) that they might occur. * The number of recall efforts that got to that same point between the time the rules were tightened in 2004 and the present was also zero. From that, if we can conclude anything at all, it would be that, with the possible exception of people who disappear without resigning, either the procedure is too hard or we have never had a leader who have misbehaved sufficiently to justify removal from office. (Note that one might still expose oneself to a recall attack, with the associated risk of hassles and threat to one's reputation, even while arguably doing the right thing. So "behave" might not be the right term here, but it will do for now). If one believes that latter, and that one can extrapolate from 22 years of no recalls into the future, then we either don't need the mechanism at all or we should got back to "anyone can". On the other hand, should one believe that people might end up on leadership bodies in the future (especially given that we keep generating more of them) who might then behave in ways that would justify recall actions _or_ if one believes that the appearance of fairness toward all who participate actively in the IETF is important, then changes of the sort proposed in draft-moonesamy-recall-rev are worth making and the number of past recalls is really not particularly relevant. If I'm looking at how to defend a computer system or network, I don't care whether an attack has been exploited in the past, what I care about is how easy it is to make such an attack effective and how much damage it could do. Zero-day exploits are still exploits and in some sense are more of a risk than well-known exploits I don't immediately see why IETF should consider potential attacks on its operation any differently. That said, some countermeasures are better than others. I
prefer "fair" countermeasures against network-based attacks on
systems - e.g. countermeasures that do not discriminate against
legitimate traffic, or do not presume a priori that certain kinds
of traffic are illegitimate without reason. (Many spam filtering
mechanisms are notorious for blocking legitimate traffic, which is
why I tend to consider such mechanisms as much of an attack on the
email system as anything else.) Note that even though IETF derives much of its apparent
legitimacy from the perception of fairness, an absolute notion of
fairness must not be considered more important than effectiveness
of the organization. IETF could be made "fair" by any of several
silly means:
all of which would defeat the very reason for IETF's existence. (These might seem like strawmen, but sometimes I think we're getting dangerously close to b.) Keith (with some help from Harrison Bergeron) p.s. I very much appreciate the massive efforts that have been made, by very many parties, to make remote participation as effective as it is now. (The NOC teams get a special mention as do the Meetecho folks and also meeting sponsors, and I'm sure I'm leaving a lot of people out.) |
