Re: draft-moonesamy-recall-rev-01: Number of Signatures Required

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--On Tuesday, April 23, 2019 11:43 +1000 Mark Nottingham
<mnot@xxxxxxxx> wrote:

> 
> My initial discomfort with decreasing the number of
> signatories on a recall petition may have been caused by my
> perception of it as a mechanism to ensure some level of input
> quality, since Section 7.5 of RFC7437 gives almost no guidance
> to the recall committee, in contrast to the fairly detailed
> guidance we give NOMCOMs regarding selection of our
> leadership. 

First of all, as I think others (and my now long-ago note that
SM pointed to in a note yesterday) have pointed out, the change
in the procedures from "anyone can initiate" to the current
requirement of 20 nomcom-eligible individuals was a DoS attack
prevention mechanism.  The newer and more restrictive procedure
was, fwiw, a mechanism for preventing a type of attack on the
process that we speculated was possible but that we had never
seen, even with no protection at all other than (possibly-bogus)
identification of the petitioner.  With or without the change,
there is/was nothing in the recall petitioning process that has
anything to do with quality... any more than there are input
quality protection mechanisms in nominating candidates for IETF
leadership positions.  That is actually another way to attack
the IETF procedurally and consume community resources that takes
less time and effort than faking names for a recall petition:
create a few hundred bogus identities in the datatracker system
(wouldn't take a determined attacker long and there are now many
domains in which one can create cheap or free email addresses),
find the right place in the Nomcom cycle, and then have them
start nominating each other, and real identities chosen at
random, for enough positions so that the Nomcom has to deal with
a hundred or two candidates for each of a large range of
positions.   While the Nomcom might be able to dismiss a
potential candidate who didn't respond to questionnaire
requests, excluding someone without, e.g., scheduling interviews
and otherwise pretending to take the candidacy seriously would
be unprecedented and probably lead to appeals and other forms of
noise.

We haven't had that happen either and I think the point is that
making the recall petitioning process harder (or even leaving it
as hard as it is) provides no additional protection against
attacks, if only because potential attackers have a range of
equally or more effective mechanisms available at the same or
lower cost.  What it does do is to attack the claim and
perception that the IETF leadership is actually accountable to
the community.
 
> Speculating, I suppose a lot would depend on the recall
> committee chair; they could choose to run a process that
> involves input across the community, or they could just focus
> on the loudest complaints.

Again, the draft in question only addresses the petitioning
process.  We don't have a standing recall committee
(deliberately and for good reason, although that would be one
way to cut down on the very long time an actual recall would
take).   If you think the recall committee process needs reform,
I look forward to a draft, but I note that your concern above
also applies to the Nomcom -- they could really try to get to
the bottom of claims of poor or inappropriate behavior or they
could believe what they hear from the loudest people or most
numerous group.    I hope we can assume that they strike a
reasonable balance (although anyone who has been around the IETF
long enough probably considers one or two choices that were made
over the years to have been dubious). I don't see any reason to
assume that a recall committee would be a lot worse.
>...

best,
  john




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux