Hi Bob, > On Apr 15, 2020, at 2:30 PM, Bob Hinden <bob.hinden@xxxxxxxxx> wrote: > > Yes, but I think it’s a mistake to think that this is a one time thing and that it will be done anytime soon. We shouldn’t get in the way of what MIT/Google/Apple/etc. are doing in the short term, but I do think there is long term value developing something in the IETF that will prepare for the long term. That has a reasonable balance between tracking for medical vs. political tracking. > > Until there is a vaccine this will reoccur, and other pandemics will happen. I think you, Carsten, and I probably all agree at the top level, that the most useful place for the IETF to put energy is in directions that match its timescale, skillset, and culture. And I also agree that this is not a one time thing. But that doesn’t mean that it’s useful for the IETF to put significant energy into this particular space if what ends up coming out of the MIT/Google/Apple/others efforts is a competent, open-standards result that also has the weight of significant deployment behind it. Put another way, your framing suggests that the IETF _could_ somehow do the longer-term version better in some dimension, but in this particular case it’s not obvious that that’s true, either technically or from the code-actually-getting-used point of view. In which case, it would seem better to consciously turn our energy to places where there's both need and room, rather than zooming off towards the me-too because it’s the cool topic of the day. I’m not _sure_ that’s how things will turn out in this space, of course, but it does seem (at least to me) very extremely likely. A side observation addressing the other point in this thread: I have no inside knowledge, but I strongly suspect that one reason both the MIT and (believe it or not) Apple/Google groups are pushing as fast and hard as they are to get something out is to short circuit the people who are pushing equally hard for alternative tools that aren’t remotely privacy preserving or anything else. Precisely for the reason you mention (not a one time thing..) _something_ is going to happen in near time, and then will very likely get dug in for the longer haul. Having a reasonably competent, reasonably privacy-preserving protocol/app/whatever _already deployed and running_ is one of the better possible defenses when someone comes along with the idea to create a central-reporting-of-everything app using Covid-19 as an excuse. Which, as you may have noticed, is already starting to happen in a couple of quarters. cheers, -john
