ietf-asrg
[Top] [All Lists]

Re: [Asrg] We got some stinging criticism

2004-05-07 17:41:14
Larry Seltzer wrote:

...it would be interesting to talk with him and ask him for advice.

Basically, I can't believe the schedule on this thing. And since a high % of the
discussion is always off the point or outside the formal agenda, there won't be 
all that
much discussion going into this very important standard.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer(_at_)ziffdavis(_dot_)com

Larry,
      Thank you for responding.

There is no way I can speak for the group, of course, but I am confused by your comment. When you say that you can't believe the schedule on this thing, I construe that to mean that you are unhappy with the amount of time that has been allocated to the task. Do you think that there is too much time or not enough time?

Since we are designing an open security system, one of the things that we have to do with each proposal is attack the proposal. I realize that it appears as if we are in the throes of devisive argument and racked with dissension, and again only speaking for myself, I believe that the argument is generally healthy and helpful. I am not a professional computer scientist, so at time the discussion is a little beyond me, but the members of group have generally been tolerant and willing to explain things in detail whenever I have asked them. I would be very concerned if there was "group think" going on, but I think this group seems to be safe from that.

   There are several problems that I myself want to avoid:

*) Whatever we design ought to run on a fairly modest computer
*) Whatever we design should "open" in the sense that it is unencumbered by either copyright or patent issues. I am not terribly concerned about the distinction between the BSD license and the GPL license, but I am adamantly opposed to the B.O.R.G. (Basically Owned by the Redmond Giant) license. *) It has to be reliable not only in the face of ordinary errors but also against Bad Guys actively trying to break it. A corollary of this point is I think that the system cannot rely on the sender to do the right thing. As I understand the caller ID protocol, it relies on the sender. I think Microsoft might be envisioning a world in which the power of root, er, I mean administrator, is limited; it is not clear to me how that can possibly be done when there are virtual machines. *) It would be nice if whatever we design is backwards compatible with existing protocols. So for example, if we invent something new, it would be better to implement it on top of HTTP or SNMP or similar, or extend SMTP in a backwards compatible way.
*) It would be nice if it worked a high percentage of the time.

In my opinion, these are daunting goals. Are any of them unreasonable or demonstrably unattainable? Have I missed anything important?

Now, I am inclined to agree with you that at times we do lose sight of our goals. So if you will review some of the messages I have sent to the group as of late, you'll notice I have been trying to push the group back on track. It seems like a strange role for a newbie to take on, but one of the advantages of being a newbie is that I am not weighted down with a lot of history of the group. Of course one of the disadvantages is that there is a lot I should know and do not know. Further, I have no reputation with the group.

Larry, when all is said and done, your opinion is important to me, because I think you have a better handle on what ordinary users want and need. I, for example, loath Microsoft with a passion that defies easy description. I am also deathly afraid of Microsoft. Clearly, I am out of the mainstream in this regard. Because you write for an important magazine, you have to stay connected with what ordinary users want and need, or else you are irrelevant. You are not irrelevant. Therefore, you are connected, and we should listen to what you have to say. Again, this message is only my opinion, and should not be construed as speaking for the group.


Sincerely yours

Jeff