Stephen,
I do agree, but it may be a price worth paying. In any case, if
the threat analysis contained an initial cut at this and some
later document did the job better, that'd be ok too, even if
sightly inefficient. As someone else implied, the threat analysis
won't be historically very interesting but is critical in terms
of getting the process done & so we produce a good result.
The Threats Analysis document is already suffering mission creep, both in
terms of "essential" audience and "essential" scope. It began as a document
to satisfy Russ as the potential sponsoring AD, who asked for something that
described what threats DKIM responds to. It now is being required to
satisfy the demands of a larger group of folk, and satisfy a larger set of
questions.
All this, for something that is, in fact, not typically part of the
chartering process. (I suspect it is a unique requirement; this is probably
the first time it has been placed in the criticl path for chartering.) So
characterizing it as "critical in terms of getting the process done" is
automatically problematic.
At the least, it is demonstrating the classic IETF process syndrome of being
an open-ended barrier to forward progress. Each iteration produes new
requirements. We have no real idea how much more will be imposed on the
document, or when the group will get chartered.
All this, for work that has a rather mature core specification, multiple
interoperable implementations, and a solid constituency eager to deploy it.
Were the people imposing these requirements putting in work to satisfy them,
I suppose the situation would not seem quite so bleak.
As it is, we are stuck in a morass of vague and changing requirements for
analysis, being prevented from doing the real work of producing technical
specifications.
If we want to focus on something that is "critical in terms of getting the
process done" then we should do something about this, other than continuing
to add requirements to the threats analysis document.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
ietf-dkim mailing list
http://dkim.org