ietf
[Top] [All Lists]

Re: How many standards or protocols...

2002-05-03 12:41:07
Absolutely and they are competent to do whatever they are competent to do...

Todd

----- Original Message -----
From: "Sabharwal, Atul" <atul(_dot_)sabharwal(_at_)intel(_dot_)com>
To: <Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu>; "todd glassey"
<todd(_dot_)glassey(_at_)worldnet(_dot_)att(_dot_)net>
Cc: <ietf(_at_)ietf(_dot_)org>
Sent: Friday, May 03, 2002 11:52 AM
Subject: RE: How many standards or protocols...


IMHO, people are people. Whether they are in sales or engineering or
management or in
Marketing or communication, it does not matter!!  Some basic values make
the
difference.

Same with whether they are in industry or in school!!  Approach is the
key.

-----Original Message-----
From: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu 
[mailto:Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu]
Sent: Friday, May 03, 2002 8:55 AM
To: todd glassey
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: How many standards or protocols...

On Fri, 03 May 2002 06:57:45 PDT, todd glassey said:
real-world for you... Letting a technologist blindly develop a protocol
that
is supposed to work in a commercial world is in my opinion more
dangerous
that allowing the salesperson to design a protocol for the technical
world
to solve
a problem that they are faced with on a daily basis. Especially as the
IETF

Find me a sales person who understands security well enough to do a better
job than IPSec, and then we'll talk.

Find me a sales person who understands routing issues well enough to do
a better job than BGP, and then we'll talk.

TSG: But isn't the requirements document most of the design in most
instances? If you cant define the need then the protocol definition is
at best speculative and ambiguous.

I never said that the sales people shouldn't be contributing the
requirements.  I said they shouldn't be designing the protocol.

Over in Detroit, they design cars.  They do a *LOT* of market research.
Market research may say that 75% of people interested in a certain model
car would be interested in a rear spoiler - but it would be quite
negligent
to let the market researchers decide what size bolts to use to attach it
to the car, wouldn't it?

TSG: perhaps. But I am not clear that the IETF should produce anything
other
than recommendations. That Internet Standards and anything
above an RFC is fodder for a more regimented and audited group.

Anybody who thinks the IETF does anything other than recommend doesn't
understand the IETF at all.

TSG: But who here in the IETF has done commercial security analysis or
legal
analysis of what the use models for a Protocol does?

Erm... Jeff, Steve - will you wave hello to the nice gentleman, and
explain to him about the Security area within the IESG? ;)

It may be informative to go read the list of authors of the RFCs that come
out
of that area, and ask yourself if your army of salespeople understands
security
better than they do..... You might also want to go read Bruce Schneier's
"Secrets and Lies" and/or "Applied Cryptography", and learn why
proprietary
security solutions are rarely, if ever, secure.


--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech