what the WG charter says and how the WG output is used are
different things. IMHO we need to consider the potential
unintended consequences of our efforts in IETF, not just what we
intend.
Keith, I have two big problems with this position.
First of all, I have grave doubts our crystal ball is up to the task
of forseeing all unintended consequences of the protocol we develope.
So while I think some consideration of consequences is OK, we also
need to keep in mind that we collectively pretty much suck at
predicting the future.
I agree. But we don't usually have to actually predict the future in
order to make ourselves aware of the potential pitfalls associated with
something that we're thinking about doing, and to take those pitfalls
into account in a design. In the case of NEA those pitfalls aren't too
hard to figure out, but nothing has been proposed to address those
pitfalls other than inconsequential wording suggestions about the scope
of the WG. The WG scope isn't the problem so much as the protocol
itself. Figure out a way to keep the protocol from doing harm, and I'll
be much more interested.
Second, consequences don't just attach to the roads we take, they
also attach to the roads not taken. When we say "no" to something it
often ends up being done in an ad hoc way that can potentially be far
more damaging to the network than had we created a standard with the
proper security mechanisms, applicability statements, and so on.
I agree also that this potential exists. One of the things that really
bothers me about our WG creation process is that a lot of fundamental
decisions about direction of a particular effort tend to be made with
zero investigation of alternatives and little or no community input.
Whatever gets written into the charter is essentially carved in stone,
and sometimes the WGs don't even pay attention to whatever limitations
are included in their charter - they just continue with whatever they
started doing before the charter was approved.
In the case of NEA (as in so many other cases) we (the wider community)
are being presented with this as a done deal - either take this charter
(modulo minor wording changes) or leave it. I sincerely believe that
IETF can do something useful in this general space, but I also sincerely
doubt that NEA is the right direction. And yet, we're already asking a
yes or no question when it really should be a "how can we address these
problems?" question. Is the wrong direction better than no contribution
from IETF in this case? It's not entirely clear, but I suspect that in
this case the answer is no.
And yes, I'm also aware that historically when we charter a WG to study
a problem and draft "requirements", they tend to wallow around and not
produce much of any use.
I also think NEA is a good example of something that will cause a lot
less problems if we do it right than if it is done in a bad and
proprietary way. I started hearing talk about implementating NEA-like
mechanisms at several large sites long before I ever heard of NEA. I
therefroe believe that mechanisms to do this are going to be
developed and deployed no matter what the IETF does.
I agree. But is that really so bad? To me it isn't axiomatic that the
Internet is better off if every application type that is widely deployed
has a standard protocol. DRM is a good example - until DRM can, at a
minimum, preserve a balance of interests between the public and
rightsholders, the Internet is better off without standards for DRM. A
similar argument can be made for NEA - there needs to be a way to
preserve a balance between the rights of host owners and the rights of
network owners. (one particularly chilling scenario is for a network to
use NEA to force every host that connects to it to implement a form of
DRM that compromises the interests of the public)
The only
question is whether or not we're going to have a say in what gets
done. I really don't want to see a situation arise where I can't use,
say, my Linux laptop somwhere because the necessary secret handshake
is some proprietary glop that only Windoze boxes can do.
IMHO, that is _more_ likely to happen if NEA is standardized than if
there are some number of proprietary solutions.
Ketih
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf