Lakshminath Dondeti wrote:
The way I see it though is that the process and the mechanisms
were not discussed within the community. Conventional wisdom
says that security protocols/mechanisms designed without proper
peer review tend to be broken. A few people I have spoken to
seem to think that the notion of the tools team knowing who
nominated whom is not acceptable,
It's always good to check privacy issues, but please don't get
carried away. It's the job of the tools team to develop new
tools. When they're ready these tools could be hosted by the
IETF secretariat (or elsewhere, you proposed the Nomcom Chair).
The tool has to be tested, it already turned out that some less
usual browsers don't like RFC 2617, but could handle Auth Basic
over https (one hopes).
And maybe the "loginmgr" tool could be extended to some OpenID
concept later, integrated into other tools - I-D submission by
upload is an idea.
At the moment folks can also still send their comments etc. by
mail, then they never touch the tools server. One disadvantage
with that approach is that I never know if the feedback arrived,
all I see is "waiting for moderation".
And of course a Web form can enforce some minimal structure for
the feedback, with ordinary mail what you get can be anything -
maybe a *.doc file and you have no way to read it. Or some
anti-spam mechanism on overdrive deletes it before you see it.
The sender would never know that it vanished in a black hole.
the community does not seem to quite care about who knows what
was said in the nomcom, generally speaking. Is that the case?
I'm interested, but not worried. Your info how it's handled
could be integrated into a privacy statement for this particular
Web form. Maybe the tools list is a better place to discuss
technical details.
Frank
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf