RE: Requirements for Open IESG Positions
2007-07-24 15:12:46
I thought the requirements were too specific for the SEC area last year
as well :) I do realize that the text has been largely reused from last
year, but, I think we need to revisit some of these specific
descriptions.
We cannot expect the Nomcom to be familiar enough with all areas to use
their judgment in addition to the requirements received. I think we
need to get better at providing the requirements so that the Nomcom will
really know what they are looking for in candidates.
At the moment, I really think the SEC area requirements are misleading
to the Nomcom and can use a revision.
Vidya
-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Tuesday, July 24, 2007 2:01 PM
To: Narayanan, Vidya
Cc: ietf(_at_)ietf(_dot_)org
Subject: RE: Requirements for Open IESG Positions
One important thing needs to be considered in the Security
and O&M Areas. There are two ADs, and they are expected to
have somewhat different skill sets. For contrast, here are
the requirements that were provided to NomCom2006 for these positions.
Russ
-----------------------------------------------
Operations & Management Area:
The primary technical areas covered by the Operations &
Management area include: Network Management, AAA, and various
operational issues facing the Internet such as DNS
operations, IPv6 operations, Routing operations.
Unlike most IETF areas, the Operations & Management area is
logically divided into two separate functions: Network
Management and Operations.
David Kessens is currently responsible for the Operations
portion of the OPS area, so specific expertise required for
the open position would include a strong understanding of
Internet operations, as well as the ability to step into
Network Management issues when necessary.
The Operations AD is largely responsible for soliciting
operator feedback and input regarding IETF work. This is a
challenging task that requires strong contacts in the
operations community and a great deal of persistence.
Another important role of the Operations AD is to identify
potential or actual operational issues regarding IETF
protocols and documents in all areas, and to work with the
other areas to resolve those issues.
This requires a strong understanding of how new and updated
protocols may affect operations, and the ability to gather
information from the operations community and translate that
information into suggestions for protocol architecture and
design within the IETF. It also requires a strong cross-area
understanding of IETF protocol architecture and technologies.
The Operations portion of the OPS area intersects most often
with the Routing, Internet and Security areas. So,
cross-area expertise in any of those areas would be
particularly useful.
-----------------------------------------------
Security Area:
The WGs within the Security Area are primarily focused on
security protocols. They provide one or more of the security
services:
integrity, authentication, non-repudiation, confidentiality,
and access control. Since many of the security mechanisms
needed to provide these security services are cryptographic,
key management is also vital.
Security ADs are expected to ensure that all IETF
specifications are reviewed for adequate security coverage.
They also manage a set of security resources that are
available to most IETF areas and WGs.
Specific expertise required for a Security AD would include a
strong knowledge of IETF security protocols, particularly
IPsec, IKE, and TLS, and a good working knowledge of security
protocols and mechanisms that have been developed inside and
outside the IETF, most notably including PKI.
Also, a Security AD should understand how to weigh the
security requirements of a protocol against operational and
implementation requirements. We must be pragmatic; otherwise
people will not implement and deploy the secure protocols
that the IETF standardizes.
The Security Area intersects with all other IETF areas, and
its ADs are expected to read and understand the security
implications of documents in all areas. So, broad knowledge
of IETF technologies and the ability to assimilate new
information quickly are imperative for a Security AD.
At 02:44 PM 7/24/2007, Narayanan, Vidya wrote:
Some additional comments on the topic:
In particular, taking the security area requirements as an
example, the
description provided talks about expertise needed based on
the current
ongoing work in the security area. While this is one part,
we want ADs
that can bring in/ evaluate new work which may or may not be
related to
any of the ongoing work in the area. Especially in the
security area,
such relation to other work is very hard to predict.
Personally, I don't think it is a requirement for an AD to
have a deep
understanding of all the protocols produced by the area; rather, for
the security area, for example, I think it is important that the ADs
are capable of analyzing threat models and evaulating the security
implications of work happening in other areas, or have a sufficient
security background to grasp issues raised by experts of a certain
protocol, etc. I think it is much less important that the AD has a
top-to-bottom understanding of TLS or Kerberos or IKEv2 or any one
thing in particular.
I provided this input last year as well and I think it is very
important for us to select an "area generalist" as an AD over a
specialist in a particular set of protocols.
Vidya
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
|
|