Hello,
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last call comments.
The document described an RFC3933 experiment in forming a Study Group prior to
Working Group formation. As such I agree with the authors that there are no
additional specific security considerations as also discussed in RFC3933.
Aside from the Security Review, I have three comments:
1. editorial comment to section 1:
s/those who have no followed the/ those who have not followed the
2. comment to section 2:
Section 2 states that:
"If at any point...., including after a first or second BoF session, ... the
IESG MAY propose that a Study Group be formed."
This sounds to me like partially conflicting with RFC2418, which clearly states
that an absolute maximum of two BOFs are allowed for a topic.
This would implicate that if a Study Group was formed after the second BOF, it
would have to directly lead to a WG (or be abandoned) as it can not go back to
BOF.
I would propose to change this to that a Study Group may be initiated after the
first BOF but not after the second to prevent this conflict.
(The second BOF is already an extension and we should not add the Study Group
as a second extension to the system. People should be pretty well prepared at a
second BOF to get either a Yes or No - and if they are not ready for a decision
by then, another second extension may probably also not help.)
So, proposal to change the line in section 2 accordingly:
s/including after a first or second BoF session/including after a first BoF
session
I.e. if a first BOF does not lead to the anticipated results (WG: yes/no
decision), the appropriate mechanism for the AD should be to decide whether
s/he wants to use this experiment or run straight with the second BOF as
defined in the process. With the study group the second BOF could be initiated
after the Study Group has concluded if the AD does not want to go to WG
directly without second BOF.
3. comment to section 3:
In section 3 it is described that a study group shall have and run the same
infrastructure identical to a WG.
I would not agree with this suggestion, but think it should be limited to less
than a WG.
Otherwise it might lead to false impressions, de-facto situations and also
prolong the work of the study group to finally get a "go" for a WG, as they
might consider this an already fully functional "lightweight WG".
Summary:
I believe that this idea of a Study Group is a great idea that will add a new
tool for the AD for the situation that a BOF has not been satisfactory
preparing a WG formation.
However I would suggest to make sure to keep a clear distinction between a WG
and a study group, as they differ dramatically in the regard of role and
acceptance by the IETF community. If they both look similar this might be
misunderstood by people outside or new to the IETF.
Greeting, Tobias
__________________________________________
Tobias Gondrom
Head of Open Text Security Team
Director, Product Security
Open Text
Technopark 2
Werner-von-Siemens-Ring 20
D-85630 Grasbrunn
Phone: +49 (0) 89 4629-1816
Mobile: +49 (0) 173 5942987
Telefax: +49 (0) 89 4629-33-1816
eMail: mailto:tobias(_dot_)gondrom(_at_)opentext(_dot_)com
Internet: http://www.opentext.com/
Place of Incorporation / Sitz der Gesellschaft: Open Text GmbH,
Werner-von-Siemens-Ring 20, 85630 Grasbrunn, Germany | Phone: +49 (0) 89 4629 0
| Fax: +49 (0) 89 4629 1199 | Register Court / Registergericht: München,
Germany | Trade Register Number / HRB: 168364 | VAT ID Number /USt-ID: DE 114
169 819 | Managing Director / Geschäftsführer: John Shackleton, Walter Köhler
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf