On Tue, Mar 25, 2008 at 05:12:33PM +0100, Simon Josefsson wrote:
Frankly, it strikes me as somewhat odd that a body acting as a
standards-setting organization with public impact might allow any
technical decision on its specifications to be driven by people
operating under a cloak of anonymity. Expressing an anonymous voice?
No problem. Influencing determination of a consensus with public
impact? That should not be allowed, IMO.
What if the pseudonymous voice raise a valid technical concern, provide
useful text for a specification, or even co-author a specification?
I think decisions should be based on technically sound arguments.
Whether someone wants to reveal their real identity is not necessarily
correlated to the same person providing useful contributions.
A valid technical concern is easy to deal with. If they provide an
idea, I suspect a cautious working group chair might insist on knowing
their real name and company affiliation, since there have been past
examples where companies have tried to inject patented technologies
into a standards specification. (For example, see the FTC's decision
If someone is providing text or co-authoring a specification, there
are once again copyright considerations which could cause the IETF
much headaches. If a Cisco employee were to provide text, and then
suddenly yank back copyright permission and disclaim the Note Well,
their are consequences to the engineer and to his/her employer if they
were to do so. A contributor operating under the cloak of anonymity
can evade many of the consequences of being a bad actor.
Which once again brings us back to the question of what is the value
of letting contributors operate under a cloak of anonymity, and do the
benefits outweigh the costs. For political speech where someone wants
to distribute the equivalent of leaflets decrying their current's
government position on say, torture in violation of the Geneva
convention, it's much easier to make the case that allowing anonymous
speech is hugely important. In a standards organization, it's much
harder to make the argument that anonymity is really a benefit.
For example, in the current MS-OOXML controversy, anonymity would make
it impossible, or at least much more difficult, to determine whether
or not Microsoft really did pack various countries' national bodies
with their business partners, and reimbursed membership fees via
"marketing considerations". So I'm rather glad that all or most ISO
national body rules do require declaration and disclosure of legal
names and corporate affiliations.....
IETF mailing list