ietf
[Top] [All Lists]

Re: Transparency in Specifications and PRISM-class attacks

2013-09-19 11:49:26
On Thu, Sep 19, 2013 at 11:59 AM, Hannes Tschofenig <
hannes(_dot_)tschofenig(_at_)gmx(_dot_)net> wrote:

Hi Phillip,

I am personally not worried that the standardization work in the IETF can
be sabotaged by governments since our process is open, and transparent to
everyone who cares to see what is going on. I could, however, see easily
how that is a problem with some other organizations (without listing any).


Really?

Are IESG decisions transparent? Where are the audio recordings of the con
calls? Is the IESG/IAB retreat transparent? The NOMCON process certainly is
not.

I have been in pretty much every standards body in the field and the view
of the IETF from outside the IETF is exactly the same as the one you just
gave of those other organizations. Its the reverse of the grass is always
greener.

Document editors have a huge amount of discretion in what they do or do not
include in their documents. Rather more influence than the Chairs in most
WGs.


The traditional view of an RFC is that it is just a description of the
design. What I am arguing for is that we need to capture both the final
design and the design process. People are not going to go through ancient
working group archives to convince themselves that the design is sound. The
design docs have to provide all the explanation necessary.



I believe it is useful to talk about specific cases instead of abstract
concerns to see whether there is a problem at all in the IETF. Maybe that
would allow us to find out whether there is a room for improvement.


I don't want to talk about specific cases because that leads to the game of
hunt the NSA mole which is a really bad idea.

-- 
Website: http://hallambaker.com/