I'm glad the process aspects have been brought up again. When a WG is
finished with a draft, there is still a lot more work to do. WG last
call is or should be closer to the middle of a draft's development
trajectory than the end. I would say this is true not just for the
ones that someone close to the draft thinks might be sensitive, since
people close to it will have their own blind spots (and will have done
what they can for the issues they know about already). We should have
better scrutiny for all drafts, taking our time.
Scott
On Fri, Sep 20, 2013 at 12:49 PM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net>
wrote:
As has been said, the premise of open standards work is that it is subject
to broad review, as a quality assurance process. This is expected to find
errors -- and please forgive me for considering a backdoor mechanism to
merely be a really bad error.
But this requires that diverse, aggressive, expert reviews do get done, with
a special eye towards serious errors such as backdoors.
Sometimes we get those, sometimes we don't. We make the assumption that the
considerable array of late-stage reviews done now provide the necessary
assurances, but really they don't. (The original DKIM spec was well and
highly reviewed prior to publication. Imagine my surprise, when we started
the -bis effort, to discover the a critical algorithm was so badly written
it didn't work. The accompanying prose was pretty good, but the pseudo-code
wasn't.)
So we need to worry about active efforts to get diligent reviews that look
for certain classes of strategic problems. This probably requires three
things:
* Ensuring clarity and simplicity in the technology and the
specification writing make the work more accessible. Hence we ought to
seriously consider earlier-stage efforts to ensure that, at least for any
protocol that carries "interesting" security sensitivities.
* Some community agreement about the nature of problems to look for.
* For those sensitive specifications, soliciting additional expert
review, to consider robustness, reliability, and weaknesses such as
backdoors.