(Top posting to save everyone time)
For whatever it is worth, I find myself in complete agreement
with Dave and with his statement of the issues. In particular,
if our desire is to make a statement of concern (superficial or
otherwise), we should do that and not wrap it in an
apparently-technical document and/or set of commitments for
which we can be held accountable for not delivering. If we
actually do want to make commitments for action, this document
is, at best, immature.
The recent "where are the real threats" discussions about https
and the roles of DNSSEC and various types of certification,
including distinctions between data integrity and data quality
for security purposes, reinforce that view.
Personally, I favor the commitments for action but only if they
are associated with a clear understanding and presentation (both
tactical and strategic) of what we reasonably can do
technically. I don't believe the value of expressions of
concern beyond what was already demonstrated in Vancouver is
sufficient to justify the costs of arriving at consensus on them.
best,
john
--On Wednesday, December 11, 2013 09:15 -0800 Dave Crocker
<dhc(_at_)dcrocker(_dot_)net> wrote:
On 12/9/2013 5:28 AM, Stephen Farrell wrote:
The question essentially
is how to cater for network management. I think the
current text is fine, Eliot doesn't,
The IETF has been bitten by the privacy-protection bug, which
is prompting extensive, serious activity on the topic. That's
excellent, of course. However the community is responding
with a sense of urgency about issuing policy statements that I
believe is precipitous.
Policy statements need to represent more than a simple
assertion of a desire or goal. They need to consider
implications, carefully and relatively thoroughly. It's also
best if the statements are written with some attention to
likely misinterpretation. (For example, the current draft is
careful to explain its distinctive use of the word 'attack';
while some readers will persist in misinterpreting the use, at
least the document makes itself clear.)
...
In other words, the community needs to take on a work item to
offer comments on the likely application of this draft to
technical efforts in the IETF, so that we can develop some
understanding of how the document will be useful (and how it
might be revised to avoid difficulties...)
At that point, the document will represent a degree of
substantive, strategic technical thinking by the community,
rather than a more wistful and frankly superficial expression
of concern.