ietf
[Top] [All Lists]

Re: Adept Encryption: Was: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment)

2014-08-21 06:09:00

Dave,

I expect we are not going to agree on this, but that's fine.

On 21/08/14 02:45, Dave Crocker wrote:
On 8/20/2014 6:18 PM, Stephen Farrell wrote:
Personally, I think the probability that we suddenly discover any 
significantly better term is negligible. Not because OS is 
super-good, but rather because nothing is super-good. And
good-enough should be good-enough here.

While there has been repeated, quick dismissal of alternative terms, I
don't recall seeing a careful consideration of candidates, with a clear
explanation for the choice(s) made, making clear why it is better (or
why its deficiencies are less onerous than those of the alternatives.)

That happened on the saag list before the start of IETF LC.
There are quite a few substantive threads on it, I think
the first goes back on March 6th this year started by PHB. [1]

   [1] https://www.ietf.org/mail-archive/web/saag/current/msg04604.html

So 5 months ago. In my local folder for saag "opportunistic"
matches 332 messages starting there, some were offlist though
and some messages got put elsewhere so that number is maybe
about right.

And before you object and again say that any such discussion
in not relevant and that I'm quickly dismissing careful
consideration and causally waving something away by being
readily directive...

...no, I'm not, (despite the piled-on pejorative prose:-)

The fact that we had multiple rounds of discussion on saag
about a plethora of suggested terms is entirely relevant here
and does I believe indicate that no newly suggested term is
likely to be much better, nor is any such term likely to
garner much better consensus. You are of course entirely free
to believe something else but I think the evidence we have is
on my side of this argument.

The problems with 'opportunistic' and with 'security', relative to the
actual content of this draft, have been pointed out repeatedly.  They
are significant.

Rather than again casually waving away a suggested alternative, could we
see a summary consideration of choices, please?


In fact, I'd say so its so negligible that attempting to find such 
(yet again, maybe for the 8th time?) is counterproductive.

This suggests a view that vocabulary choice does not matter all that
much.  For an audience of technical insiders, that's probably true.
Provide definitions and those folk will adjust.

For a wider audience, words carry quite a lot of baggage and so the
choice of terminology matters.

Confusing adept and adapt is an example of this latter case.

So is the considerable ambiguity of the word 'security'.


But that doesn't stop folks genuinely trying seemingly, I guess its 
too tempting a windmill at which to tilt;-)

Here again, Stephen, one would not expect the cognizant AD to be so
readily directive and dismissive of points being raised seriously and by
a range of different contributors.

The mere fact that there is such a broad and persistent base of concern
with 'opportunistic security' warrants taking the issue far more seriously.

Hmmm. I do not see broad concern. I do see persistent expression
of concern from you about this being done without sufficient
something (care, seriousness, whatever). I also see some folks
saying that we should just publish and get it done. That is all
in addition to the good and constructive discussion, involving
you and others, with which the above is intertwined, so for
me at least, its not a big deal really, just some more mail to
get through.

S.




d/


<Prev in Thread] Current Thread [Next in Thread>