ietf
[Top] [All Lists]

Re: Looking for Area Directors Under Lampposts

2015-11-17 05:45:24
----- Original Message -----
From: "Scott O. Bradner" <sob(_at_)sobco(_dot_)com>
To: "IETF discussion list" <ietf(_at_)ietf(_dot_)org>
Sent: Sunday, November 15, 2015 8:10 PM

Maybe I missed it, but I do not recall seeing mention in this thread of
a significant aspect
of an ADs role – reviewing documents from outside there area – i.e., the
cross-jurisdictional review step that the IESG review represents.

This is a major differentiator between the IETF and most other IT
standards development organizations.   In most other organizations
the only technical expertise applied to a proposal comes from within a
working group (working party etc) – a group that will always have a
limited scope of expertise

The IESG’s cross-area review ensures that proposals undergo
review by experts in areas that will likely not be represented within
a particular working group.

Documents, no matter how clearly written, produced by an individual
working group, no matter the level of subject matter expertise, can
benefit from careful review by experts who have expertise outside the
scope of the people participating in the working group.

When I was an AD (a rather long time ago now) I saw many documents
where inadequate attention had been paid to security, congestion
control,
manageability, etc.

<tp>
Scott,

I find it significant that security comes first on your list, congestion
control second.  I see security and transport (UDP usually) as the two
arcane topics that are the commonest source of infelicities, even to the
extent of ADs creating DISCUSS which, at times, appear to me to be based
on misunderstandings.  I think that the Security Area, in particular,
should be more proactive in making it clear what other areas should be
doing, by way of Security Considerations, choice of options and so on.

A minor example of what I have in mind is seeing an I-D in WGLC
recommending the use of an RC4 cipher suite, something that was
'prohibited' last February (RFC7465). You could argue that this is
cross-area review in action, since I track both lists and noticed the
discrepancy.  But there is also a Standards Track protocol from some
time back which still recommends its use, something which someone else
had already picked up on and is likely to fix.  It was good of the
Security Area to make it known that RC4 is now seen as having
unacceptable weaknesses but it would have been better if they had gone
the extra mile to see who was or had recommended it, perhaps using
RFC7465 to make the necessary update.  I think that the bases are now,
or will be, covered but they could have been done so more efficiently,
at less cost to the time of those whose time makes the IETF possible.

Tom Petch

i.e., it is not sufficient to say, as has been said during this thread,
that the
onus should fall on a working group chair to ensure the quality of the
documents that are produced by a working group, the best documents
can be made better, in terms of being used on the Internet, by the
cross-area review done by the IESG.

Scott