ietf
[Top] [All Lists]

Re: Cross-area review (was Meeting rotation)

2015-12-26 09:52:14
On Thu, Dec 24, 2015 at 12:47 AM, Joel M. Halpern 
<jmh(_at_)joelhalpern(_dot_)com> wrote:
I note in your earlier description you commented that these reviews (whose
value you doubt) take up AD time when they should be serving as managers.  I
note that many areas now routinely turn the primary review over to a
directorate.  The ADs decide how much careful combing they do after the
directorate.  That seems to enable the kind of delegating that can help,
without mandating it, and without having rules that micro-manage how ADs do
their job.

Well yes and no. If I am doing an early review of a doc it might be a
substitute for AD involvement. but if the doc is in IESG last call and
the Security Considerations is a back reference to one in a ten year
old RFC that doesn't actually say anything substantive, SECDIR review
is only going to be a failstop for helping make sure the document gets
attention.

What frustrates me in the reviews is that since we lack a current
description of the Internet architecture, we lack useful guidelines as
to what interactions need to be addressed and which do not.

Where a technology lives in the stack should be a guide to what other
areas it might affect and which security criteria are relevant.

For example, if we have an application specification that depends on a
particular link layer configuration, we have a layering violation. The
cure for that is not 'cross area review', it is for someone to go
learn the principles of modular architecture.

The security requirements that can be met change depending on the
layer you are working at as well. You are not going to be able to
address 'traffic' analysis at the application layer where the
architectural model does not have a concept of network topology. You
are not going to be able to address meta-data analysis at the packet
layer where there is no notion of content.


It is also worth pointing out that directorates have been abused on
occasion. A directorate should never be a cabal that second guesses
the work of working groups behind closed doors.

A lesson that it has taken us longer to understand in security than it
should have perhaps is that implementers have a choice and if we
demand too much, they leave our stuff out completely.