Just a comment on this:
On 5/4/17 1:57 AM, Mark Nottingham wrote:
Even more so when the person misreading (or misusing) it might be a
legislator or regulator who has comparatively little technical depth, but
great impact.
That is *not* the concern that you should be focused on.
First, find me a legislator who has actually read an RFC, and I'll buy
you one of those fancy drinks you like. Even most regulators do not
read RFCs, but when they do they are generally focused on normative
product requirements. This document has no such requirements to grasp.
Nor should a press quote even be a serious concern, given how little
press 7258 and the IAB statement generated.
The only serious concern one might have is whether someone would look at
the document and decide that there is a problem statement for work that
would subvert security to take place, either within the IETF or
elsewhere. Within the IETF we have a rough consensus process that
anyone can use. It doesn't guarantee a result, but it is the best we
have, and I couldn't imagine someone *not* being called out for taking
something out of context, especially on this topic.
That leaves other organizations. some of whose members might even
intentionally misconstrue this work as justification to start new (bad)
work. That's a real risk and it has happened before. Repeatedly. My
observation is that when this has happened in the past, the long term
consequences to the industry have been minimal, first because because we
have happily been able to stop some of the dumber ideas, and also
because our documents had good technical grounding while others did
not. Furthermore, if we don't publish in order to avoid being
misconstrued, it means we cannot have an honest discussion amongst
ourselves, nor can we document any consequences of our decisions, and
that opens this organization up to far more serious (and deserved)
criticism by regulators, antagonists, academics, the press, and, well, us.
Eliot
signature.asc
Description: OpenPGP digital signature