Re: [Nea] IESG query re Expert Review

To: Alexey Melnikov <alexey.melnikov at isode.com>, Stephen Hanna <shanna at juniper.net>
Subject: Re: [Nea] IESG query re Expert Review
From: Paul Hoffman <paul.hoffman at vpnc.org>
Date: Fri, 25 Sep 2009 09:35:36 -0700
Cc: NEA <nea at ietf.org>
Delivered-to: nea at core3.amsl.com
In-reply-to: <4AB2AD9F.7030107 at isode.com>
List-archive: <http://www.ietf.org/mail-archive/web/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <AC6674AB7BC78549BB231821ABF7A9AE8FF1D2601B at EMBX01-WF.jnpr.net> <4AB2AD9F.7030107 at isode.com>

Alexey makes some very good points here.

At 10:43 PM +0100 9/17/09, Alexey Melnikov wrote:
>The situation I have in mind is as follows: Assume a vendor A implements some vendor specific attributes. The implementation becomes widespread and other implementations would like to implement it as well. Then somebody not working for vendor A convinces an A's representative to register the attributes as a favor to the community. The A's representative tries to do that, but either the documentation is not quite clear on some details, or it is not always interoperable.
>At this point the registration procedure says that the expert should reject the registration. The A's representative doesn't feel obligated to fix documentation, because the registration was submitted as a service to the community. So, would rejecting the registration in such a case be worse than registering something which is not perfect?

From the experience in other Security WGs, this scenario is both possible and unfortunate. Worse, people will disagree with the answer to the last question and will waste a lot of time that could be used more productively.

>If the WG group agrees that this might be a problem, then there are 2 ways to fix this:
>a). you update the text to relax instructions for the designated Expert Reviewer
>or
>b). the WG can select an Expert Reviewer who is quite relaxed about the rules and would be flexible about allowing not-fully-compliant vendor specific registrations. In this case you don't need to change the document, but there is a small risk that the designated expert wouldn't be as flexible.

Relying on (b) for the long term is not a good strategy. I think (a) is much better. Really, the stability of the vendor's text is way more important than the correctness. If the text is bad, anyone who cares will reverse-engineer it through testing with the vendor's product, and if they're really nice, will encourage the vendor to update it.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: [Nea] IESG query re Expert Review
  - From: Stephen Hanna

References:
- [Nea] IESG query re Expert Review
  - From: Stephen Hanna
- Re: [Nea] IESG query re Expert Review
  - From: Alexey Melnikov

Prev by Date: Re: [Nea] IESG query re Expert Review
Next by Date: [Nea] WG Action: RECHARTER: Network Endpoint Assessment (nea)
Previous by thread: Re: [Nea] IESG query re Expert Review
Next by thread: Re: [Nea] IESG query re Expert Review
Index(es):
- Date
- Thread

Re: [Nea] IESG query re Expert Review

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.