Re: [Nea] IESG query re Expert Review

[Stephen Hanna <shanna at juniper.net>]

There was not a lot of discussion on this issue but the
consensus from the comments posted seems to be that we
should follow option a:

> a). you update the text to relax instructions for the 
> designated Expert Reviewer

Therefore, the editors of PA-TNC and PB-TNC will soon be
posting revised Internet-Drafts that make this change.

Thanks,

Steve

> -----Original Message-----
> From: nea-bounces at ietf.org [mailto:nea-bounces at ietf.org] On 
> Behalf Of Paul Hoffman
> Sent: Friday, September 25, 2009 12:36 PM
> To: Alexey Melnikov; Stephen Hanna
> Cc: NEA
> Subject: Re: [Nea] IESG query re Expert Review
> 
> Alexey makes some very good points here.
> 
> At 10:43 PM +0100 9/17/09, Alexey Melnikov wrote:
> >The situation I have in mind is as follows: Assume a vendor 
> A implements some vendor specific attributes. The 
> implementation becomes widespread and other implementations 
> would like to implement it as well. Then somebody not working 
> for vendor A convinces an A's representative to register the 
> attributes as a favor to the community. The A's 
> representative tries to do that, but either the documentation 
> is not quite clear on some details, or it is not always interoperable.
> >At this point the registration procedure says that the 
> expert should reject the registration. The A's representative 
> doesn't feel obligated to fix documentation, because the 
> registration was submitted as a service to the community. So, 
> would rejecting the registration in such a case be worse than 
> registering something which is not perfect?
> 
> From the experience in other Security WGs, this scenario is 
> both possible and unfortunate. Worse, people will disagree 
> with the answer to the last question and will waste a lot of 
> time that could be used more productively.
> 
> >If the WG group agrees that this might be a problem, then 
> there are 2 ways to fix this:
> >a). you update the text to relax instructions for the 
> designated Expert Reviewer
> >or
> >b). the WG can select an Expert Reviewer who is quite 
> relaxed about the rules and would be flexible about allowing 
> not-fully-compliant vendor specific registrations. In this 
> case you don't need to change the document, but there is a 
> small risk that the designated expert wouldn't be as flexible.
> 
> Relying on (b) for the long term is not a good strategy. I 
> think (a) is much better. Really, the stability of the 
> vendor's text is way more important than the correctness. If 
> the text is bad, anyone who cares will reverse-engineer it 
> through testing with the vendor's product, and if they're 
> really nice, will encourage the vendor to update it.
> 
> --Paul Hoffman, Director
> --VPN Consortium
> _______________________________________________
> Nea mailing list
> Nea at ietf.org
> https://www.ietf.org/mailman/listinfo/nea
>