[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 allocation policies, etc.



At 9:38 PM -0500 1/30/04, Michael Richardson wrote:
    VPNC> Are we trying to micro-manage the future with having different
    VPNC> categories for policies?

Let's divide what you saying into two statements:

  1) that we should not have different policies for different tables
     ("micro-management")

2) that the single policy should be expert review.


I don't have an opinion on this. If the expert is capable, then there is no problem.

The expert is assigned by the IESG. I think we can safely assume that if the IESG assigns a lame expert, they'll hear about it quickly enough.


    Theodore> My understanding was that an Expert represented a much higher
    Theodore> bar, because human is in the loop.  My assumption was that an
    Theodore> Expert would

  Specification Required involves the RFC-editor, or possibly another
peer-reviewed journal. I think that this is a much higher bar.

I agree with Ted and disagree with Michael. The RFC Editor is not going to be an expert in IPsec, and probably not have a very well-attuned garbage detector for bad proposals. The expert should.


I don't think that that IETF has a lot of experience with expert review yet.

Fully disagree. It's working fine in many areas. (Full disclosure: I'm now the "expert" on charsets (!))


  And, while the expert may ask to see a specification, (not necessary
though), the specification may be proprietary, require NDA, specific-national
security clearance, etc.

At which point they will not get their IANA registration.


  So, expert review does not, in my opinion, mean that we get any
specifications to look at. It just avoids silly stuff.

That isn't how it has worked in other parts of the IETF. For instance, the IESG might require that the expert have a review team, so all proposals are seen by many sets of eyes. (This is the case for charsets, which are often more intricate and obscure than IKE parameters.)


--Paul Hoffman, Director
--VPN Consortium