Ed,
I've put this back on the list because I've deliberately been
quiet so far and I only want to go through this once, rather
than getting drawn into a debate which, like many of these
things, goes around in circles.
It seems to me, after long discussions with lawyers over similar
things, that this latest suggestion drops into two cases:
Case 1: The IETF (or IAB, or Secretariat, or something
[else] in the name of the IETF or ISOC) exercises
editorial judgement about what goes onto that
non-conformance list. In that case, especially if there
is disagreement about what conforms and what doesn't,
there is definite legal liability. What protects the
I-Ds is not publication, but the fact that, subject to
constraints about form, releases, and boilerplate, we
will post anything of even marginal relevance. And,
once posted, things are not taken down except for
expiration or violation of those structural requirements.
Case 2: We provide a publication forum for claims and
counter-claims that would likely turn into a flame-fest
with little value to anyone and no real case for "the
IETF" getting involved.
Now, having watched the discussion, a few additional
observations:
(i) IETF standards are, for better or worse, typically written
in a way that is a bit vague at the margins. We depend
critically on goodwill and good-faith adherence to the
robustness principle. And, while we don't talk about it much,
that is probably one of our strengths: one of the things that
leads to constipation in more traditional standards groups is
trying to get all of the little details tied down (even if they
then fail to do so); in general, we just don't bother. But this
approach means that, again, in general, the IAB couldn't go
around passing out badges of shame -- we would have to convene
WGs to study things carefully and reach community consensus.
And I would predict that process would often lead to clarifying
documents and assertions on the part of the offending companies
that they used to conform and we were changing things just so
they wouldn't.
(ii) Believe it or not, the IAB is fairly busy, at least
relative to the expectations of many of those who signed up as
members. Personally, I'd like to boost those
expectations/requirements a bit, but there has been a lot of
resistance from some incumbents and candidates. The
expectations for IAB work levels is something you might discuss
with the Nomcom: I'm not sure it would be a good idea in terms
of the tradeoff between candidate knowledge/quality and
available time, but, if they were select only people who were
prepared to invest, say, a quarter-time commitment every week,
we might see a different level of IAB work capability once
things rolled over. Again, that is not a recommendation -- I
fear reducing the size of the candidate pool enough that quality
goes down.
For reference, we have gotten to the stage that I'm putting in
well over half time, a load that is probably comparable to that
of an IESG AD. If we raise the general expectations to that of
the ADs, we just won't have the same mix of potential candidates
coming into the Nomcom process. And, were we to raise it much
more than that --which I think serious conformance evaluations
would require-- we'd find ourselves with an IAB that was
completely dominated by the (increasingly few) large companies
who can afford to "donate" people essentially full-time to the
IETF.
If you wonder where the time goes, have a look at the IAB ENUM
notes and the OPES comments in the I-D directory. These things
are important. When done well, as I think both of those are and
as is necessary in these cases, you end up with short and
focused documents. But getting then right, and agreed-to, and
focused properly, is just incredibly time-consuming. And that
sort of stuff is critical to getting standards finished and
deployed, which must, I think, be IETF's first priority.
(iii) Now, all of that said, I think that a "Consumers Reports"
(tm, etc) for implementations --wrt both basic quality and
conformance-- would be really helpful. But I'd see that as
best done as an independent, possibly-commercial, effort. If I
had the surplus time and energy, I'd try to sell the idea to one
of the magazines that does evaluations of other things. Their
opinions about what conforms and what doesn't are protected by
the usual press freedoms and their opinions are --realistically
as distinct from in appearance-- no worse than what IAB could
come up with unless WGs were reconvened... and their doing that
sort of work wouldn't muck up the standardization process.
(iv) Finally, if you think Microsoft would be likely to be
influenced by a "you do bad stuff" posting, I have news for you.
Yes, I think they have problems up there of people who are
sloppy and don't care enough about quality (standards-conforming
or otherwise). And there still appear to be some people there
who have never looked at other systems or designs and assume
either that the wheel, the electron, and the computer were
invented in Redmond or that they are just inherently smarter
than everyone else. I doubt that our saying "Microsoft violates
Standard X" would impact either of those groups. But most of
what comes out of Microsoft appears to be the result of hard and
rational business decisions. They have strong models about the
"user experience" they are trying to create and they appear to
be convinced that "user experience" is what sells product (it is
hard to argue with them about that). If they can't figure out
(at whatever level of effort they are willing to invest) how to
both conform to a standard and how to provide that user
experience, the standard is going to lose.
Similarly, although I can't speak to what happens at Microsoft,
there is, these days, often a tension between "conform to
standard" and "put in some variations that help lock in users".
For better or worse, marketing strategies tend to win out in
that type of situation too.
Because of those issues, we have often done much better --in
terms of getting things to conform-- by working quietly to
educate people in producer-companies or organizations who want
to do the Right Thing than by, in the extreme cases, denouncing
the companies, especially when those denunciations result in
having the people with whom we could work ordered to not talk
with us.
john
--On Thursday, 24 January, 2002 04:51 -0800 Ed Gerck
<[EMAIL PROTECTED]> wrote:
> [off-list to avoid more overload]
>
> Even though conformance certification would be useful, it is
> not IMO all that we need. And is not what the IETF
> could/should do -- as there seems to be a consensus.
>
> Much easier to implement, and perhaps much more useful in terms
> of quick user feedback, is to introduce a public
> non-conformance list (NCL). The NCL would make no promises to
> the future (unlike a conformance list), would not imply
> liability (because it exerts no power), and could be hosted by
> the IETF as listserver a (perhaps divided by area). It could
> work in a way very similar to the ID mechanism -- which also
> carries no liability to the IETF.
>
> As I commented in the list, the NCL could help make a good
> selling point even for those companies listed in the NCL --
> "Look, we had six NC complaints and we fixed them all! Our
> product has no current NC complaint." The NCL could also build
> a good feedback channel for WGs, and standard revision.
>
> Looking at the IETF, vendors and users, a NCL would be a
> win-win-win, IMO.
>
> To contrast, a conformance certification program is much
> heavier, slower in response, has potentially large legal
> liabilities, and is essentially a forward promise that is
> very hard to control.
>
> Cheers,
>
> Ed Gerck
>
> Camile Howe wrote:
>
>> Obviously standards non-conformance abuse by industry
>> is "major concern" of IETF members, 'cause I haven't
>> seen this type of "chat-discussion" email (over 100)
>> since TCP.
>>
>> Would expect that it is an ISOC & IAB joint "internet
>> management/oversight" decision as to how we implement
>> industry conformance oversight. Believe most IETF
>> members agree that there would be (industry) incentive
>> to follow an "internet compliant" certification
>> program. If implemented properly (& inexpensive enough
>> for the little guys, perhaps $scaled to business size)
>> would most definitely ease the quantity of offenders.
>> IETF members will gladly assist in the process
>> development of IETF Protocol standards compliance
>> methodology. Below is one possible(high-level) method
>> of implementation.
>>
>> Per the mass/chat-mail discussion...
>>
>> The IETF is not an oversight/management org of
>> Internet.
>> That is the IABs charter. Policing corporations'
>> standards implementations
>> surely is beyond our scope (& $..ha!).
>> IETF is to engineer/develop standard protocols.
>>
>> It seems quite appropriate that our IETF chairman
>> denounce any product known (proven by any IESG member)
>> to deviate from an IETF standard, in the event that
>> the deviation will/might impede the Internet's
>> operation or performance. However, this is risky
>> since in all probability will have a very negative
>> effect... media and politics in the development of
>> standards is bad business. Remember that is why we
>> segregated domain naming. Publicity breads political
>> intervention and inevitably limits innovative
>> development.
>>
>> Believe this area should be the IAB's charter. Since
>> most of us discover short-coming of products during
>> our own employment endeavors, we should establish a
>> new procedure that facilitates us to provide
>> standard-offensive data (perhaps an impact rating
>> scheme), by which the appropriate working group can
>> independently validate and pass on to our chairman...
>> better yet...
>> the IAB (or even ISOC since it a profit/fee org). This
>> would give our spokesman/representative what is
>> required to make such a "damning" non-conforming
>> statement.
>>
>> As far as certification of any standard. Again, it is
>> not the IESG charter, however it is would be
>> appropriate for the IAB to approve certain "test
>> centers" to perform validation/certification
>> endorsement on behalf of the IAB. Most large
>> companies, Sun, MS, IBM etc have the same sort of
>> program. The IAB then gets a percentage of what the
>> "test center" makes. Could be the most cost-effective
>> way to implement policing world-wide. The IAB could
>> be our public voice as well.
>>
>> Camile
>>
>> PS A quote from the IAB...
>> "Another fuzzy boundary is "how far up or down do we
>> go?" With the international political drive for
>> information superhighways, the IAB is expecting the
>> Internet to become the infrastructure for the
>> "Information Infrastructure." Does this mean that
>> every information handling protocol must be developed
>> by the IETF? Certainly not!"
>> http://www.iab.org/connexions.html
>>
>> --- George Michaelson <[EMAIL PROTECTED]> wrote:
>> >
>> > We'll know when the Internet 'matters' on this
>> > measure, when they
>> > take the management and oversight away from the
>> > IETF.
>> > ...
>>
>> Hrm,
>>
>> SoUL = Software Underwriters Laboratories
>>
>> but I thought the UL was a distinct company in it self
>> that other
>> companies
>> send stuff to for testing.
>> So some one withe means and clout in the industy needs
>> to take it up.
>>
>> Suppose could put of a website like
>> http://www.underwriters.org...
>> hrm
>> www.sul.org
>>
>> and gear it as a contact point for software testing.
>>
>> At 10:08 AM 1/23/02 -0600, Alex Audu wrote:
>> > Great idea, but you also should not leave out the
>> issue of compliance
>> testing.
>> > May be an organization like
>> > the Underwriters Laboratories,..or some other newly
>> formed group
>> > (opportunity,.. anyone?) could take
>> > up the role of compliance testing.
>> >
>> > Regards,
>> > Alex.
>> >
>> >
>> > Franck Martin wrote:
>> >
>> >> I support the idea, what needs to be done is the
>> IETF to come with a
>> >> trademark and someone to Inform the ISOC about all
>> this discussion
>> and also
>> >> to register this trademark...
>> >>
>> >> Lynn, Could you please read this thread from the
>> IETF archives, it
>> could be
>> >> interesting for the development of ISOC/IETF.
>> >>
>> >> Franck Martin
>> >> Network and Database Development Officer
>> >> SOPAC South Pacific Applied Geoscience Commission
>> >> Fiji
>> >> E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>>
>> >> -----Original Message-----
>> >> From: Kyle Lussier [mailto:[EMAIL PROTECTED]]
>> >> Sent: Wednesday, 23 January 2002 4:04
>> >> To: Donald E. Eastlake 3rd; [EMAIL PROTECTED]
>> >> Subject: Re: Fwd: Re: IP: Microsoft breaks Mime
>> specification
>> >>
>> >> We need stronger enforcement of the RFC's, and we
>> need creative
>> >> thinking as to how to go about that. I like the
>> idea of an easy
>> >> in "IETF Certified" trademark, if you abuse it, it
>> can be revoked,
>> >> and then vendors building contracts around
>> supporting IETF Certified
>> >> products.
>> >>
>> >> It gives CIOs something to rattle about as well.
>> I.e., they
>> >> can require IETF Certification of products, which
>> guarantees them
>> >> standards support, as enforced by the IETF
>> community.
>> >>
>> >> Just a simple precise trademark construct, with an
>> "easy-in"
>> >> application that costs maybe $100 per product, and
>> supported
>> >> by the IETF. That certification could be revoked
>> down the road.
>> >>
>> >> IETF doesn't have to be a conformance body or
>> litigator. It just
>> >> merely needs to be the bearer of the "one true
>> mark" :).
>> >>
>> >> Kyle Lussier
>> >> AutoNOC LLC
>> >
>> >
>>
>> ----------------
>> ....
>> >
>> > keith - may i refer you to don eastlake's earlier
>> reply? viz., the
>> existing
>> > system is quite effective because products that
>> don't play by the
>> concensus
>> > rules have a much harder time thriving or even
>> surviving.
>>
>> sometimes this works. as a generalization, it doesn't
>> hold up.
>>
>> > > Just to pick a small example: MIME has been out
>> for nearly 10 years
>> and
>> > > I'm still receiving, on a daily basis, MIME
>> attachments that are
>> > > unreadable because they lack proper content-type
>> labelling.
>> > > That's not what I would call "effective".
>> >
>> > then ignore it or fix it. obviously, the pain isn't
>> at the point
>> where it
>> > bothers you... for myself, the program that handles
>> my incoming mail
>> dumps
>> > MIME-bad stuff into an audit file and then ignores
>> it. if it was
>> > "important", then whoever sent it can get on the
>> phone... in doing
>> this for
>> > the last 10 years, i've yet to suffer a mishap
>> because of this...
>>
>> that kind of solution is easy for you or me.
>> unfortunately, it doesn't
>> scale to a user base of 100s of millions of people
>> that's trying to use
>> email to ship around attachments and wondering why
>> they don't work.
>> ....
>> Keith
>>
>> ....One common way for an idea to be half-baked is for
>> it to utterly fail
>> to
>> consider the needs of some constituency or another.
>> As the Internet
>> has become larger and more diverse our organization
>> has also become
>> fragmented, its participants representing very diverse
>> interests.
>> Probably
>> for this reason it's become fairly common for working
>> groups to produce
>> results that are half-baked in this way. Throwing
>> such half-baked
>> ideas
>> to the marketplace usually hasn't resulted in
>> refinement, but it has
>> resulted in harm to the Internet's ability to support
>> new applications.
>> And by the time the harm is understood, it's way too
>> late to kill the
>> bad idea.
>>
>> As for making non-conformance public, I would very
>> much like to see
>> that happen. Whether IETF is in a good position to do
>> this is a
>> different
>> question. Since (perhaps unfortunately) most of
>> IETF's energy comes
>> from
>> vendors who pay their employees to work within IETF
>> working groups, and
>> some of those same vendors have reputations for
>> producing dangerously
>> non-conformant implementations, I think it puts IETF
>> in a precarious
>> position if it starts pointing fingers at the vendors
>> who produce such
>> things
>>
>> Keith
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Great stuff seeking new owners in Yahoo! Auctions!
>> http://auctions.yahoo.com
>>
>> -
>> This message was passed through
>> [EMAIL PROTECTED], which is a sublist of
>> [EMAIL PROTECTED] Not all messages are passed. Decisions on what
>> to pass are made solely by Raffaele D'Albenzio.
>
>
>
