In message <[EMAIL PROTECTED]>, "Theodore Ts'o" writes:
>On Tue, Aug 09, 2005 at 03:41:42PM -0500, Spencer Dawkins wrote:
>> Hi, Ted,
>>
>> (offlist) - the current NOMCOM chair posted to the IETF list that for
>> two AD positions this cycle, there were only two candidates, and for a
>> third position, there were only three.
>>
>> Are you saying that we may not be able to get even that many candidates
>> who are willing to serve, if we ask ADs to provide project management?
>
>If we forbid AD's from making any technical contributions, but to only
>serve as process managers and as project managers and nothing more
>than that? Yeah, I would be concerned about whether we would be able
>to find people willing to volunteer to do nothing but that.
>
I can guarantee that if my primary responsibility when I was Security
AD was process and project management, there's no way I'd ever have
taken the position. Rather, I was willing to serve because it was a
way in which I could have more leverage as a security specialist.
I should add that an AD has to walk a very fine line in making
technical contributions; such contributions are often taken as having
far greater weight than they should, because of the obvious possibility
of a DISCUSS later on. Every AD knows this, of course -- how often
have you seen a comment prefaced by "AD hat off" or equivalent?
Let me give a concrete example. At one point in the development of
AAA, there was a lot of discussion about the need for proxies. Now,
from a security perspective I think proxies are a bad idea, for reasons
I outlined in my plenary talk. But I had to be very circumspect in how
I said this in the WG -- the issue was by no means clear-cut enough
that I felt entitled to force the issue with the threat, implicit or
explicit, of a DISCUSS.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/ietf
