At 1:56 PM -0400 3/21/12, Brian Dickson wrote:
On Wed, Mar 21, 2012 at 1:40 PM, Stephen Kent
<<mailto:[email protected]>[email protected]> wrote:
...
I have added emphasis (bold) to illustrate that the charter does not
_exhaustively_ state which vulnerabilities are to be addressed.
you have added emphasis to the text trying to show why your topic is
not excluded. The generic phrase that applies here is "taking text
out of context."
It does mandate two specific required vulnerabilities, but does not
exclude anything.
The text says "The two vulnerabilities that will be addressed are:
..." In normal English use, "the" implies that only the listed items
are in scope. If one wanted to suggest otherwise, one could say, for
example, "Vulnerabilities that will be addressed include:" or
"Vulnerabilities that will be addressed include but are not limited
to:"
In fact, and I believe I am far from alone in this regard, the bold
items in the charter give license to address other vulnerabilities.
we are far apart.
I would also opine, that _not_ addressing other, identifiable and
identified vulnerabilities, would be seen by the rest of the IETF
and by the "users" of BGP (operators of the >>30k ASNs) as a massive
#FAIL.
Every WG operates based on inputs from its members, not on inputs
from every user of the Internet, every vendors, every network
operator, etc. When a WG reaches rough consensus that reflects the
views of its members, the work product is published to the IETF list
as a whole, offering an opportunity for broader comment. Even that
does not ensure that every affected entity has been consulted. yet,
we persist ...
This can be reduced to english semantics:
"The two vulnerabilities", is semantically distinct from "The _only_
two vulnerabilities".
You (SK) seem to be arguing that the latter is the case. The charter
says the former.
We disagree on how one should read the charter. You should ask the
WGs chairs. If you don't like the answer they provide, then you can
ask the cognizant AD, then the IESG, then the IAB.
If someone (e.g. the AD) is exercising some authority over the WG to
restrict us to the latter, I believe the appropriate way to resolve
this is to re-charter to remove all ambiguity in the matter, one way
or the other.
nice try, but no cigar. the right response is that first we finish
the work we are chartered to do, THEN we can apply to re-charter.
That's how WGs proceed.
That is, unless it is merely a matter of interpreting the words of
the charter incorrectly, in which case, let's just get on with
updating the threat model and finding solutions.
The threat model was updated to reflect SIDR list comments on 2/3, 6
weeks ago, and it garnered no responses. A new version was posted on
2/22, mostly to replace cites of I-Ds with cites to RFCs. It also
garnered no comments.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
