Re: SSL/TLS everywhere fail

Hiya,

On 07/12/15 00:15, Adrien de Croy wrote:
>>
>> httpbis is one of about 100+ IETF WGs.
> exactly my point.
> 
> I'm not saying there's an easy solution, 

Yep.

> but if you consider that one of
> the most monitored protocols is http, you'd think there would be more
> involvement of this WG for such a BCP, especially considering the extent
> to which we are affected by it.

"involvement of this WG" is a bit of a misnomer - people participate
(and not WGs) and if people choose just this one mailing list, that's
what they've chosen. (As I said before, doing so is entirely reasonable;
before I was on the IESG I would have ignored the crap out of many
IETF-wide discussions;-)

There were iirc quite a few people active in this wg who were
active in the discussion of that draft. I really don't think there
was any deficit in consideration of http in the development of
what ended up as BCP188.

> 
> Maybe there needs to be some more design thought put into how wider
> consensus of affected parties can be achieved, so that those who like
> you say aren't on a plethora of lists can still consider that the
> strength of the consensus is maintained, because AFAIC the whole purpose
> of the IETF is to attain consensus on things and represent the view of
> the community.

Sure. If you have ideas on that then (again) ietf@ietf.org is the right
place to start. Or perhaps apps-discuss@ietf.org or dispatch@ietf.org
if the topic is apps/RAI specific or saag@ietf.org if it's really about
security or privacy. There are already quite a few venues for such
things but they are all relatively imperfect and could do with more
sane input. (And as the IETF considers that one of our strengths is
cross-area review, most good suggestions that help with that are warmly
received.)

S.

Received on Monday, 7 December 2015 00:31:54 UTC