[arch-d] my summary of resilience thread (Was: possible new IAB programme on Internet resilience)

[Stephen Farrell <stephen.farrell@cs.tcd.ie>]

Hi all,

Thanks for the ~70 messages on this over the
holidays - I think that demonstrates a clear and
thoughtful interest in the topic, which is great.
One concern is that there were only a few people who
said they'd do work (as opposed to comment on work),
so we might not know for a while if this'll take off
(and be useful) or not.  I think that's ok, but feel
free to send mail saying you would do work if that's
the case.

Meanwhile, my summary of the thread so far is below
- please correct me if I've gotten anything badly
wrong. (I'll offer this sub-thread to the IAB as a
summary of the discussion - many people, IAB members
included, are busy digesting things other than email
over the holidays:-)

Lastly, the initial idea for this originated from
Terry Manderson and not from within the IAB - Terry
told it to me over some beers at the very end of
IETF105 in Montreal and I related it to the IAB, who
were supportive.  Now that we've seen that people
don't think the idea is totally crazy, I think it's
a good time to ack Terry for that. Terry's not
responsible for any badness in charter-text of
course - that'd be down to my or collective IAB
ineptitude:-)

Cheers, S.

My notes on the thread [1] so far, roughly in order
of how concrete the subsequent action seems (to me)
to be.

(1) Various folks noted that robustness is highly
related to resilience, and that both may be
terms-of-art for some people. I thought the
message from Laurent [2] quoting Jeurgen
Schoenwaelder captured that nicely. My guess is that
a bit of charter editing to try embed that
distinction may be worthwhile to avoid potential
confusion.

(2) Marc [3] suggested that another example (e.g.
DDoS) might be useful to add so it's more clear that
diversity is not a panacea. Seems reasonable.

(3) Lucy [4] and others asked about sense#1 of the
quoted definition of resilience.  Seems to me the
high level bit of the answer is "yes, that could be
in scope" though of course work only happens when
people volunteer to do it, (and then actually do
it:-), so "in scope" is not at all the same as
saying that something will happen. I think the
"mostly" in the charter text is fine for that, but
changing to "mostly, but not exclusively," would
maybe be good.  (As an aside, that sub-thread
describing various things as "compression" is
interesting, maybe even cute:-)

(4) Toerless [5] asked about "membership" of the
programme, raising both the issues of potential
cliques and EAR related reasons why
smokey-back-rooms are even less desirable today
compared to a few years ago. I think that's one
where the IAB should probably chat - it may indicate
a need to change our conception of programmes and
membership a bit, both to be more open and to handle
those EAR-related issues.  (Personally, I'd like if
we could find a modus-operandi that's fully open,
but that can also recognise a smaller set of folks
as being active participants that the IAB think
might usefully contribute.)

(4) In a long sub-thread various people wondered
whether the proposed programme
would/could/should/should-not discuss various policy
or layer-9 issues, such as centralisation, (that
also had a bit of "#include <doh-discussion>"). I
guess we'll have to see what the IAB make of that
but FWIW, my take is that it generally makes sense
for IAB programmes to not be limited to
consideration of layers 1-8, but that no IAB
programme ought be seen as the exclusive venue for
any discussion, and nor does any IAB programme bind
the IETF to anything.  If the IAB agreed with that,
I think that'd maybe mean that the technical
consequences of such issues are in scope for
discussion, but with two caveats: 1) we need to keep
in mind that saying something is in-scope for a
programme does not mean that anything will happen -
as always that depends on someone doing (good) work
on a topic, writing that up for others to discuss,
and actually finishing the work and 2) there's still
a preference for IETF work to be done in the IETF,
so when/if anything in this space gets to be very
concrete (i.e. protocol specific or BCP-like) it'd
need to be decided in the IETF and will not be
decided in/by this IAB programme. I don't think any
charter-text change is needed for any of that.

(5) There was a mention of things being done in
ICANN, ITU or IGF rather than in an IAB programme. I
don't think those ideas received much support that I
could see, so don't think the charter needs changes
for this.  (In saying that, I'm not making any
comment on whether or not it'd be a good or bad idea
for those bodies to take up any related
discussions.)

[1]
https://mailarchive.ietf.org/arch/msg/architecture-discuss/pZR9EYOhTIir0m_YDXQkUGPXwfk
[2]
https://mailarchive.ietf.org/arch/msg/architecture-discuss/iFQVe_1QdiT7JfQqxt9T_b3bp8w
[3]
https://mailarchive.ietf.org/arch/msg/architecture-discuss/pYATTKqH_Avi7D1tOGjz7XD1RHQ
[4]
https://mailarchive.ietf.org/arch/msg/architecture-discuss/qo4evXDIVVDhgNKQ0XzzSMsXwpM
[5]
https://mailarchive.ietf.org/arch/msg/architecture-discuss/6dqFdDrq8DXICx0hACx_rwob6nU