IETF Logo Mail Archive

Re: Appointment of a Transport Area Director

Sam Hartman <hartmans-ietf@mit.edu> Mon, 04 March 2013 21:12 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A48421F8FEA for <ietf@ietfa.amsl.com>; Mon, 4 Mar 2013 13:12:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.444
X-Spam-Level:
X-Spam-Status: No, score=-102.444 tagged_above=-999 required=5 tests=[AWL=0.155, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ELUaBvihOWZT for <ietf@ietfa.amsl.com>; Mon, 4 Mar 2013 13:12:30 -0800 (PST)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id E188321F8FE6 for <ietf@ietf.org>; Mon, 4 Mar 2013 13:12:29 -0800 (PST)
Received: from carter-zimmerman.suchdamage.org (c-98-216-0-82.hsd1.ma.comcast.net [98.216.0.82]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS id 3DA1E20229; Mon, 4 Mar 2013 16:12:24 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id CCC7A4486; Mon, 4 Mar 2013 16:12:27 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Russ Housley <housley@vigilsec.com>
Subject: Re: Appointment of a Transport Area Director
References: <21B86E13-B8DA-4119-BBB1-B5EE6D2B5C1D@ietf.org> <51330179.3040500@gmail.com> <919840EE-BEC8-4F82-8D3C-B116698A4262@gmx.net> <1D88E6E9-33DE-4C4D-89F4-B0B762155D6F@standardstrack.com> <D4D47BCFFE5A004F95D707546AC0D7E91F77BA46@SACEXCMBX01-PRD.hq.netapp.com> <3CB8992B-212A-4776-95FE-71CA1E382FFF@standardstrack.com> <513376DB.7000200@dcrocker.net> <E22ACC99-B465-4769-8B59-BB98A7BA93DF@gmx.net> <79E77523-3D92-4CE9-8689-483D416794EF@standardstrack.com> <D4D47BCFFE5A004F95D707546AC0D7E91F780D2F@SACEXCMBX01-PRD.hq.netapp.com> <071C6ED7-352C-4E74-A483-F5E7A3270FA5@gmail.com> <C726E531-57DC-4C42-9053-1394983126D6@vigilsec.com> <5134D5A0.4050209@gmail.com> <tsllia3m5lh.fsf@mit.edu> <CAHBDyN6YEf6=Vrq01AuvJo4fb1e0yYBdAPYrdc=NTLQ7UrUFAQ@mail.gmail.com> <66FE3AEC-A0A4-4D84-BE28-DE42DD20F85A@vigilsec.com>
Date: Mon, 04 Mar 2013 16:12:27 -0500
In-Reply-To: <66FE3AEC-A0A4-4D84-BE28-DE42DD20F85A@vigilsec.com> (Russ Housley's message of "Mon, 4 Mar 2013 14:19:24 -0500")
Message-ID: <tsl1ubulvic.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2013 21:12:30 -0000

>>>>> "Russ" == Russ Housley <housley@vigilsec.com> writes:

    Russ> Sam:
    >>> So in conclusion, I strongly value technical contribution and
    >>> demonstrated ability to pick up new knowledge in an AD. I do not
    >>> highly value knowing all the things going on in a specific area
    >>> at the time the AD joins the IESG.

    Russ> We mostly agree.  We both agree that strong technical
    Russ> contribution is an important aspect of the qualification.
    Russ> However, I believe that some basic clue in the Area is needed.

    Russ> Could you image serving with a Security Co-AD that could not
    Russ> explain how cryptography could be used for authentication?


Russ, we both served with someone who joined the IESG with gaps this big
(not security).  It worked out OK, although it was quite rough for the
person involved and for the co-ad.
I also have some experience helping people learn about security.
I do think I can imagine serving with someone like that, yes; it's frightening.

While I think I have an existence proof that it can work with big gaps
like that, no it would not be my choice to serve  with someone who had
those gaps.

To use security examples we're both familiar with, my claim is that
there are a lot of people outside the security area who have used
security technologies and who could explain for example how
cryptographic authentication works. There are a lot of people running
around RAI with a fair bit of security clue.  Some of those people might
have enough implementation or other experience to understand significant
details of a couple of security protocols. It wouldn't surprise me if
some of those folks had the skills to know when additional review was
required and to learn fast enough that it would work out for them to be
security ADs.
(Now why they'd want to do that to themselves is another story
entirely:-)

No, I don't think you can drop someone who is unfamiliar with an area
into an AD job. I do think you can potentially throw  someone into an AD
job who has broad IETF experience and who has some familiarity with the
area in question.
I am having a hard time characterizing how much experience is needed,
but I think it's a lot lower than "world expert," but very much higher
than "couldn't follow important discussions in the area."

v2.23.0 | Report a Bug | By Email