Re: [Nsaas] Existing work, other things

[Melinda Shore <melinda.shore@gmail.com>]

On 9/10/14 12:13 PM, DIEGO LOPEZ GARCIA wrote:
> I fully agree with your statement of trying to narrow the scope and
> identify the piece(s) of technical work to be solved. With that in
> mind I suggested the three aspects to be considered, intended as a
> first step to concrete the goals for a future group. For sure we need
> to refine them but I can tell you that we are seriously considering
> the provision of this kind of security services to our customers. So
> I guess we can consider the request to bring our "product managers"
> to the process fulfilled from our side...

Well, yes and no.

To back up a little bit, the IETF has not historically hewn to the
problem statement->framework->whatever process.  Work used to be
brought in more fully considered, and I think it does not represent
progress that we're now seeing a lot of problem statements.  To me,
it suggests that the work that's being proposed isn't really work
per se - someone's got some ideas about an interesting problem but
hasn't really worked out the details, whether the problem can (or
should) be solved in the IETF at all, and so on.  It seems to me that
from an organizational perspective, the problem statements have
turned into an unproductive time sink.  Work really needs to be
more mature before a BOF is approved.

On the other hand, people who are writing drafts and advocating
for particular pieces of work should not be in a particular hurry
to have a BOF.  It is not in the interest of people advocating a
piece of work to have an unsuccessful BOF.  It hurts your case.
Second, it's also important to keep in mind that the work of the
IETF is done primarily on mailing lists and through the document
process, not at meetings.  It's possible (and has been done a
number of times) to form a working group without ever having held
a BOF.

This is not ETSI and it's not the ITU-T.  The best way to move
work along is to have a technically credible proposal that's
reasonably mature, and to have some people who want to build it
and some other people who want to deploy it.  Support from other
people who write standards is shallow if there's no institutional
commitment to the technology on the parts of their employers.

I don't know where this cloud security stuff is going to go.  It
looks like there are a few specific technical problems that need
to be solved.  I think the best way forward it to tease out
some specific problems, and try to develop technical proposals
around those problems.  Don't rush towards a BOF but rather have
some solid, credible technical work done first.  Demonstrate that
it's a problem that needs to be solved, that the participants are
capable of solving it, that somebody's going to actually build it,
and someone else is going to actually deploy it, and your chances of
the work going forward in the IETF have just skyrocketed.

Melinda