On Sun, 4 Aug 2002, Dave Crocker wrote:
However the list of questions you asked, in the note I was responding to, looked like technical choices. My assumption was that the "policy" issue was in choosing between technologies.
That's actually part of the problem. What happens when you put a bunch of technical people in a room and ask them to solve a problem? You get technical solutions without consideration of what the policy should be. In this case I think we've got the technical version of Mr. Smith Goes to Washington. Technical people who mean well, but don't understand the rules are different inside the washington beltway. I put myself in the same catagory. Mr. Clarke and crew are coming up with a national policy. Technical folks gave lots of technical suggestions. A firewall is a technical tool, but a firewall may not be a good policy. If firewalls were the answer to a national security policy, China would have one of the most secure networks in the world.
I consider the IETF Best Current Practises label as intended specifically for guidance in operations matters. Hence the suggestion to consider it.
IETF BCPs are great guidance for operational matters, they are a lousy basis for regulations or enforcement. Whether you are writing a new TCP/IP stack, or a contract with a vendor, just referencing the RFCs isn't sufficient to get a working system. This is a good thing. OSI tried to cover everything so there is no doubt products from different vendors would work together. IETF just tries to cover enough, and leaves the rest up to interoperability "goodwill" between implementors. But when that goodwill is missing, the IETF and BCPs run into problems.
In between pure tech specs and abstract policy discussion there is technically based consideration of tradeoffs, etc., for technical alternatives. That's not something to leave to purely policy folk and my sense is that the IETF venue can work for such discussion.
Maybe, but IETF has slowly been moving away from anything that doesn't involve running code, bits and photons for a few years. There also seems to be fewer network operators and more vendors at IETF.