On 01/04/2012 11:47 AM, Peter Saint-Andre wrote:
I've already done that in my original last call comments. Given that you
rejected my comments out of hand, it doesn't appear that it was for
lack of clarity.
Mike, rather put off by the attitude of the editors in this wg
Mike:
In my experience, the IETF tradition is not to passively complain, but
to actively contribute. Thus if I don't like the fact that there's no
specification for some feature or protocol I care about, it's my
responsibility to write an Internet-Draft to fill that gap. Similarly,
if I have concerns about someone else's Internet-Draft, it's incumbent
on me to propose new or alternative text. Sure, I could wait for the
authors, editors, working group chairs, or area directors to take
action, but you will have much greater success if you actively contribute.
I am not an IETF noob. The problem here is that I DO NOT KNOW
HOW TO MITIGATE THE THREATS I brought up as inadequately
mitigated in the threat draft. I don't know how I can state that more
plainly. I would *hope* that the participants of this working group who
have been working on this for years could do a better job. But if they
can't then the threat draft should just say that there is no known defense
instead of feel-good things like "educate users".
And I completely disagree that this isn't "active" participation. It
denigrates draft reviewers as being lesser participants. Nor does it
match IETF reality: cross area reviewers typically just point out the
problems and leave it to the working group participants to work it
out. Same goes for an IESG DISCUSS.
Mike
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
