Re: CAPWAP BOF follow up: nmrg - CAPWAP

["Bernard Aboba" <bernard_aboba@hotmail.com>]

> from day zero, i and a few others kept saying that the proxies
> were gonna be deadly to the aaa work.  but we could not get folk
> to let go of them.  as an ietf management issue, what can an area
> director do in such circumstances?  the only real controls i had
> were my silver tongue, which failed, and/or shutting the wg, which
> would have seemed draconian.
The bottom line was that the WG did not care about security, and therefore 
treated the required security measures (e.g. Diameter CMS) necessary to make 
proxies safe largely as measures designed to satisfy the IESG, rather than a 
real cost.  Once forced to either take the security requirements imposed by 
proxies seriously or abandon proxies, the WG chose to abandon proxies.  
However, that was 3+ years and many hundreds of man years later -- and the 
protocol had gained huge amounts of (largely unnecessary) complexity in the 
process.

I think this underlines the need to make requirements documents more than 
just a wish list -- there is a real price to be paid for each requirement 
added to the list.  If people had had a good idea of the additional cost of 
each requirement, and were forced to deal with the tradeoffs in terms of 
device cost and WG schedule, maybe they might not have chosen to add it to 
the basket.  I think there's a need to force WGs down to a level of detail 
where those tradeoffs can be understood.

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail