Absolutely and they are competent to do whatever they are competent to do...
Todd ----- Original Message ----- From: "Sabharwal, Atul" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "todd glassey" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, May 03, 2002 11:52 AM Subject: RE: How many standards or protocols... > IMHO, people are people. Whether they are in sales or engineering or > management or in > Marketing or communication, it does not matter!! Some basic values make the > difference. > > Same with whether they are in industry or in school!! Approach is the key. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 03, 2002 8:55 AM > To: todd glassey > Cc: [EMAIL PROTECTED] > Subject: Re: How many standards or protocols... > > On Fri, 03 May 2002 06:57:45 PDT, todd glassey said: > > real-world for you... Letting a technologist blindly develop a protocol > that > > is supposed to work in a commercial world is in my opinion more dangerous > > that allowing the salesperson to design a protocol for the technical world > > to solve > > a problem that they are faced with on a daily basis. Especially as the > IETF > > Find me a sales person who understands security well enough to do a better > job than IPSec, and then we'll talk. > > Find me a sales person who understands routing issues well enough to do > a better job than BGP, and then we'll talk. > > > TSG: But isn't the requirements document most of the design in most > > instances? If you cant define the need then the protocol definition is > > at best speculative and ambiguous. > > I never said that the sales people shouldn't be contributing the > requirements. I said they shouldn't be designing the protocol. > > Over in Detroit, they design cars. They do a *LOT* of market research. > Market research may say that 75% of people interested in a certain model > car would be interested in a rear spoiler - but it would be quite negligent > to let the market researchers decide what size bolts to use to attach it > to the car, wouldn't it? > > > TSG: perhaps. But I am not clear that the IETF should produce anything > other > > than recommendations. That Internet Standards and anything > > above an RFC is fodder for a more regimented and audited group. > > Anybody who thinks the IETF does anything other than recommend doesn't > understand the IETF at all. > > > TSG: But who here in the IETF has done commercial security analysis or > legal > > analysis of what the use models for a Protocol does? > > Erm... Jeff, Steve - will you wave hello to the nice gentleman, and > explain to him about the Security area within the IESG? ;) > > It may be informative to go read the list of authors of the RFCs that come > out > of that area, and ask yourself if your army of salespeople understands > security > better than they do..... You might also want to go read Bruce Schneier's > "Secrets and Lies" and/or "Applied Cryptography", and learn why proprietary > security solutions are rarely, if ever, secure. > > > -- > Valdis Kletnieks > Computer Systems Senior Engineer > Virginia Tech >
