Minutes of the Open Internet Architecture Board (IAB)
Reported by: Abel Weinrib, weinrib@intel.com
Jon Postel, RFC Editor, reported that the backlog of RFCs waiting for publication has been significantly reduced over the past few months. He was applauded for this progress.
Steve Bellovin reported on the IAB security architecture workshop. See associated slides.
Comments/questions from the floor:
Authenticode is a problem -- it encourages inexpert programmers to write programs that can be scripted by a hacker. Steve Bellovin: Yes, any sort of mobile code is a serious problem.
Jim Bound: Please make the slides publicly available. Steve Bellovin: Yes, they will be up on Steve Bellovin's Web page and part of the minutes of this meeting.
Merging of network management and operations areas is somewhat difficult; people from the two communities have quite different approaches, perspectives and viewpoints. Fred Baker: The intention of the reorganization is to make sure the tools that come out of the management area are useful to those who are responsible for day-to-day operations of networks.
Steve Knowles: I've seen IAB retreats come and go... What is the IAB going to do with the results of this retreat? Why not reject all protocols that don't meet security requirements? Fred Baker: Yes, once the proper documents are in place, working groups will be required to seriously address security. Need the community as a whole to support this, even if the protocol has been under development for years, is already deployed, etc. "The community is on notice."
Dave Crocker: Working groups need help from early on. Currently, we have each working group trying to define its own solutions.
Bob Hinden: We need a deployed, ubiquitous infrastructure (keys, etc.)--only then will we learn how to use it. Security in IETF specs is only a beginning.
An online copy of these and other minutes are available at http//ftp.isi.edu:pub/IAB.
Also, visit the IAB Web page at http://www.iab.org/iab.