Lixia, Thanks. After a few days' thought and assistance from some off list discussions and, to some degree repeating my earlier comment, I think there are two relatively general (i.e., not just about this specific case) issues exposed by this particular example. (1) Should the IETF be relying on (or requiring the use of) tools that increase the risks of privacy compromise, cross-site linkages, malware injection, etc.? I assume that, if particular features are important enough and hard enough to find elsewhere without introducing other problems, the answer will be "yes" even if it is not "yes" for all cases. But that leads to a second question, which is whether the community should expect decisions to use such tools to to be accompanied by a public analysis of the risks and tradeoffs that led to the decision to go ahead. If only because it is an important mechanism to prevent the decisions to rely on such tools being made without careful thought, I think that having such an analysis posted and available for review would be a useful requirement. Note that I'm not asking for community consensus -- that would almost certainly bog us down in more squabbling and risk of not being able to get anything substantive done. While I think Jeffrey's comment is interesting and should be part of any discussion, I don't think who, if anyone, is paying and for what is anything but part of those tradeoffs. Software that is free is not inherently more or less protective against various sorts of attacks and spoofing. (2) Should we be enabling and supporting side meetings at times that conflict with regular WG meetings, plenaries, etc.? I can certainly remember a time when that was as forbidden as the IETF could make it and imagine you can too. I'm told now that it has "been allowed ... for quite some time now" but I don't think it is a good idea to do anything that might reduce attendance/ participation in WG meeting sessions. Others may, of course, disagree, but I don't remember any community discussion of the decision to allow (and effectively encourage) such conflicts or even a clear IESG decision and statement on the subject. I definitely could not find anything in the material discussing special meetings and their scheduling that even encouraged being very careful about possible conflicts. If I missed something, I hope someone will point me to it, but maybe it is time for a broader discussion (perhaps even if it is a second one) about such conflicts and the parallel question of whether there is a _right_ to hold side meeting at the IETF even if the time slots might be problematic. thanks, john --On Sunday, July 13, 2025 14:34 -0700 Lixia Zhang <lixia@xxxxxxxxxxx> wrote: > Just caught up on this thread. Looks like John's msg dated below is > the latest one. > > I second John's concern, and also have one more question to clarify > below: > >> On Jul 11, 2025, at 2:51 PM, John C Klensin <john-ietf@xxxxxxx> >> wrote: >> >> ....... >> But the problem I, and I think Stephen and Kathleen, are concerned >> about is different. From my perspective, it looks like this: we >> successfully managed to schedule meetings -- regular, special, and >> side -- and make information about them available without making >> private information available outside the IETF. The observation >> Jeffrey Walton made about becoming the product isn't quite right >> because, in a meeting context, most of us are paying and, in >> others, the LLC is paying on our behalf. > > yes most of us are paying for attending IETF meeting, but that > would not directly lead to the conclution that we are using a paid > Trello service. Are we? If not, the comment from Jeffrey applies. > > John's comment below is independent from the above (paid services > can have "special features" that we should be aware). > >> Should we be running tools that >> either pose additional privacy threats or require extraordinary >> measures to avoid or defeat those threats because those tools >> provide special and important extra features not available >> elsewhere? I'm prepared to believe the answer is "yes", but I >> think the community is entitled to know what those special >> features are and, if appropriate, to debate their importance and >> the tradeoffs required to get them. >> >> john > > Lixia >
