Network Working Group E. Davies, Ed. Request for Comments: 3774 Nortel Networks Category: Informational May 2004 IETF Problem Statement Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This memo summarizes perceived problems in the structure, function, and processes of the Internet Engineering Task Force (IETF). We are attempting to identify these problems, so that they can be addressed and corrected by the IETF community. The problems have been digested and categorized from an extensive discussion which took place on the 'problem-statement' mailing list from November 2002 to September 2003. The problem list has been further analyzed in an attempt to determine the root causes at the heart of the perceived problems: The result will be used to guide the next stage of the process in the Problem Statement working group which is to recommend the structures and processes that will carry out the corrections. Davies Informational [Page 1] RFC 3774 IETF Problem Statement May 2004 Table of Contents 1. Introduction: Issues/Problems in the IETF Process . . . . . . 2 1.1. Consequences of Past Growth . . . . . . . . . . . . . . 3 1.2. The Aim is Improvement, not Finger-pointing . . . . . . 4 1.3. Perceived Problems - Consensus on Solutions . . . . . . 4 2. Root Cause Problems . . . . . . . . . . . . . . . . . . . . . 5 2.1. Participants in the IETF do not have a Common Understanding of its Mission . . . . . . . . . . . . . . 5 2.2. The IETF does not Consistently use Effective Engineering Practices . . . . . . . . . . . . . . . . . 7 2.3. The IETF has Difficulty Handling Large and/or Complex Problems . . . . . . . . . . . . . . . . . . . . . . . . 9 2.4. Three Stage Standards Hierarchy not properly Utilized . 11 2.5. The IETF's Workload Exceeds the Number of Fully Engaged Participants . . . . . . . . . . . . . . . . . . 12 2.5.1. Lack of Formal Recognition . . . . . . . . . . . 13 2.6. The IETF Management Structure is not Matched to the Current Size and Complexity of the IETF . . . . . . . . 13 2.6.1. Span of Authority . . . . . . . . . . . . . . . 13 2.6.2. Workload of the IESG . . . . . . . . . . . . . . 13 2.6.3. Procedural Blockages . . . . . . . . . . . . . . 15 2.6.4. Consequences of Low Throughput in IESG . . . . . 15 2.6.5. Avoidance of Procedural Ossification . . . . . . 15 2.6.6. Concentration of Influence in Too Few Hands . . 16 2.6.7. Excessive Reliance on Personal Relationships . . 17 2.6.8. Difficulty making Technical and Process Appeals. 18 2.7. Working Group Dynamics can make Issue Closure Difficult. 18 2.8. IETF Participants and Leaders are Inadequately Prepared for their Roles . . . . . . . . . . . . . . . . . . . . 19 3. Security Considerations . . . . . . . . . . . . . . . . . . . 20 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.1. Normative References . . . . . . . . . . . . . . . . . . 21 5.2. Informative References . . . . . . . . . . . . . . . . . 21 6. Editor's Address . . . . . . . . . . . . . . . . . . . . . . . 21 7. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 22 1. Introduction: Issues/Problems in the IETF Process Discussion started in the second half of 2002 has shown that a significant number of problems are believed to exist in the way the Internet Engineering Taskforce (IETF) operates. Before attempting to change the IETF procedures and rules to deal with these problems, the IETF should have a clear, agreed-upon description of what problems we are trying to solve. Davies Informational [Page 2] RFC 3774 IETF Problem Statement May 2004 The Problem Statement working group was chartered to create this document, which contains a description of the problems, and to use this analysis to suggest processes to address the identified problems. Taken in isolation, this document may appear to be exceedingly negative. The IETF needs to refresh its management and processes to address today's challenges, but it should not be forgotten that the IETF has produced a large body of high quality work which has lead to an extremely successful and pervasive network infrastructure. Against this background, we should see the current document as a necessary piece of self-criticism leading to renewal and continued success. The discussion of the positive aspects has been deliberately confined to the IETF Problem Resolution Processes document [5] which considers the core values that the IETF needs to maintain whilst correcting the problems that participants perceive as affecting the IETF at present. The raw material for this document was derived by summarizing the extensive discussions which initially took place on the 'wgchairs' mailing list and subsequently on the 'problem-statement' mailing list from November 2002 through to September 2003, incorporating additional input from relevant drafts published during this period (see [2], [3] and [4]), and the minutes of recent plenary discussions. This produced a list of perceived problems which were classified into a number of related groups using a classification suggested by the processes which go on in the IETF. This document has digested these perceived problems into a small set of root cause issues, and a short list of subsidiary issues which appear to be the most pressing items engendered by the root cause. This list is set out in Section 2. Section 1.1 gives a short explanation of the thinking that has taken place in coming to the current view of the root causes. The original summary of perceived problems has been posted to the Problem Statement Working Group mailing list so that it can be referred to in future. Note that it remains classified according the original scheme so that the raw data is available if alternative root cause analysis is needed. 1.1. Consequences of Past Growth As the problems of the IETF were examined, it became clear that they are neither new nor are they symptoms of a problem which is novel in the science of organizations. Davies Informational [Page 3] RFC 3774 IETF Problem Statement May 2004 The IETF started off as a small, focused organization with a clearly defined mission and participants who had been working in this area for a significant period of time. Over the period 1989-1999, the IETF grew by a factor of ten or more in terms of number of participants, and volume of work in progress. The effects of this growth have been compounded by the extension of the scope of the IETF which makes the work much more varied. Also during this period, the Internet has become more complex and the requirements placed on it by a far larger user community have changed as the network has come to have a pivotal role in many areas of life. Many of the problems and symptoms appear to be fundamentally caused by the organization failing to fully adapt its management structure and processes to its new larger size and the increased complexity of the work. The IETF has also failed to clearly define its future mission now that the initial mission has been completed or outgrown. These failures are just those that afflict many small organizations trying to make the transition from a small organization, which can be run informally and where essentially all participants fully share the aims, values, and motivations of the leadership, to a medium sized organization, where there are too many participants for informal leadership and later arrivals either do not fully understand or have a different perception of the ethos of the organization. Some IETF participants have been aware of these issues for a long time. Records dating back to at least 1992 drew similar conclusions. 1.2. The Aim is Improvement, not Finger-pointing Many of the problems identified in this memo have been remarkably persistent over a 15-year period, surviving a number of changes in personnel. We see them as structural problems, not personnel problems. Blame for any of the perceived problems should not be directed to any individual. The sole aim of this review process is to identify how the IETF can improve itself so that it knows what it is about and becomes fit for that purpose in the shortest possible time frame. 1.3. Perceived Problems - Consensus on Solutions The working group participants emphasize that both the long list of problems and the root cause issues that were derived from them are problems that are believed to exist by a significant constituency, either on the mailing list and/or in private discussions. We also note that many of these problems appear to be of long standing, as a Davies Informational [Page 4] RFC 3774 IETF Problem Statement May 2004 very similar list has survived from the discussions in the first POISED working group that took place prior to the IETF organizational changes approved in 1992. We, in line with many contributors to the mailing list, believe that it is important to try and identify what appear to be the root causes of the perceived problems, but trying to prioritize or assign a relative importance to the problems would not be useful: rough consensus on an unordered list of real and important root causes will be sufficient. The root causes identified will provide a guide in setting up the processes needed to resolve the problems: the perceived problems can be viewed as multiple symptoms of the root causes which should provide input to those trying to resolve the problems in achieving consensus on solutions. 2. Root Cause Problems This section forms the heart of this analysis, and lists the issues which we believe lie at the core of the problems. Apart from the first issue which is fundamental, the problems are not necessarily in priority order, but they will be seen to be interlinked in various ways. 2.1. Participants in the IETF do not have a Common Understanding of its Mission The IETF lacks a clearly defined and commonly understood Mission: as a result, the goals and priorities for the IETF as a whole and any Working Groups (WGs) that are chartered are also unclear. The IETF needs to understand its mission in the context of the greatly increased scope and complexity of the Internet, and the changing requirements of the much larger user community that the success of its previous work has engendered. The lack of a common mission has many consequences, of which the principal ones appear to be: o The IETF is unsure what it is trying to achieve and hence cannot know what its optimum internal organization should be to achieve its aims. o The IETF cannot determine what its 'scope' should be, and hence cannot decide whether a piece of proposed work is either in-scope or out-of-scope. o The IETF is unsure who its stakeholders are. Consequently, certain groups of stakeholder, who could otherwise provide Davies Informational [Page 5] RFC 3774 IETF Problem Statement May 2004 important input to the process, have been more or less sidelined because it has seemed to these stakeholders that the organization does not give due weight to their input. o Working Groups can potentially be hijacked by sectional interests to the detriment of the IETF's mission. o The misty vision has inhibited the development of roadmaps that would inform the IETF's stakeholders of our longer term intentions, as well as restricting the associated architectural views to an outline top level view which does not fully reflect the developing nature of the Internet. It would be desirable to have roadmaps and architectural views for portions of work which extend beyond a single working group: it may also be the case that it is no longer possible to fit the whole Internet within a single architecture. o The IETF is unable to determine explicitly what effect it desires to have in the marketplace, and is therefore unable to determine what requirements of timeliness are appropriate when planning work and setting expectations for stakeholders which will further the IETF's mission. o The lack of precision regarding our goals leads to WG charters and requirements that are poorly thought out and/or not aligned with the overall architecture. The resulting poorly defined charters are a major factor in poor quality and/or late deliveries from some WGs and the total failure of other WGs. o The IETF needs to avoid focusing on a too-narrow scope of technology because this would be likely to blinker the IETF's view of 'the good of the Internet', and will harm the long-term goal of making the Internet useful to the greatest number stakeholders; this argues for allowing a relatively wide range of topics to be worked on in the IETF - cross-fertilization has always been one of the IETF's strengths. An additional barrier to achieving a common understanding is that the IETF does not have a recognized forum in which all stakeholders participate and in which organization wide consensus might be reached. Plenary meetings during regular IETF meetings allow a large cross-section of the community to offer views, but there is not generally sufficient time to achieve consensus and there is no single mailing list which all stakeholders can be guaranteed to monitor. The IETF creates standards and is therefore necessarily a Standards Development Organization (SDO), but many participants would like to differentiate the IETF and its way of working from the 'conventional' Davies Informational [Page 6] RFC 3774 IETF Problem Statement May 2004 SDOs which emphasize corporate involvement and mandated delegates. Externally, the IETF is often classified with these conventional SDOs, especially by detractors, because the differentiation in the IETF's mission and processes and the rationale for those differences are not clear. This can lead to the IETF being misunderstood by other SDOs which can make communications between SDOs less effective, harming the IETF's ability to achieve its mission. 2.2. The IETF does not Consistently use Effective Engineering Practices For an organization with 'engineering' in its title and participants who are likely to trot out the statement "Trust me, I'm an engineer!" when confronted with the need to find a solution to a particularly knotty problem, the IETF has, at least in some cases, extremely ineffective engineering practices. Effective engineering practices, as used here, covers both the techniques used to derive and verify the technical solutions needed, and the management and organizational strategies that are commonly accepted to help with the engineering process. A major symptom of this lack is that WGs do not consistently produce timely, high-quality, and predictable output. As discussed in Section 2.1, this problem is exacerbated because the IETF currently finds it difficult to determine what is timely, and hence what are appropriate deadlines for the delivery of WG output. Some of the contributing problems which interfere with effective engineering in WGs include: o Failure to ensure that there is a uniform view in the WG of the scope of the WG activity, especially the intended purpose of the solution. o Failure to identify the issues that need to be resolved at an early stage (before the design is frozen), and/or then to ensure that there is a uniform view in the WG of the issues that need to be resolved to bring the work to a satisfactory conclusion. o Failure to identify and articulate engineering trade-offs that may be needed to meet the deadlines that the WG has set without inappropriately reducing the 'fitness for purpose' for the intended customers. o Continued refinement of the solution beyond the point at which it is adequate to meet the requirements placed on it by the intended purpose. Davies Informational [Page 7] RFC 3774 IETF Problem Statement May 2004 The IETF standards engineering process is not set up to deliver iterative process improvement. Particular areas that need improvement include: o The charter may not be sufficiently detailed to document the process and timeline to be followed by the WG. Additional documents may be needed, such as a roadmap or detailed plans. o Poorly defined success criteria for WGs and individual documents. o Lack of written guidelines or templates for the content of documents (as opposed to the overall layout) and matching lists of review criteria designed to achieve appropriate quality in output. o Lack of auditing against explicit criteria throughout the standards development process. o Lack of review, especially early review, by reviewers who are not directly interested members of the WG, and by subject matter experts for topics related to, but not necessarily the immediate focus of the document. o Lack of documentation about likely problem areas that might arise due to interactions with other popular IETF protocols. o Lack of metrics to measure the achievement of the desired quality and the performance of both WGs and the whole IETF. o Lack of metrics and 'post mortem' procedures to drive the improvement of the standards development and other IETF processes. o Lack of criteria for determining when a piece of work is overrunning and/or is unlikely to be concluded successfully, either at all or within an acceptable time frame. Lack of process for extending the time frame, adjusting the scope, or terminating the work item or the whole Working Group. o Automated tools to support the engineering process are minimal. o Despite its commitment to 'running code', the IETF is not proactive in providing ways for developers to verify their implementations of IETF standards. In addition, IETF processes, and Working Group processes in particular, suffer because commonly accepted Project Management techniques are not regularly applied to the progress of work in the organization. Davies Informational [Page 8] RFC 3774 IETF Problem Statement May 2004 o Project entry, goal setting, dependency identification, coordination, and tracking processes are all either missing or implemented less effectively than the norm for commercial organizations in related activities. Dependencies and coordination should cover both other WGs within the IETF and any outside SDO with which the IETF is collaborating. o Charters regularly fail to set enough milestones with sufficiently small granularity at which progress of WGs, individuals, and documents can be evaluated. Also, WGs often do not make more detailed work plans to refine the charter plans. o The acceptable deadlines for finishing a piece of work, and the criteria used to determine them, are rarely, if ever, documented. Also, the estimated time required to complete the work often differs widely from the time actually taken. The combination of these factors makes determining the feasibility of delivering within the required time frame, and then adjusting the scope of the work to fit the time frame requirements, extremely difficult. One problem which the IETF does not appear to suffer from is excessive bureaucracy, in the sense that transfer of information is generally kept to the minimum necessary to accomplish the task. It is important that any changes introduced do not significantly increase the bureaucratic load whilst still recording sufficient information to allow process improvement. Finally, even where the IETF does have Engineering Practices defined, there are frequently cases where they are ignored or distorted. One area of particular concern is the tendency for protocols to be assessed and issues resolved primarily through static analysis of the written specification rather than by practical experiment with 'running code'. 2.3. The IETF has Difficulty Handling Large and/or Complex Problems The IETF has historically been most successful when dealing with tightly focused problems that have few interactions with other parts of the total problem solution. Given that the Internet has become more complex, such tightly focused problems are becoming the exception. The IETF does not always seem to be aware of the interactions between protocols that are bound to be thrown up by deployment in more complex situations and so fails to minimize the chances of unwelcome consequences arising unforeseen when a new protocol is deployed. This may be exacerbated by inadequate review from outside the WG as suggested in Section 2.2. Davies Informational [Page 9] RFC 3774 IETF Problem Statement May 2004 IETF standardization procedures are optimized for tightly constrained working groups and are generally less effective if 'engineering in the large' is needed to reach a satisfactory solution. Engineering in the large can encompass many aspects of system design including: Architecture Frameworks Security Internationalization The IETF has historically standardized protocol components rather than complete systems, but as we have learned more about the ways in which systems on the Internet interact, design of components needs to take into account more and more external constraints, and the understanding of these constraints tends to require more engineering in the large. Part of the cause of this difficulty may be that the formal reporting structure of the IETF emphasizes communication between the Internet Engineering Steering Group (IESG) through the ADs and the WGs, and does not place much reliance on inter-WG communications: o The IETF is not consistently effective at resolving issues that cross WG or area boundaries. o The IETF does not possess effective formal mechanisms for inter-WG cooperation, coordination, or communication, including the handling of dependencies between deliverables and processes specified in WG charters. o The IETF does not have an effective means for defining architectures and frameworks that will shape the work of multiple WGs. The IETF also has to work with other SDOs, and the liaison mechanisms for coordination and cooperation do not always work efficiently. This needs to be remedied because some of the interactions which IETF work has to take into account will involve protocols and systems standardized by these other SDOs. A possible consequence of the need for more engineering in the large is that protocol specifications have become larger: as a result they now take longer to develop. Some people perceive that this is because the IESG has tended to require protocol specifications to specify an entire system, instead of simple component protocols, leading to feature bloat and applicability only to a narrow range of applications (see also Section 2.4). On the other hand, others believe that the IESG has approved simple component protocols without Davies Informational [Page 10] RFC 3774 IETF Problem Statement May 2004 an adequate understanding of the systems and contexts in which the protocols might be used. These problems appear to be two additional aspects of the general problem that the IETF has with handling large and/or complex systems. 2.4. Three Stage Standards Hierarchy not properly Utilized The current hierarchy of Proposed, Draft, and Full Standard maturity levels for specifications is no longer being used in the way that was envisioned when the stratification was originally proposed. In practice, the IETF currently has a one-step standards process that subverts the IETF's preference for demonstrating effectiveness through running code in multiple interoperable implementations. This compresses the process that previously allowed specifications to mature as experience was gained with actual implementations: o Relatively few specifications are now progressed beyond Proposed Standard (PS) to Draft Standard (DS) level, and even fewer to Full Standard (FS). o It is widely perceived that the IESG has 'raised the (quality) bar' that standards have to pass to be accorded a PS status. Protocol developers may be required to specify a complete system rather than an interface in order for their specification to be approved as a PS (see also Section 2.3). o In spite of the apparently higher quality hurdle, implementation or deployment experience is still not required, so the IETF's guiding principle of 'rough consensus and running code' has less of a chance to be effective. o There appears to be a vicious circle in operation where vendors tend to deploy protocols that have reached PS as if they were ready for full production, rather than accepting that standards at the PS level are still under development and could be expected to be altered after feature, performance, and interoperability tests in limited pilot installations, as was originally intended. The enthusiasm of vendors to achieve a rapid time to market seems to have encouraged the IETF in general and the IESG in particular to attempt to ensure that specifications at PS are ready for prime time, and that subsequent modifications will be minimal as it progresses to DS and FS, assuming effort can be found to create the necessary applicability and interoperability reports that are needed. o The three stage hierarchy is, accordingly, seen to be excessive. Davies Informational [Page 11] RFC 3774 IETF Problem Statement May 2004 o There is no formal bug reporting or tracking system in place for IETF specifications. o The periodic review of protocols at PS and DS levels specified in [1] are not being carried out, allowing protocols to persist in these lower maturity levels for extended periods of time, whereas the process would normally expect them to progress or be relegated to Historic status. o No individual or body is given the task of 'maintaining' a specification after the original WG has closed down. Specifications are generally only updated when a need for a new version is perceived. No attempt is normally made to correct bugs in the specification (whether they affect operation or not) and the specification is not updated to reflect parts of the specification that have fallen into disuse or were, in fact, never implemented. This is, in part, because the current procedures would require a standard to revert to the PS maturity level, even when specification maintenance is carried out. This occurs even if the changes can be demonstrated to have no or minimal effect on an existing protocol at the DS or FS level. 2.5. The IETF's Workload Exceeds the Number of Fully Engaged Participants There are a number of respects in which IETF participants and contributors appear to have become less fully engaged with the IETF processes, for example: o Although there may be large attendance at many WG meetings, in many cases, 5% or less of the participants have read the drafts under discussion or that have a bearing on the decisions to be made. o Commitments to write, edit, or review a document are not carried out in a timely fashion. o Little or no response is seen when a request for 'last-call' review is issued, either at WG or IETF level. This might be because contributors have less time available in their work schedule during the downturn of the Internet business climate between 2001 and 2003. Yet, this is not the whole story, as there were signs of this effect back at the height of the Internet's boom in 2000. Davies Informational [Page 12] RFC 3774 IETF Problem Statement May 2004 This problem exacerbates the problems the IETF has had with timely delivery and may weaken the authority of IETF specifications if decisions are seen to be taken by badly informed participants and without widespread review. 2.5.1. Lack of Formal Recognition Beyond RFC Authorship, WG Chair positions, Directorate positions, or IESG and Internet Architecture Board (IAB) membership, the IETF does not offer formal recognition of contributions to the IETF. This potentially acts as a disincentive to continued engagement and can lead to useful and effective participants leaving because they cannot obtain any recognition (the only currency the IETF has to pay participants), which they use to fuel their own enthusiasm and help justify their continued attendance at IETF meetings to cost constrained employers. Note: Using Leadership positions as rewards for good work would probably be damaging to the IETF. This paragraph is meant to indicate the need for other types of rewards. 2.6. The IETF Management Structure is not Matched to the Current Size and Complexity of the IETF The management and technical review processes currently in place were adequate for the older, smaller IETF, but are apparently not scalable to the current size of the organization. The form of the organization has not been significantly modified since 1992, since when the organization has undergone considerable further growth. The scope of IETF activities has also been extended as the Internet has become more complex. 2.6.1. Span of Authority Overt authority in the IETF is concentrated in the small number of people sitting on the IESG at that time. Existing IETF processes work to funnel tasks on to this small number of people (primarily the Area Directors (ADs) in the IESG). This concentration slows process and puts a very large load of responsibility on the shoulders of these people who are required to act as the senior management for Working Group (WG) chairs, as well as acting as quality backstops for the large number of documents issued by the IETF. The situation has not been helped by the widening of the scope of the IETF, which has resulted in somewhat more WGs and a need for a very broad spectrum of knowledge within the set of ADs. Davies Informational [Page 13] RFC 3774 IETF Problem Statement May 2004 2.6.2. Workload of the IESG With the current structure of the IETF and IESG, the workload imposed on each of the ADs is almost certainly well beyond the capabilities of a single person. The current job description for an AD encompasses at least the following tasks: o Interacting with WGs o Understanding network and computer technology in general, and their own area in detail o Cross-pollinating between groups o Coordinating with other areas o Potentially, managing their Area Directorate team o Effectively providing technical management, people-management, and project supervision for their WGs o Reading (or at least skimming) every formal document which the IETF produces, and having an opinion on all of them, as well as all the Internet Drafts produced by the WGs in the area, and understanding the interactions between all these specifications. Given the number of WGs which are now active, the increasing complexity of both the work being undertaken and the technology in general, together with the volume of documents being produced, makes it clear that only superhumans can be expected to do this job well. To make matters worse, these tasks are, in theory, a 'part time' occupation. ADs will normally have a conventional job, with the IETF activities as just one part of their job specification. This view has been reinforced by recent resignations from the IESG, citing the size of the workload as a primary factor. The IETF also has no mechanisms to nominate a temporary replacement or an assistant should an AD be incapacitated wholly or partially for a period. The malign effects of this overload include: o Wear on the IESG: The IESG members are overworked which is bad for their health, humor, and home life, and may also result in conflicts with their employers if the IETF work impacts the IESG member's performance of their 'day job'. Davies Informational [Page 14] RFC 3774 IETF Problem Statement May 2004 o Unhappiness in the IETF: IETF stakeholders perceive that IESG members are responding slowly, are not fully up-to-date with their technology, fail to pro-actively manage problems in their WGs, and are unable to keep communication channels with other groups open. o Recruiting shrinkage: The number of people who can imagine taking on an IESG post is steadily decreasing. It is largely limited to people who work for large companies who can afford to send IESG members to the IETF for the duration of their appointments. In the current business climate, fewer companies are able to justify the preemption of an important engineering and business resource for a significant period of time, and are more likely to put forward 'standards professionals' than their best engineers. 2.6.3. Procedural Blockages The current procedural rules combined with the management and quality roles of the ADs can lead to situations where WGs or document authors believe that one or two ADs are deliberately blocking the progress of a WG document without good reason or public justification. Appeal processes in these circumstances are limited and the only sanction that could be applied to the relevant ADs is recall, which has almost always been seen to be out of scale with the apparent offense and hence almost never invoked. This perception of invulnerability has led to a view that the IESG in general and the ADs in particular are insufficiently accountable for their actions to their WGs and the IETF at large, although the recent introduction of the Internet Draft Tracker tool makes it easier to determine if and how a document has become blocked, and hence to take appropriate steps to release it. 2.6.4. Consequences of Low Throughput in IESG If documents are inappropriately (or even accidentally) delayed or blocked as a result of IESG (in)action, this can cause much frustration inside the organization, a perception of disunity seen from outside the organization, and delay of standards, possibly to the point where they are too late to match market requirements: work which has been properly authorized as being within the scope of the IETF and properly quality checked during development, should almost never come up against such a blockage. Delay in authorizing a BOF or chartering a new WG can delay the start of the process with similar effects. It also appears that IESG delays are sometimes used to excuse what is actually slow work in WGs. Davies Informational [Page 15] RFC 3774 IETF Problem Statement May 2004 2.6.5. Avoidance of Procedural Ossification The systems and processes used by the IETF are generally designed around having firm general principles and considerable IESG discretion within those principles. It appears that the IETF is showing a disturbing tendency to turn IESG 'rules of convenience' into rigid strictures that cannot be violated or deviated from. Up to now, IETF discussions of procedures have been driven by a model in which the procedural BCPs construct a framework for doing work, but the details of the framework are left for the IESG to fill in. When issues or crises have arisen, the IETF has generally avoided making specific procedural changes to compensate, instead realizing that we could not anticipate all cases and that 'fighting the last war' is not a good way to proceed. This can only continue to work if the participants continue to trust the IESG to act fairly in filling in the details and making appropriate exceptions, without a great deal of debate, when it is clearly desirable. At present, the IETF appears to have lost sight of this flexibility, and is entangling itself in procedures that evolve from organizational conveniences into encumbrances. 2.6.6. Concentration of Influence in Too Few Hands Until the last couple of years, successive IETF Nominating Committees have chosen to give heavy weighting to continuity of IESG and IAB membership. Thus, the IETF appeared to have created an affinity group system which tended to re-select the same leaders from a limited pool of people who had proved competent and committed in the past. Members of this affinity group tend to talk more freely to each other and former members of the affinity group - this may be because the affinity group has also come to share a cultural outlook which matches the dominant cultural ethos of the IETF (North American, English speaking). Newcomers to the organization and others outside the affinity group are reluctant to challenge the apparent authority of the extended affinity group during debates and consequently influence remains concentrated in a relatively small group of people. This reluctance may also be exacerbated if participants come from a different cultural background than the dominant one. Such participants also tend to find it more difficult to follow the rapid and colloquial speaking style of native English speakers, and may consequently be effectively excluded from the discussion, even if maximum assistance is available by such means as real time Jabber logs and extensive text on presentation slides. Even on mailing Davies Informational [Page 16] RFC 3774 IETF Problem Statement May 2004 lists, people from other cultures may be reluctant to be as forthright as is often the case in discussions between North Americans; also, a person whose first language is not English may be daunted by the volume of mail that can occur on some mailing lists and the use of colloquialisms or euphemisms may cause misunderstandings if correspondents are not aware of the problem. A further instance of the problems of concentration of influence potentially occurs when, from time to time, ADs have acted as WG chairs: conflict of interest might well arise in discussions between the IESG and any WG with an AD as its chair. Whilst care is usually taken to have a newly selected AD vacate any WG chair positions which might be held in his or her own area, the conflict can arise on the occasions when an AD has been used as the chair of a WG because it is clearly the right (or only possible) solution for the WG from an engineering and know-how position. Furthermore, given the known problem of workload for IESG members, there must be doubts as to whether an AD can or ought to be taking on this extra load. 2.6.7. Excessive Reliance on Personal Relationships The IETF is an intensely personal and individualistic organization. Its fundamental structure is based on individuals as actors, rather than countries, organizations, or companies as in most other SDOs. This is also reflected in how the IETF gets its work done: the NOMCOM process, the WG Chair selection processes, and the activities of WGs are all reliant on personal knowledge of the capabilities of other individuals and an understanding built on experience of what they can be expected to deliver, given that there are almost no sanctions that can be applied beyond not asking them to do a similar task again. The relationship works best when it is two way - the person being asked to perform a task needs to be able to rely on the behavior of the person doing the asking. In essence, the IETF is built on a particular kind of one-to-one personal trust relationship. This is a very powerful model but it does not scale well because this trust is not transitive. Just because you trust one person, it does not mean that you trust (i.e., know the capabilities of and can rely on) all the people that person trusts in turn. The disruption caused when one set of relationships has to be replaced by another is clearest when an AD is replaced. The IETF does not keep personnel records or written plans, and formal process documentation is very sparse, so that incoming ADs have little information on which to base new relationships with WG chairs or Directorate members not already known to them. Davies Informational [Page 17] RFC 3774 IETF Problem Statement May 2004 A new AD has to build or bring along his or her set of trusted individuals. The AD will tend to prefer individuals from this set as WG chairs, unless there is a suitable outsider who was part of the team that brought the WG idea to the IETF. This tends to limit the AD's field of choice, particularly when asking for a 'stabilizing', 'advising', or 'process' chair to work with an enthusiastic newcomer in a difficult area. A breakdown of an established relationship (such as between an AD and a WG chair) can be very damaging to the work of the IETF, and it may not be immediately obvious to outsiders. Another consequence of the reliance on personal relationships is that the IETF has very little institutional 'memory' outside the memories of the people in the process at a given time. This makes it more likely that failures will be repeated and makes process improvement more difficult (see Section 2.2). 2.6.8. Difficulty making Technical and Process Appeals When an individual thinks that the process has produced a result that is harmful to the Internet or thinks that IETF processes have not been adhered to, there is no mechanism to aid that individual in seeking to change that result. 2.7. Working Group Dynamics can make Issue Closure Difficult The IETF appears to be poor at making timely and reasonable decisions that can be guaranteed to be adhered to during the remainder of a process or until shown to be incorrect. The problems documented in this section are probably consequences of the non-hierarchical organization of the IETF and the volunteer status of most participants. The enforcement measures available in a more conventional hierarchical corporate environment are mostly not available here, and it is unlikely that application of some well- known procedure or practice will fix these problems. Participants are frequently allowed to re-open previously closed issues just to replay parts of the previous discussion without introducing new material. This may be either because the decision has not been clearly documented, or it may be a maneuver to try to get a decision changed because the participant did not concur with the consensus originally. In either case, revisiting decisions stops the process from moving forward, and in the worst cases, can completely derail a working group. On the other hand, the decision making process must allow discussions to be re-opened if significant new information comes to light or additional experience is gained which appears to justify alternative conclusions for a closed issue. Davies Informational [Page 18] RFC 3774 IETF Problem Statement May 2004 One cause that can lead to legitimate attempts to re-open an apparently closed issue is the occurrence of 'consensus by exhaustion'. The consensus process can be subverted by off-topic or overly dogmatic mail storms which can lead to the exclusion of knowledgeable participants who are unable to devote the time needed to counter the mail storm. The consequence may be an unrepresentative and unsatisfactory consensus which will tend to be re-opened, often leading to repeat discussions. Mailing lists, which are at the heart of the IETF WG process, are becoming increasingly ineffective at resolving issues and achieving consensus because of this phenomenon. A single vocal individual or small group can be a particular challenge to WG progress and the authority of the chair. The IETF does not have a strategy for dealing effectively with an individual who is inhibiting progress, whilst ensuring that an individual who has a genuine reason for revisiting a decision is allowed to get his or her point across. 2.8. IETF Participants and Leaders are Inadequately Prepared for their Roles Participants and leaders at all levels in the IETF need to be taught the principles of the organization (Mission and Architecture(s)) and trained in carrying out the processes, which they have to use in developing specifications, etc. Part of the reason for the lack of training in the principles of the organization is that there is not currently an explicit formulation of these principles that is generally agreed upon by all stakeholders. Section 2.1 identifies that this shortage is a major problem. The IETF currently has voluntary and inconsistent processes for educating its participants, which may be why significant numbers of participants seem to fail to conform to the proper principles when working in the IETF context. The people in authority have generally been steeped in the principles of the IETF (as they see them) and first-time non-compliance by newer participants is sometimes treated as an opportunity for abuse rather than recognition of a training failure. The IETF culture of openness also tends to tolerate participants who, whilst understanding the principles of the IETF, disagree with them and actively ignore them. This can be confusing for newer participants, but they need to be made aware that the IETF does not exclude such people. The IETF does not currently have a strategy for Davies Informational [Page 19] RFC 3774 IETF Problem Statement May 2004 dealing with the conflicts that can result from participants who disagree with the principles of the organization. Lack of training, compounded with the perceived concentration of influence in the affinity group documented in Section 2.6.6, can lead to newcomers being ignored during discussions, consequently being ineffective, either in their own eyes or their employers. This may result in their departure from the IETF. In addition, some participants are not aware of the problems that participants, who do not have English as their first language, may have with rapid speaking and the use of colloquialisms in both spoken and written communication. They are also not always aware of the possible cultural nuances that may make full participation more difficult for those who do not share the same outlook. 3. Security Considerations This document does not, of itself, have security implications, but it may have identified problems which raise security considerations for other work. Any such implications should be considered in the companion document which will be produced setting out how the IETF should set about solving the identified problems. 4. Acknowledgements Apart from the contributions of all those who provided input on the problem statement mailing list, the final reduction of the problems was especially assisted by the following people: Rob Austein <sra@hactrn.net> Marc Blanchet <Marc.Blanchet@hexago.com> Dave Crocker <dcrocker@brandenburg.com> Spencer Dawkins <spencer@mcsr-labs.org> Avri Doria <avri@psg.com> (WG co-chair) Jeanette Hoffmann <jeanette@wz-berlin.de> Melinda Shore <mshore@cisco.com> (WG co-chair) Margaret Wasserman <margaret@thingmagic.com> Special thanks are due to Margaret Wasserman for extensive reviewing of and contributions to the wording of Section 2. The early part of the reduction of the problem statement mailing list input was done by Harald Alvestrand and the latter part by Elwyn Davies and the team acknowledged above. In total, there were approximately 750 extensive and thoughtful contributions (some making Davies Informational [Page 20] RFC 3774 IETF Problem Statement May 2004 several points). The thread was started by a call for volunteers in helping draft a problem statement, but quickly turned into a discussion of what the problems were. In addition to the editorial team, the following people have provided additional input and useful feedback on earlier versions of this document: Harald Alvestrand, Randy Bush, Brian Carpenter, James Kempf, John Klensin, John Loughney, Keith Moore. 5. References 5.1. Normative References [1] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996. 5.2. Informative References [2] Huston, G. and M. Rose, "A Proposal to Improve IETF Productivity", Work in Progress. [3] Blanchet, M., "Suggestions to Streamline the IETF Process", Work in Progress. [4] Hardie, T., "Working Groups and their Stuckees", Work in Progress. [5] Davies, E. and J. Hofmann, Eds., "IETF Problem Resolution Processes", Work in Progress. 6. Editor's Address Elwyn B. Davies Nortel Networks Harlow Laboratories London Road Harlow, Essex CM17 9NA UK Phone: +44 1279 405 498 EMail: elwynd@nortelnetworks.com Davies Informational [Page 21] RFC 3774 IETF Problem Statement May 2004 7. Full Copyright Statement Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Davies Informational [Page 22]