Interview with Scott Bradner, University Technology Security Officer at Harvard University


Date: May 7, 2006

line break image

Q: How did you get involved in the IETF and what was your first IETF meeting?

Scott: I knew Jeff Schiller at MIT for a number of years in conjunction with the NSF network and NEARnet (the regional NSF-connected network in the Boston area). He suggested I get involved in the IETF. I had never heard of it before. So, I got on some mailing lists and found it interesting. The first IETF I attended was at Tallahassee. The first WG meeting I attended at that IETF meeting was the DHCP WG. Ralph Droms was the chair. And I could go to one of their meetings this week. Ralph Droms is still the WG chair and the WG is still working on some of the same issues.

Q: How did you become a WG chair yourself?

Scott: Yes, I had met Phil Gross, the IETF chair at that time, at MIT. He knew that I was doing performance test of routers and switches. He approached me about setting up a WG on creating a termonology and a set of procedures for performance testing of network devices. So, I formed and chaired the benchmark methodology WG (BM WG). That WG is still going on. It is been running along at a regular pace, producing RFCs ever since. And the RFCs are in wide use for performance testing of routers and switches.

Q: And then at some point you became an area director (AD).

Yes, I was nominated for the position of Operational Requirements area director. In those days that was separate area to create a feedback loop for standards. A standard gets created and then there would be this special group at the IETF, primarily the operators, who would comment on how easy or hard it was to actually run the standard. It that meant as feedback to the standards process, so that the standards developers could figure out what they should change or what needed to be added in order to make the standard useful and operatable.

The most interesting WG I have ever been an AD for, was in the operational requirements area and that was CIDR Deployment (CIDRD WG). It was the most contentious and rambunctious WG I have ever seen and it was fantastic. There was a lot of involvement. Some of it very heated. A lot of religious discussions on whether you actually needed to aggregate routes or if this was all a plot to save a certain router vendor. It was a very involved group and there were a lot of operators which we do not have enough of in the IETF these days. I believe we did a lot of good in that WG. But the mailing list and the meetings were contentious enough that many of the other ADs and the IESG at the time felt that it was out of control. I knew it was out of control, but I thought it was OK. But the other ADs got me close the WG which I didn’t really wanted to do, but at that time we did not have the concept of a long-running WG. OK, I mentioned the DHCP WG that ran from 1990 until now. But in general, we were supposed to have short lived an pointed WGs. And CIDRD was purposely an open-ended WG and most of the WGs in the operations requirements area were purposely open ended, because we did not know when the development would finish. But the argument the IESG used at the time was that the idea of having an open-ended WG that doesn’t have clearly defined milestones was somehow abhorrent, so I had to close it down.

Today there are not enough operators at the IETF, so we do not have a good feedback loop for our standards. The biggest example was SNMPv2 (Simple NEtwork Managment Protocol v2). That actually caused a structural change in the IETF. SNMPv2 was SNMP with security; Unfortunately the security was so complex that normal human beings couldn’t operate it. It was too complicated and it completely failed in the market place.

At that point the network management AD proposed to the IESG to merge the Operational Requirements and Network Management areas, because she felt there wasn’t enough operational experience in the Network Management area. The network management people had to create things that the operators had to be able to understand and to operate. And the operators needed to be able to implement network management. So, it seemed to be a pretty good mix. I don’t think it has work as well as we had hoped. I actually think these were really two different areas stuffed into the same envelope. The network management side is not closely enough aligned with the operational requirements side. And part of this is that we’re not seeing enough of the operators here either at the enterprise nor at the ISP level to provide good feedback. Hopefully we can fix that. Dave Meyer and other IAB members are working to get more operators to the IETF.

About the time the two areas merged, I was selected by the nomcom to move over and become a director of the Transport area. The reason given at the time was that the nomcom and the community felt that some of the activities in the transport area did not take enough into consideration what operators needed to do. And I was seen as someone who had been involved in operating a network so maybe could bring some operations clue in there. So, I became a Transport area director.

After I moved over to the transport areas there was a great deal of confusion about what became known as the sub-IP area. MPLS and other protocols which were dealing with configurable underneath IP requirements. Bert Wijnen and I were asked by the then chair to form a temporary area moving all the VPN technology and MPLS and some other things into a new area (the Sub-IP area) so that they would work together to find out how to deal with this configurable underlayment. Bert and I worked on that for a couple of years until I was not renewed by the nomcom and Bert continued with Alex Zinin.

But before – very soon after becoming an area director at all – I was asked along with Allison Mankin to be one of the area directors for a temporary IP Next Generation area and was charged to come up with a process to determine what IPng would look like, what its feature set was and the like.

That was a very interesting experience. When we were asked to take over, there were 5 proposals for IPng. By the time we actually took over, there were 3, some of them had merged. The feeling in the community was very strong amongst two of those three. And for most people it was so clear that one of them was the right answer, and that it really wasn’t necessary to have a process. So, when Allison and I stood up in Huston and said we were going to have a process and it might take 9 months to a year to do, we got quite vehement criticism from the floor that it should not take more than 3 months, because all we had to do was pick the obviously correct solution. Of course it wasn’t that easy, because they came from two different groups. In retrospect I wish we would have taken longer, but we came up with a recommendation in about a year. It was a merger of two of the three proposals. Still, it was a very instructive process to see how the individual groups believed in their own solutions and how much they thought it should be obvious to everybody involved that their solution was the right one.

The IPng area was purposely temporary. The idea was to ask one transport area director (Allison Mankin) and one operational requirements area director (me) to run it and to combine all the IPng related WGs into on area and 4 years later split them up again and push them to the area they came from.

At the moment I am a WG chair for newtrk and a co-chair, with Kimberly King, of the ieprep WG. The newtrk WG is trying to figure out if there is a way to make the standards process more reflect reality. The standards process is documented in RFC 2026 which describes a number of things that ought to be done that are not being done, for example: the IESG is supposed to review proposed standards every couple of years to make sure that they are still relevant. The IESG has not been doing that. Another example: We have a 3-step standards track that has been followed in the exeption rather than in the normal case (also see Geoff Huston’s 4-byte ASN article).

Once something has been accepted as a proposed standard, people start implementing and using it and do not have the time and energy to go back and do the rest of the process, because it is actually not going to increase deployment or sales. Newtrk is trying to find out if there is a way to better reconcile that, either by changing RFC 2026 to reflect what we actually do or to come up with a new concept.

Q: Over all these years, what do you think is the biggest change?

Scott: When I first got off the IESG, I was asked what I thought of the IETF after being on the IESG for 10 years and being heavily involved in most of the process related and politically related issues within the organization. At that time I thought the light was too bright: When standing right next to a very bright light, you can’t really see very well. That is less the case now. But still, trying to see what the IETF’s impact is on the Internet, is a hard thing. You hear from outside the IETF that the IETF is becoming irrelevant and that work is being done elsewhere, whether at traditional standards bodies or other fora. But then we see that SIP (Session Initiation Protocol) is taking over the VoIP world (modulo skype), that MPLS is widely deployed, that the Internet runs on the protocols that the IETF is actively working on or has defined in the past.

The IETF is an incredibly important forum for the creation of standards – and standards in the true sense: they are standards, because people use them, not standards in the false sense of the traditional standards bodies where governments say ‘you must use this specification.’

When Brian Carpenter and I went first to the ITU-T in the mid 90s to describe what the IETF was, the first question we got after presenting the IETF standards process was ‘How can you call them standards, if no governments mandates their use?’. That illustrates a fundamental difference in concept.

We are certainly working on other standards here at the IETF now:
IPstorage, Internationalization of Domain Names and a bunch of other things which may become extremely important in the future, or they may not. There are about 120 WGs. My gut feeling is that about 30% are working on things that 5 years from now people will find useful. And that is not a bad ratio at all.

Q: What do you think will be possible future technology developments?

Scott: I don’t see that much new work. I would like to see more new concepts. The question is if we as the IETF will recognize them when they are provided to us. IPstorage is the most recent big example of that: where someone came along and had a BoF and it looks really interesting. If we put storage over IP it adds flexibility. IP has shown that flexibility is much more important than efficienct performance. Flexibility has been a core feature of our path in the past and I hope it will remain so in the future.

We are in the IETF right now in the middle of some quite serious discussions how we should structure ourselves going forward. The re-arrangement and re-vitalisation of the administrative structure as now an integral part of the Internet Society has been a major accomplishment, but there are other aspects of the organizational behavior of the IETF:
– how we approve standards,
– how we decide on what to work on,
– how we understand what consensus is.

These are topics we are discussing right now. We need to come to good conclusions on many of them. We don’t only need to develop good technology, we also have to have processes in place that ensure those technologies reach the market in a timely way.

Scott Bradner’s functions held related to IETF (see also resume):

  • Chair, New IETF Standards Track Discussion Working Group (newtrk), (2004 to present).
  • Co-Chair, Internet Emergency Prepardiness Working Group (ieprep), (2002 to present).
  • Liaison between IETF and ITU-T, (1995 to present).
  • Member, IETF Internet Engineering Steering Group (1993 to 2003).
  • Co-Director, Sub-IP Area (2001 to 2003).
  • Co-Chair, Transport Area Working Group (tsvwg), (1999 to 2003).
  • Co-Director, Transport Area (1997 to 2003).
  • Co-Director, IPng Area (1993 to 1996).
  • Co-Director, Operational Requirements Area (1993 to 1997).
  • Chair, Benchmarking Methodlogy Working Group (bmwg), (1991 to 1993).
  • ISOC Vice President for Standards, (1995 to 2003).