I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document provides a set of guidelines for personal interaction at the IETF. This review therefore ignores any computer protocol issues or attacks, and focuses on personal and procedural attacks. ... 2. Principles of Conduct 1. IETF participants extend respect and courtesy to their colleagues at all times. This is a lofty goal, especially considering the next sentence: IETF participants come from diverse origins and backgrounds and are equipped with multiple capabilities and ideals. I would suggest adding "expectations and assumptions" to that sentence. Very often, misunderstandings come from differing expectations. Two participants might believe they share a language. However, underlying assumptions mean that the words have different meanings. The expectations means that the approach people take is different. On a simplistic level, everyone believes that they are a reasonable person. Everyone believes that other people have the same mental models they do. Everyone believes that other people do (and will) behave the way that they do. These assumptions are often wrong. Discord in groups often comes from the misunderstanding what other people mean, and attributing maliciousness to what is actually differing assumptions and expectations. 2. IETF participants discuss ideas impersonally without finding fault with the person proposing the idea. It may be useful to re-phrase this as a positive statement. i.e.: IETF participants discuss impersonal ideas, using evidence, fact, and logic. Discussions of persons, personalities, or motivations are outside of the scope of the IETF. Items (3) and (4) seem reasonable to me. Other items which may be considered are the following. They are less inter-personal behavior, than behavior of an individual interacting with the larger IETF. - progress. Participants are expected to contribute to the progress of the working group. Simple participation isn't enough. We have to get things *done*. - consensus. Participants are expected to accept the consensus of the WG or the larger IETF. Standards creation necessarily involves compromise. Compromise doesn't mean you've been personally put down. It just means life is imperfect. IMHO, the Security Considerations section is not correct. Guidelines about IETF conduct do not affect the security of the Internet in any way. A social denial of service attack can affect the security of the Internet. The way to shut down progress on security solutions is simple and cheap. Attack the relevant players in court with spurious accusations of harassment. Sideline the group with discussion of politics. Have people "pick sides", and generally devolve the group into endless bickering. The IETF has been subject to minor attacks by people who engage in attacks, appeals, and who are repeatedly banned from WG participation. If one person made it their life goal to destroy the IETF with false allegations, they could have a significant impact on progress.