[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of
Naysayers should simply
get off the mailing list and form their own group.
Excuse me, but the IETF is all about getting consensus. Not
excluding dissenting views. Demanding that "naysayers get off
the list" is so contrary to the IETF process it isn't funny.
The question is who is providing the bus that the naysayers want to ride.
In the days when IETF approval was the motive power that led to deployment
there was a certain argument that could be made for the open house approach.
What we have here is a core of six companies that have a very clear idea of
what they want to achieve and also provide the coalition that will drive
The only reason that there is any point in starting a FIFTH email
cryptographic security effort is the existence of an industry coalition that
can make it a reality.
I understand that this is not the IETF way, that is why I do not believe
that the IETF should charter the group.
The MARID working group was a catastrophe, but SPF/SenderID framework is
being deployed and is a defacto standard despite the best efforts by the
naysayers. Ultimately the coalition on interests is stronger than the
Now, in those rare cases where it is clear that there's an
central issue of approach that cannot resolved, the IETF has
on occasion chartered multiple groups to pursue each
competing approach. However, what I see here is not amenable
to this trick: We have a bunch of disparate positions with no
clear way of dividing them up.
No, we have one solution that has been independently invented by four
different companies. As far as I am concerned you could flip a coin to
choose between them. The basic design approaches are identical despite the
fact that they have independent origins.
And besides, that's not what you're
proposing: You're proposing that dissenting views simply be
told to buzz off, not that they actually be simultaneously
given a place to pursue an alternative.
It is of complete indifference to me whether a naysayer group is created or
not. The IETF could propose a sixth email security effort (seventh if you
count MARID) but there is no point unless it has the support of the code
The Darwinian approach is in fact rarely used in the IETF,
and when it is used it is done in a way that is quite
different from what you are advocating. I will also point out
that its use tends to generate loads of ill-will that can
easily damage the prospects of any result. (Any of the many
debates on IPv6 deployment that have occured on the main IETF
list illustrate this point
And to what end?
If you want to deploy Ipv6 then the IETF has to get serious and actually get
a coalition of large ISPs capable of driving deployment round the table to
discuss a roadmap. That has to be the ISPs, not people who happen to work
for the ISPs who speak for nbobody but themselves.
The Internet now has a billion users. One of the consequences of that change
is that we need a more representative process for making changes to the
infrastructure. A bunch of thirty geeks in a room who represent nobody but
themselves and answer to nobody but themselves inevitably produce a
specification that meets the interests of technical elitists and utterly
fails the ordinary Internet user.
The reason why the MASS discussion is centered on the Yahoo proposal has
nothing to do with the crypto or protocol expertise of Miles and Mark. The
reasons are that Yahoo controls a resource that has the power to drive a
specification to critical mass quickly and that in order to do so the spec
must overcome critical scalability issues (hundreds of millions of users)
and human factors issues (not particularly technically competent users).
I do not want to see a set of requirements that are intended to meet the
reasonable needs of a group of a hundred million users being trumped by folk
whose only qualification is that they have an opinion and a keyboard.