ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 6. Proposals - Sender Authentication - DNS + PKI

2003-11-23 09:20:37
from [Hallam-Baker, Phillip] [Permanent Link] 


Much more would be achieved by doing this
publicly, and we've seen time and again that the IETF process 
works pretty
damn well at working out problems before they become standards.


<Appologies for rant>
That is far from the belief amongst commercial participants. The IETF
actually has a lousy record of producing standards. Most of the 'IETF'
standards were actually defined before the IETF was established. The only
successful standards since, HTTP, LDAP, X.509 were successful independently
of the IETF. The IETF also has a history of back room deals and magic
circles which if like me you have experienced them leave a very bad taste.
</Appologies for rant>

I think we need to work out a way to avoid a standards war here. But people
have to understand that there is no way the industry is going to wait for a
typical IETF ten year project that drifts aimlessly while people discuss
metaphysical principals. 

Given that the IAB does not want the group to move into the IETF to work on
LMAP and the next IETF is in Seoul (guaranteed negligible turnout) I do not
see how it is likely that we can get anything going in IETF process in an
acceptable timeframe.

What we need to do is to hold a technical summit once the industry proposal
is in a state where they are ready to publish it. I think that everyone is
very clear that we should go forward with the best technical contributions
from all sources.



Finally, the reporter's remark about blacklisting based on this is
senseless, because new domains are easy to obtain. This has 
already been
stated multiple times.


As with LMAP any scheme that depends on domain authentication alone has this
weakness - see the analysis paper I sent out last week.

I think that you will start to see effective blacklisting of
un-authenticated domains. Over a short period of time people will crank up
the spam-filter scoring penalty for an unauthenticated domain. If you are
not authenticated you will find that little of your mail gets through. It is
a positive feedback situation. Eventually a tipping point is reached where
authentication becomes in effect mandatory.

What you are pointing to is that authentication without some form of
accreditation has limited value. The issue we do not know is what level of
accreditation is going to be required.

Fortunately this can safely be left to end users evaluations.


                Phill

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Re: [Politech] Congress finally poised to vote on anti-spam bill [sp], Rick
Next by Date:  RE: [Asrg] 6. Proposals - Legal - US Congress to vote on federal anti-spam bill, Hallam-Baker, Phillip
Previous by Thread:  Re: [Asrg] 6. Proposals - Sender Authentication - DNS + PKI, Alan DeKok
Next by Thread:  [Asrg] 0. General - "The 10 Biggest Spam Myths", Philip Miller
Indexes:  [Date] [Thread] [Top] [All Lists]