ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

2010-05-27 16:01:50


On 5/27/2010 1:30 PM, Brett McDowell wrote:
On May 27, 2010, at 3:41 PM, Dave CROCKER wrote:
A problem, here, is that you are using that citation as a kind of proof of
the correctness of your position, but we do not have access to the data to
make an independent assessment.

It was offered in the spirit of being helpful since so many people on the
list believe (and assert) that no one is using ADSP.

I don't recall seeing anyone say "no one is using ADSP" and even if there is a 
counter-example, I certainly believe that it is not "so many people".  At the 
least, we need to distinguish between people who are broadly dismissive, versus 
people who are specifically critical.

What I /do/ recall seeing is "some" people being highly dismissive of its 
strategic benefit.  I recall seeing one or more responses that are highly 
dismissive of those views, in return.  Not what one would call a constructive 
approach to dialogue.

I also recall seeing "some" people offer particular criticisms of the breadth 
of 
its utility.  That is, I recall seeing one or more people observe that the 
ability to take an ADSP-like tool that is used in a very particular scenario 
does not necessarily generalize for making predictions about ADSP's own 
utility. 
That methodological challenge has not fared well.


Actually in my standards development experience (almost entirely in fora
outside of IETF) it is somewhere between unusual and disallowed to ask for or
provide any information about deployment or product plans.  I think I have
not done anything here that violates anti-trust law, but I take your point
and will refrain from any other references to non-public data.

"Product plans" are certainly never reasonable to expect to hear.  It's dandy 
if 
someone offers them, but quite gauche to expect or demand that they be 
divulged. 
  Deployment and ops experience depends on its nature.

The reality, here, is that Paypal and its friends have developed a proprietary 
capability that appears to be quite similar to what ADSP is attempting.  It is 
common and constructive to seek to develop an open standard that is based on 
earlier, proprietary work. (Note that DKIM is an example.)  Whether "based on" 
is merely conceptual or actually entails merely incrementing the technical 
details isn't the issue.  Benefiting from field experience is the issue.  That 
makes it attractive for analysis.  On the other hand, the technical details 
might actually be too different for comparison.

Equally, the details of the usage scenario might be highly restrictive and 
therefore not (likely to) generalize for the broader Internet.  What works for 
a 
small group of friends might or might not work for hundreds of millions of 
strangers.

That a particular mechanism does not scale to a large number of participants is 
a red flag for standardization, although it does not automatically preclude 
standardization.  At the least, careful consideration of scaling issues is 
required.  Handwaving in either direction can't possibly be productive.


On the average, much of the argumentation in this thread -- by most of the
participants -- seems to be in a style that asserts one person's expertise
over another's, and generally seems inclined to refrain from considering
details either for or against a position.  Ad hominen or hostile tone is
then mixed in to make the defender (or attacker) feel superior while
nonetheless failing to respond with substance.

As a newbie to this list, I have to say I agree.  This has been a far less
collegial debate than what I'm used to.  That said, I may be guilty of
reciprocating, and if anyone feels they have been on the receiving end of
such, I apologize.

The DKIM wg has had a particularly rocky history, in this regard.  Security is 
technically challenging.  Anti-abuse is technically, operationally and 
politically challenging.  And some of us personally are, ummmm, challenging.  A 
perfect storm, of a sort...



In a serious discussion, I'd expect to see someone's offering a specific
criticism, concern, counter-example or the like to get a response that
incorporates what was offered, responding to the particulars.  For some
reason, discussion here seems to be resistance to such a substantive
clarifying efforts.

I would welcome this moment of retrospection as a turning point in how we
progress out deliverables in a more efficient, informed, and collegial
manner.  I take it that you will be operating under this general rubric going
forward as well.

mais oui!

(I don't use smileys, but if I didn't, I'd look for one to insert here that 
shows wide-eyed innocence...)

d/
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>