From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of
ned(_dot_)freed(_at_)mrochek(_dot_)com
ned(_dot_)freed(_at_)mrochek(_dot_)com writes:
> Instead, we're engaged in the
> time-honored IETF practice of letting the unattainable
best be the
mortal enemy > of the good enough.
Please explain. What is "good enough"?
There are numerous examples. To pick one of the more recent:
The unattainable goal was to define a whole-message signature
scheme that can be used end to end, where the middle includes
things like mailing list processors. Good enough is to
instead specify a scheme that works for "long hops" but is
not intended (and in fact explicitly excludes) end to end use.
Yet the scheme that is operating today gives tollerable results with most
extant mailing list software and it is reasonably easy to tweak the latter
to get full interoperability.
It is not necessary to exclude end-to-end use. What is necessary is to
explain how signature failures should be handled. In most cases a signature
failure in S/MIME should be handled silently regardless of what opinion the
spec might offer on the subject.
Part of the problem here is a long legacy of IETF security specs that give
user interface advice that is bad or just plain wrong. Part of the problem
is the repurposing of the end-to-end complexity argument to apply it to
security where it never belonged.
Each time I see the perfect enemy of the good argument trotted out it is
used to give a perfectly reasonable suggestion the Bonzai treatment. I do
not want a spec that has been Bonzai treated because that was the only way
to get it through the standards process.