From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Paul
Lambert
Yes, sorry, but I was a little irritable, not about technical
debate but the bickering on the list. There is far too many
self proclaimed declarations of non-consensus, and general
negative noise. Perhaps I should have directed this comment
more specifically at comment's like Phil's "no desire to
start ... with the same cast of characters".
There is a community of developers in the process of deploying something
that looks like Domain Keys with the phishing problem as the near term pain
point being addressed. It is actually understood within that community that
the proposal may not in fact provide the solution to the phishing problem
but we also recognize that the lack of authentication is the critical
weakness in email being exploited and that others will come along to exploit
the same hole in future if it is left open.
I was not the person who instigated MARID, I thought the idea of trying a
quick fix to the spam problem in IETF process a bad one from the start.
However since others decided to present a fait acompli and pre-empt the plan
to go ahead in a different forum that has demonstrated an ability to deliver
in short timescales it would have been counter-productive to object.
However we are now in the position where the MARID group has failled and it
appears that the same people would like to give MASS the same treatment.
Then again ... if work moved to another list, you'd likely
have the noise sources follow. This is a clear problem with
the IETF as a whole, not just this group. Seems like as we
find ways to solve spam we should also find better ways to
work together in the e-mail format. But I'm digressing ...
I agree with you completely. I am not talking about a different group in the
IETF. I am talking about a different forum entirely. There are plenty of
standards bodies. The decision the IESG may be asked to make is not WHETHER
the email signing goes ahead but in which forum.
I want a forum where everyone represents something more than just their own
views, be that a company or an open source project like Apache. If someone
is a noise source to no purpose I can call up their manager or talk with
their management board and explain to them just what a waste of space they
are.
I am trying to stop a bunch of criminal gangs whose operations are quite
literaly stealing the life savings of little old ladies. I have no desire
to enter into metaphysical discussions with people whose priority is to do
something other than ship a product that implements, supports or otherwise
uses the specification.
No. The charter provides a limited scope for proposals.
It's viable to have a runoff of competing proposals with the
context of the charter. Anyone who wishes to participate in a
productive process should be welcome to participate. Anyone
has alternative outside the scope of the charter should start
an alternative group of their own.
But that is not what we have. We have a serious group that are willing to
participate in a productive process and another group that either wants to
turn it into an unproductive process for their own purposes or will do so
anyway for no reason at all.
Now we just need more proposals ...
We have been working on Auth Sender longer than anyone else, but there is no
real value to putting it on the table and further confusing the market.
So, you must be a packet creationist:
The Creation of the Internet
1:1 In the beginning IAB created the network and the protocols.
Nope, the IAB and IESG and for that matter the IETF were all formed long
after the Internet and all the major protocols were in place. The only IETF
protocol that was developed after the first IETF meeting was DNS, and that
was only shortly after.
The IAB and IESG only appeared after the sclerosis had set in and the only
thing that the IETF could do in anything less than geological time was to
rework protocols developed independently (HTTP, SMIME) or profile other
standards (PKIX).
Phill