[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of
Michael Thomas
I've asked this before, and I'll ask it again: what
problem does that solve? "Good enough" that doesn't
solve real world problems is not "good" or "enough".
Mike
Every time the phrase 'perfect is the enemy of the good' is raised it is
used to cripple the scope of a project to render it useless rather than
focus on useful achievable goals.
We have a well understood, quantifiable risk - phishing crime. This is
costing my bank customers and ISPs millions of dollars in direct costs such
as customer support and my merchants significant chargebacks. It is causing
both groups tens of millions in opportunity costs and threatens a
multi-billion dollar investment in Internet banking.
Those customers are demanding that the Internet be made more secure and that
the customers are being made to feel more secure. And that is exactly what
they are getting. Attempts to argue with those requirements are futile. If
you are not interested in solving those requirements please get out of our
way.
The common feature of all IETF security efforts is that attempts to address
security policy are avoided at all costs since policy is 'difficult'. Which
is to say the problem is difficult since without a means of publishing
security policy security will inevitably level down to the lowest common
denominator.
MASS is about security policy. The alpha and the omega of MASS is security
policy. It is a stalking horse for an application of AI technology so leave
it to a forum that is comfortable in that arena and wants to write AI based
specifications.