ietf-smtp
[Top] [All Lists]

Re: Has the IETF dropped the ball?

2005-03-08 15:51:01

David MacQuigg <dmq(_at_)gain(_dot_)com> writes:

The public is getting mad as hell about spam.  There *will* be a
solution to this problem.  If the IETF doesn't provide it, some
politicians or bureaucrats will.  I may not understand all that is going
on in the IETF, but it sure looks like they dropped the ball.

Your confusion may be cleared up by realizing that the IETF, like most
standards organizations, does far better at clearly documenting the right
way to do something after that's been hashed out over time than it does at
making up a new way of solving a brand new problem.  The latter is more
properly termed "research and development" and is something that works
most effectively in small teams of smart people rather than in large
committees worried about getting all the details right.

Given that no clear technical solution has yet emerged from the pack on
dealing with spam, it doesn't surprise me at all that the IETF has not
been able to pick a clear winner and say "everyone should do this."

They have allowed the standards effort to disintegrate into a bunch of
programmers squabbling over details that are not needed in a universal
standard.

I don't think all those people are just stupid and squabbling for no
reason.  I don't think we've figured out a great solution and are just
failing to implement it because we're fighting over trivia.  Rather, I
think people have proposed a huge number of solutions that range in
quality from hideous to barely mediocre, without a *good* solution in the
lot, and much of the arguing that you're seeing is over whether it's
worthwhile to try to implement one of the several barely mediocre
solutions and deal with the resulting breakage because nothing better
seems to be appearing, or to wait for more R&D.

If we continue the present path, it may be years before there is a clear
"victory" in the battle between competing and incompatible standards.

And how do you think that the IETF should pick among the current bunch?
Drawing lots?  The reason why there's no victory is that none of them are
clearly better, and they all take very different approaches.

The fundamental problem of spam is that we want to use a system
specifically designed to not use authentication to either reject all mail
from "bad people" (where the definition of who's bad varies wildly from
one person to another) or to instead reject all "bad mail" (with a similar
wild variation in definition).  This isn't exactly an easy problem.  This
is certainly not a problem that we understand well enough that all that's
needed now is to get a few experts in a room and write the final draft.
For one thing, it's not even clear that it's *possible* to retrofit
authentication into the e-mail system in such a fashion that doesn't break
so much of e-mail that it would be better to just use a different protocol
entirely, and that's just one of the many issues that arises.

Yes, people are frustrated, but there is little correlation between how
frustrated people are and how easy the problem is to solve.

-- 
Russ Allbery (rra(_at_)stanford(_dot_)edu)             
<http://www.eyrie.org/~eagle/>