Has the IETF dropped the ball
2005-03-11 09:52:27
At 07:38 PM 3/10/2005 -0800, Russ Allbery wrote:
The IETF should be doing what the IETF has always done, namely provide a
forum for publication of interoperable network standards, provide vetting
by experienced standards authors to make sure that those standards are
interoperable and work well with the rest of the Internet infrastructure,
and document and standardize solutions that have been successful in the
real world.
I think they could take a small bit of initiative, without getting into
R&D, and without taking sides, by saying "Give us a proposal for just the
parts all sides can live with." That would not be a complete
authentication system, but could allow the different systems to
inter-operate, and most importantly, the non-combatants to start work on
better spam filters, domain-rating lists, etc.
[snip]
If you see some useful lower-level interoperable substrate that you think
should be standardized independent of any specific system, then by all
means write that up as an I-D so that people can see what it looks like
and see if you can get the people who are working on the different systems
to agree on it.
[snip]
I think writing a draft at this point would be a waste of time. I took the
first step by writing a set of fundamental requirements, (
ece.arizona.edu/~edatools/etc ) but I can't even get agreement on the
question - should requirements be discussed before implementation
details. It looks to me like just about everyone in the technical
community involved in this issue is pushing one or another system, and
really doesn't want any compromise. If you are neutral, you are against
us. Our side will win. The other side doesn't have a chance, so why
should we spend even five minutes thinking about how to solve some
technical problem in a way that works for everyone. Much better for our
eventual victory if we use our expertise to shoot down any idea that helps
the other side, even if it helps us too.
I see the result of this deadlock as at least another year of delay, and
possibly eventual failure. If the public and the technical community not
directly involved in the issue does not have confidence in the eventual
success of email authentication, then nobody will take the next step, and
it won't happen. Confidence could be built, while still providing room for
competition, if we had a simple standard with such things as a standard
form for an authentication header, or a standard query to get whatever
authentication information is provided by a domain.
If the internet technical community doesn't provide a solution, the
government will. This is a lot less difficult politically than air
pollution or broadcast regulation. Similar problems have already been
solved by government regulation ( Do Not Call, Junk faxes ). The public is
expecting spam-free email, and they will get it, even if it takes 500 pages
of regulations governing the operation of public mail servers.
I welcome constructive criticism, and I will continue pursuing this project
if it looks like it might eventually help with a solution. I have no
financial or intellectual "vested interest". I don't even care about
getting credit. If some of what I propose gets copied into other
proposals, that will save having to present the IETF with yet another draft.
-- Dave
************************************************************* *
* David MacQuigg, PhD * email: dmq'at'gci-net.com * *
* IC Design Engineer * phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* * 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. * Tucson, Arizona 85710 *
************************************************************* *
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Has the IETF dropped the ball?, (continued)
- Re: Has the IETF dropped the ball?, Keith Moore
- Re: Has the IETF dropped the ball?, David MacQuigg
- Re: Has the IETF dropped the ball?, Keith Moore
- Re: Has the IETF dropped the ball?, Bruce Lilly
- Re: Has the IETF dropped the ball?, Tony Finch
- Re: Has the IETF dropped the ball?, Bruce Lilly
- Re: Has the IETF dropped the ball?, Tony Finch
- Re: Has the IETF dropped the ball?, Keith Moore
- Impossibility of Stopping Spam, David MacQuigg
- Re: Impossibility of Stopping Spam, Russ Allbery
- Has the IETF dropped the ball,
David MacQuigg <=
- Re: Has the IETF dropped the ball, Bruce Lilly
- Re: Has the IETF dropped the ball?, Hector Santos
- Re: Has the IETF dropped the ball?, Tony Hansen
- Re: Has the IETF dropped the ball?, Hector Santos
- Do we need SMTP compliance?, David MacQuigg
- Re: Do we need SMTP compliance?, Keith Moore
- Re: Do we need SMTP compliance?, Arnt Gulbrandsen
- Re: Do we need SMTP compliance?, Keith Moore
- Re: Do we need SMTP compliance?, Hector Santos
- What is the impact of enforcing SMTP compliancy?, Hector Santos
|
|
|