[Top] [All Lists]

Has the IETF dropped the ball

2005-03-11 09:52:27

At 07:38 PM 3/10/2005 -0800, Russ Allbery wrote:

The IETF should be doing what the IETF has always done, namely provide a
forum for publication of interoperable network standards, provide vetting
by experienced standards authors to make sure that those standards are
interoperable and work well with the rest of the Internet infrastructure,
and document and standardize solutions that have been successful in the
real world.

I think they could take a small bit of initiative, without getting into R&D, and without taking sides, by saying "Give us a proposal for just the parts all sides can live with." That would not be a complete authentication system, but could allow the different systems to inter-operate, and most importantly, the non-combatants to start work on better spam filters, domain-rating lists, etc.

If you see some useful lower-level interoperable substrate that you think
should be standardized independent of any specific system, then by all
means write that up as an I-D so that people can see what it looks like
and see if you can get the people who are working on the different systems
to agree on it.

I think writing a draft at this point would be a waste of time. I took the first step by writing a set of fundamental requirements, ( ) but I can't even get agreement on the question - should requirements be discussed before implementation details. It looks to me like just about everyone in the technical community involved in this issue is pushing one or another system, and really doesn't want any compromise. If you are neutral, you are against us. Our side will win. The other side doesn't have a chance, so why should we spend even five minutes thinking about how to solve some technical problem in a way that works for everyone. Much better for our eventual victory if we use our expertise to shoot down any idea that helps the other side, even if it helps us too.

I see the result of this deadlock as at least another year of delay, and possibly eventual failure. If the public and the technical community not directly involved in the issue does not have confidence in the eventual success of email authentication, then nobody will take the next step, and it won't happen. Confidence could be built, while still providing room for competition, if we had a simple standard with such things as a standard form for an authentication header, or a standard query to get whatever authentication information is provided by a domain.

If the internet technical community doesn't provide a solution, the government will. This is a lot less difficult politically than air pollution or broadcast regulation. Similar problems have already been solved by government regulation ( Do Not Call, Junk faxes ). The public is expecting spam-free email, and they will get it, even if it takes 500 pages of regulations governing the operation of public mail servers.

I welcome constructive criticism, and I will continue pursuing this project if it looks like it might eventually help with a solution. I have no financial or intellectual "vested interest". I don't even care about getting credit. If some of what I propose gets copied into other proposals, that will save having to present the IETF with yet another draft.

-- Dave

*************************************************************     *
* David MacQuigg, PhD              * email:  dmq'at'   *  *
* IC Design Engineer               * phone:  USA 520-721-4583  *  *  *
* Analog Design Methodologies                                  *  *  *
*                                  * 9320 East Mikelyn Lane     * * *
* VRS Consulting, P.C.             * Tucson, Arizona 85710        *
*************************************************************     *