Has the IETF dropped the ball

At 07:38 PM 3/10/2005 -0800, Russ Allbery wrote:

> The IETF should be doing what the IETF has always done, namely provide a
> forum for publication of interoperable network standards, provide vetting
> by experienced standards authors to make sure that those standards are
> interoperable and work well with the rest of the Internet infrastructure,
> and document and standardize solutions that have been successful in the
> real world.
I think they could take a small bit of initiative, without getting into 
R&D, and without taking sides, by saying "Give us a proposal for just the 
parts all sides can live with."  That would not be a complete 
authentication system, but could allow the different systems to 
inter-operate, and most importantly, the non-combatants to start work on 
better spam filters, domain-rating lists, etc.
[snip]
> If you see some useful lower-level interoperable substrate that you think
> should be standardized independent of any specific system, then by all
> means write that up as an I-D so that people can see what it looks like
> and see if you can get the people who are working on the different systems
> to agree on it.
[snip]

I think writing a draft at this point would be a waste of time.  I took the 
first step by writing a set of fundamental requirements, ( 
ece.arizona.edu/~edatools/etc ) but I can't even get agreement on the 
question - should requirements be discussed before implementation 
details.  It looks to me like just about everyone in the technical 
community involved in this issue is pushing one or another system, and 
really doesn't want any compromise.  If you are neutral, you are against 
us.  Our side will win.  The other side doesn't have a chance, so why 
should we spend even five minutes thinking about how to solve some 
technical problem in a way that works for everyone.  Much better for our 
eventual victory if we use our expertise to shoot down any idea that helps 
the other side, even if it helps us too.
I see the result of this deadlock as at least another year of delay, and 
possibly eventual failure.  If the public and the technical community not 
directly involved in the issue does not have confidence in the eventual 
success of email authentication, then nobody will take the next step, and 
it won't happen.  Confidence could be built, while still providing room for 
competition, if we had a simple standard with such things as a standard 
form for an authentication header, or a standard query to get whatever 
authentication information is provided by a domain.
If the internet technical community doesn't provide a solution, the 
government will.  This is a lot less difficult politically than air 
pollution or broadcast regulation.  Similar problems have already been 
solved by government regulation ( Do Not Call, Junk faxes ).  The public is 
expecting spam-free email, and they will get it, even if it takes 500 pages 
of regulations governing the operation of public mail servers.
I welcome constructive criticism, and I will continue pursuing this project 
if it looks like it might eventually help with a solution.  I have no 
financial or intellectual "vested interest".  I don't even care about 
getting credit.  If some of what I propose gets copied into other 
proposals, that will save having to present the IETF with yet another draft.
-- Dave


*************************************************************     *
* David MacQuigg, PhD              * email:  dmq'at'gci-net.com   *  *
* IC Design Engineer               * phone:  USA 520-721-4583  *  *  *
* Analog Design Methodologies                                  *  *  *
*                                  * 9320 East Mikelyn Lane     * * *
* VRS Consulting, P.C.             * Tucson, Arizona 85710        *
*************************************************************     *