--On Monday, December 07, 2015 09:09 -0500 Rich Kulawiec
On Mon, Dec 07, 2015 at 02:34:26AM -0000, John Levine wrote:
This is increasingly looking like a RG, not a WG. There's a
lot of speculation about what aspects of mail messages and
SMTP sessions have what privacy implications, with an
extremely premature focus on IP address logging. I'd much
rather back up a step or two and see if we can catalog the
aspects of mail messages with estimates of the privacy
benefits and risks of each, keeping in mind the context.
I strongly concur with this. We need to define the problem(s)
before we can discuss possible solution(s).
Looking at one other comment and anticipating more, it is common
these days for IETF WGs to do "problem statement" or "problem
definition" work as part of their charters. It seems to me
that there are two arguments for an RG instead:
(1) As others have pointed out, this is really a complex
analysis problem, involving tradeoffs with other concerns and
the very fundamental question of whether dropping, e.g., the
"from" clause would actually provide an increase in privacy that
is significant enough to justify changing systems even if there
were no other issues. Those are research problems. Given
history, one might predict that an IETF WG asked to do a problem
statement might say "problem: get rid of the 'from' clause
because it gives out potentially-private information". And that
sort of thinking is, IMO, exactly what got us to this point.
(2) I believe there has been a tendency in recent years that,
once a WG is chartered, there is a sense that it is entitled and
obligated to produce standards. "No problem here" is not a
plausible outcome, nor is the community completely rejecting a
draft as likely to cause more problems than it solves. The best
way to avoid that issue is to not get started, and RG is the
right answer for that.
I don't think we are disagreeing; I just think that, given
experience, the point and preference are worth making clearly.
ietf-smtp mailing list