[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for something

2015-12-07 13:41:25
On 12/07/2015 05:50 AM, Stephen Farrell wrote:

On 07/12/15 02:34, John Levine wrote:
This is increasingly looking like a RG, not a WG.

Hmm, not sure. A good RG is one that'd attract an active
research community and be relatively long lived whereas
this seems like a bit of work where we need to do a relatively
small and discrete amount of research on one topic. (Which
is roughly "What'd happen if you mucked with received headers
the MSA passes on to the rest of the mail infrastructure?")

The way I think of it is a good RG would produce a stream
of academic publications and then some stuff that'd be of
use to the IETF. This sounds more like one paper's worth
of research then stuff would be done in the IETF or not,
depending on the findings.

One could envision a RG constituted to long-term specifically work on privacy implications of IETF RFCs in general, with a view towards improving privacy via future RFCs. There is at least some precedent given the requirements about security area oversight of new RFCs, and the required SECURITY sections of RFCs now. Which would be a "good thing", but huge, unwieldy, and perhaps unsustainable long-term (given that most people may only have narrow topic-area interests).

You could, instead, have it focus on specific areas for periods of time. Like, "today SMTP, 6 months from now web" etc. May still be unwieldy/ineffective for the same reasons.

Or finally, make it narrow - "RG on email privacy leakage" - a WG with a stronger research/analysis mandate.

OTOH, if we stayed with the WG approach, the mandate still has to be adjusted to do the research for guiding output documents w.r.t. privacy vs other tradeoffs.

I'm tending more towards RG on email privacy leakage. Even just a document outlining where the potential leaks are, and outlining the threat landscape tradeoffs (both privacy and other) of eliding/not-eliding the info.

So put me up as a strongish vote for a narrow RG.

ietf-smtp mailing list