--On Wednesday, December 09, 2015 13:17 -0800 Dave Crocker
I recently noticed RFC 5111 which describes an Exploratory
Group, sort of half way between a WG and a RG. This seems
like a good fit.
Here's why it isn't:
The distance between the current state of the community
and the ability to start a productive working group is not
merely the matter of clarifying a few issues.
The community has no overall sense of privacy protection,
nor efficacy of choices, nor... well, many things.
Absent a basic, systems-approach to guide community
effort, for doing anything but the most blindingly obvious
steps for protection, the community will be executing a random
walk through a very complex face.
This will essentially guarantee spending quite a lot of
time and money on an effort that will have little benefit.
And, if we have learned anything from either more traditional
security designs or protocol design for complex systems more
generally, it also predicts to ending up with a "solution" that
is replaces whatever attack vectors we are trying to eliminate
with others -- perhaps new and perhaps latent there already but
not discovered by the process that is used.
ietf-smtp mailing list