From: Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu>
When you have a big standards organization like the IETF, groups that work
on bad ideas are very much desirable. They soak up the attention of
go-ers, salescritters, loons, and career managers.
they also soak up time of other well-meaning IETF participants, not the least
IESGers who have to review their documents and try to do damage control.
The market (in the general sense of the word) is not only better
at picking protocols than any committee or individual, but it is
also better at damage control. In fact, the two functions are so
deeply related that they are almost the same. The IESG cannot and
does not do any significant damage control. It can prevent the
publication of RFC's that depend on putting more than 4,294,967,296
states into 32 bits, but it cannot stop anything actually dangerous.
It cannot even detect the bad stuff, because it is merely a committee.
"Rough consensus and running code" is not just a slogan or a religion.
It is a law of nature. Protocols that fail to obtain both are doomed.
Committees enforcing laws of nature like "be generous..." makes as much
sense as enforcing the speed of light. Protocols or implementations that
violate those laws either disappear or are in regions where the speed of
light is different, such as near panic stricken monopolists.
some of us have joked about forming a Golgafrinchian Ark B working group, and
some of us have seriously considered doing it. but in my experience the
groups that are out of control really do waste a lot of resources that could
be better spent elsewhere, and they really do harm IETF's reputation by
producing stuff which is useless at best and harmful at worst.
Such groups waste few resources except from those who choose to give them
their time and attention. The attention of IETF participants outside WGs,
including the IESG, IAB, and ADs, rarely has any significant effect.
Talk such as this is not cheap. It harms by wasting time and distracting
from the issues that matter.
in case you haven't noticed, this conversation isn't just about OPES.
I have not noticed any talk about anything that any part of the IETF
might do except rewrite the OPES charter and fix odin.ietf.org to try
to use TLS when it sees an SMTP server say STARTTLS. I have noticed
a lot of standing on philosophical high ground (including my own),
but that's just noise.
Instead of wasting time talking a battle that
is already lost, how about fixing cs.utk.edu to answer EHLO with STARTTLS?
it's a fallacy that you can reduce system complexity by adding more complexity
That is a true but irrelevant observation, except that it suggests more
interest in talking than doing. Yes, STARTTLS is messy and expensive in
cycles. PKI is 98.7% snake oil. Still, pirate interception proxies are
here to stay until TLS, IPSec, and so forth make them impotent. You can
improve the OPES charter all you want, but that will not affect any
important issues. No matter how or how many times the OPES charter piously
declaims "Thou Shalt Obtain Permission," the OPES mechanisms will be used
to impose ads and censorship on the unwilling ends.
If you have an alternative to SMIME, PGP, STARTTLS and HTTPS, then let's
hear about it. That would not be an abject waste time like worrying
whether the OPES charter sanctions or condemns ad insertion battles.
(E.g. one ISP's pirate interception proxy inserts GM's ads, the next
replaces GM's with Ford's, and the one after that converts them back to
GM's. Given the familiar battles over HTTP framing, see such stuff is
inevitable.)
Once you've raised an issue and certainly once you've got consensus that
an evil is nasty, wrong, and bad, discussions about pious noises in WG
charters and even standards track RFF's should be redirected to that
Golgafrinchian Ark B working group. Since the pious noises in RFCs and
WG charters will have no effect in the real world, talking about them
is a waste. The most you can hope is that you have alread convinced
people to just say no to data mugging.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com