Please don't reuse the word "security" for all three of these issues.
They're very different. I agree that the IETF should do more against
spam and DDoS. The trouble with spam is that there is simply no
consensus to be reached, and the IETF doesn't have any mechanisms to
move forward when there is a long-term lack of consensus.
The reason that there is no consensus in the spam area is that most
proposed "solutions" are claiming to solve the whole problem (or at
least a big chunk of it) but are grossly overstating their
applicability. To some degree this is because people want to have the
prize of creating _the_ anti-spam solution, which is counterproductive.
If we instead look at each of the proposals and say "what does this do
well, and what does it not do well", then modify the proposals so that
they can work well together (and to get rid of the harm that several of
the proposals would do to the email system if widely adopted), then we
will be able to identify the missing pieces.
So despite being a bad precedent, it's good that Microsoft is throwing its weight
around in this area.
As far as I can tell this is just adding to the confusion, and delaying
a solution. People are asking "will it be Microsoft?" and therefore
failing to realize that they are no closer to a solution than anyone else.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf