--On Sunday, 01 January, 2006 04:35 +0000 John Levine
<johnl(_at_)iecc(_dot_)com> wrote:
I hope the message here is not that we should restrict
ourselves to developing technology that is idiot-proof, since
a sufficiently determined idiot, of which there are many, will
do idiotic things with any technology that we never in a
million years would have anticipated.
No. I don't believe in idiot-proof technologies. I do believe
that it is not desirable to create standards that would give a
gift of either technology or justification to those who would
use them to fragment the network. I believe it is especially
important to avoid those gifts when the people or groups
involved are quite sophisticated about using technologies to
maximize their short-term economic gain at the cost of global
communications and interoperability.
People and companies with those sorts of motivations will
undoubtedly do their thing regardless of what we do. But we
don't need to help them or provide them with justification via
"we are just following the standard".
And I still believe that we should do this work. I just believe
that the work should include some real discussion, and analysis
of workarounds, about how uses of the technology that are
interoperability-hostile, or global-communications-hostile, can
be prevented or clearly identified as inappropriate. Think of
it as an explicit "interoperability considerations" section to
supplement the usual "security considerations" one.
...
One favor that the SPF crowd did for us was to give the
aforementioned idiots a chance to find out what a bad idea it
is to reject mail arbitrarily from people who don't jump
through their hoops, so nobody rejects for SPF failure any
more. People who use C/R against people not on their
whitelists have found the same thing -- they all check the
folder of unconfirmed mail because they know there's lots of
real mail from people who won't hoop jump.
If the idiots were to latch on to DKIM and start rejecting
valid mail, like they have to the past umpteen magic bullets,
why do you expect the results to be any different?
I note that we have never standardized a magic bullet in the
anti-spam area. I believe that to have been a good trend. To
the credit of a significant fraction of the DKIM advocates, they
haven't claimed it is a magic bullet, which is also a good trend.
If there is agreement on what you say above (I think there
probably is) and it can be documented, then some explicit
warnings about that experience and its applicability would
satisfy most or all of my concerns. I wouldn't expect to see
merely "doing X is bad and you MUST NOT do that", but rather "X
should be avoided because there is documented experience that
its consequences are Y and Z".
best,
john
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf