--On Wednesday, September 15, 2010 13:59 -0700 SM
<sm(_at_)resistor(_dot_)net> wrote:
Hello,
At 09:37 08-08-10, Dave CROCKER wrote:
This is a summary review, with a focus on design goals and
systems-level issues.
Based on my reading of the specification, much more in-depth
reviews of this specification are appropriate and required,
to consider the fine-grained details
which could be problematic. However, this deeper review
should wait for resolution of the more basic problems with
the design and specification.
draft-gennai-smime-cnipa-pec-08 was reviewed by Dave Crocker
on August 8, 2010 [1]. I haven't seen any response to the
review.
Although there was strong concerns about this draft during the
Last-Call, the IESG has approved publication. Quoting some
comments made recently by an Area Director:
"I don't think that it specifies well requirements it is
trying to
fulfil and it doesn't use email infrastructure well while
doing that."
And a previous comment:
"This is really hackish. Display names are not intended to
be used like this."
I'll read Section 6.5.2 of BCP 9.
IMO, the situation with this document illustrates that we still
don't have the disclaimer and level of consensus language that
was adjusted in RFC 5741 quite right (no surprise -- that
document was a huge and, IMO, very useful step). In this case,
there is no specific example in 5741 for "individual submission
to AD/IESG, no WG", and I can't find anything in either the
announcement or the tracker that indicates that either Dave's
review, or several other comments about this mechanism from
various people with a history in email standards and/or
operations, or even the various comments in the IESG evaluation
record
(https://datatracker.ietf.org/doc/draft-gennai-smime-cnipa-pec/#ballot)
have been heeded.
While the S/MIME WG apparently looked at this and didn't find
problems, I think it is safe to conclude that the rough
consensus in the email is that the mechanism is really not
workable regardless of whether it can be implemented and whether
the Italian government says that it is required and works.
While I agree with John Levine that publishing a description of
existing practice is in the community's interest, there is not
an obvious mechanism in RFC 5741 to express the consensus
situation and the email community's conviction that the
mechanism is not satisfactory.
FWIW, while I agree with the "really hackish... not intended to
be used this way" remark quoted above, I think it would be
appropriate for this document to note that the usage is
sufficiently unusual that present or future systems that attempt
to analyze messages for the likelihood of spam or other
obnoxious behavior might, upon seeing it, assign a sufficiently
poor score to prevent direct delivery. I would assume that
would not happen inside Italy if the system is required and
widely deployed, but it would be appropriate to caution others
about the risk that use of the suggested method might cause
effective non-delivery of the message.
The proposed introductory text (see the bottom of
https://datatracker.ietf.org/doc/draft-gennai-smime-cnipa-pec/#writeup)
addresses some of this issue but, IMO, doesn't go nearly far
enough to make it clear that a significant number of experts
consider the mechanism defective and that it is published _only_
to inform the community about an existing practice. IMO,
publication of the document would be far more reasonable if
that were clear or if the 5741 mechanisms were used to clearly
and precisely identify the document's publication and consensus
status.
It is possible that is being done, but there is no evidence of
it in the announcement or in any tracker data I can find.
regards,
john
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf