--On Wednesday, April 16, 2014 23:00 -0700
ned+ietf(_at_)mauve(_dot_)mrochek(_dot_)com wrote:
It seems extreme to lay blame on the IETF in general
merely for having an open mechanism by which to post a draft
for all to see and discuss. A "Request For Comment", as it
were.
You may think it extreme. I don't. I think the IETF's politics
have led to it inching closer to moral hazard territory for a
long time, and with this incident it has stepped in it.
Indeed. We have had warnings about where the ability of anyone
to post anything and then claim IETF approval in external
contexts without any fear of meaningful pushback would lead for
a long time. It hasn't been significantly damaging before
because (i) we have been lucky and (ii) attempts to manipulate
the mechanisms have come from outsiders, not insiders. With
DMARC, the ability to claim IETF responsibility when that is
handy and that the IETF has no control when _that_ is handy have
now been utilized by insiders. That comes after a history of
the less effective approach of bringing specs into IETF WGs and
then claiming that fundamentals cannot be changed because they
were developed by experts in another forum. As I think Ned
suggested, the ADSP issue and how it was handled should have
been another warning sign. And, with Yahoo's move and its
consequences (whether they anticipated them or not), we also ran
out of luck.
Are you suggesting that
process should be closed or moderated somehow?
What I suggested is that we need to have a serious discussion
of what, if anything can be done to ameliorate the damage in
this case. Others have suggested that we also need to look at
how to prevent this from happening in the future. I concur.
agreed.
...
I would add to this that, by its ultimate inaction in the
face of a protracted period of abuse and attempts by
participants to solve that problem within its procedures, the
IETF has abdicated any authority it may have had.
That may be your assessment. Given subsequent comments from
other people, mine is now that this effort was looking for a
rubber stamp, didn't like it when that didn't happen, and
proceeded to skirt around the edges of the process.
With disasterous results.
Exactly.
I'm also concerned that several of these efforts represent back
door approaches to deprecating multi-hop email. Certainly many
things are more convenient in a single hop environment. They
would become even more convenient if all email were to be
handled by a small oligarchy of providers. To the degree to
which one simultaneously believes in openness and privacy, those
would be very sad outcomes.
john