John Klensin writes:
--On Wednesday, April 16, 2014 23:00 -0700
ned+ietf(_at_)mauve(_dot_)mrochek(_dot_)com wrote:
It seems extreme to lay blame on the IETF in general
merely for having an open mechanism by which to post a draft
for all to see and discuss. A "Request For Comment", as it
were.
You may think it extreme. I don't. I think the IETF's politics
have led to it inching closer to moral hazard territory for a
long time, and with this incident it has stepped in it.
Indeed. We have had warnings about where the ability of anyone
to post anything and then claim IETF approval in external
contexts without any fear of meaningful pushback would lead for
a long time. It hasn't been significantly damaging before
because (i) we have been lucky and (ii) attempts to manipulate
the mechanisms have come from outsiders, not insiders.
Nicely put. I completely agree.
With DMARC, the ability to claim IETF responsibility when that is
handy and that the IETF has no control when _that_ is handy have
now been utilized by insiders.
Or by people with better access to insiders. It's hard to tell, and I'm not
sure it really matters.
That comes after a history of
the less effective approach of bringing specs into IETF WGs and
then claiming that fundamentals cannot be changed because they
were developed by experts in another forum. As I think Ned
suggested, the ADSP issue and how it was handled should have
been another warning sign. And, with Yahoo's move and its
consequences (whether they anticipated them or not), we also ran
out of luck.
An onimous phrase, isn't it? But an accurate one, I fear.
Are you suggesting that
process should be closed or moderated somehow?
What I suggested is that we need to have a serious discussion
of what, if anything can be done to ameliorate the damage in
this case. Others have suggested that we also need to look at
how to prevent this from happening in the future. I concur.
agreed.
...
I would add to this that, by its ultimate inaction in the
face of a protracted period of abuse and attempts by
participants to solve that problem within its procedures, the
IETF has abdicated any authority it may have had.
That may be your assessment. Given subsequent comments from
other people, mine is now that this effort was looking for a
rubber stamp, didn't like it when that didn't happen, and
proceeded to skirt around the edges of the process.
With disasterous results.
Exactly.
I'm also concerned that several of these efforts represent back
door approaches to deprecating multi-hop email. Certainly many
things are more convenient in a single hop environment. They
would become even more convenient if all email were to be
handled by a small oligarchy of providers. To the degree to
which one simultaneously believes in openness and privacy, those
would be very sad outcomes.
It's not just multi-hop email - although I agree it's in danger - it's various
semantics of email that happen not be to be useful to commercial email of
various sorts, and whose presence makes the problem more challenging. John
Levine refers to all this as "send on behalf of", which isn't exactly right but
is probably close enough for purposes of this discussion.
I also find it particularly revealing that one of the arguments being made here
is along of the lines of, "Everything else has had to change, why are those
stodgy old mailing list thingies somehow exempt?" Except that's not it at all -
the approach was always essentially, "We're going to screw you, how about you
do X or Y to mitigate the damage a little?" To which the answer, predictably,
was less than enthusiastic.
Ned