ietf
[Top] [All Lists]

Re: We need an architecture, not finger pointing.

2015-10-26 23:50:04
I think architecture should read like a theory in physics. The simpler
the statement, the more generally it is seen to apply in practice, the
fewer corner cases, the better.

"Does this make money?"

Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf <ietf-bounces(_at_)ietf(_dot_)org> on behalf of Brian E Carpenter 
<brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com>
Sent: Tuesday, 27 October 2015 3:44 PM
To: Phillip Hallam-Baker
Cc: Philip Homburg; John Levine; IETF Discussion Mailing List
Subject: Re: We need an architecture, not finger pointing.

On 27/10/2015 04:26, Phillip Hallam-Baker wrote:

...
I read all my IETF mail through Gmail but I don't own that domain and
so I don't get to make the rules governing it. Instead I use
phill(_at_)hallambaker(_dot_)com which is a domain I own. One of the reasons I
have that domain is so that I have control of my mail and not Google.

Oh, right, so that's why your mail arrives with Google's dkim signature:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:date:message-id:subject:from:to:cc:content-type;
        bh=IBh5MMCj7Oi9anz1BnRTjSN9rwt0xryWllXeoFm/33w=;
        b=ot71/Et+dU2GgseolztwUgGc8Iv3yAZAIjVvvBb7dRxuLc+1QBRdOIEpVrJehRZ+lP
         /B+2nHxixfQHTtuJttus1RjNTlDtwaHnFeon4NlU5HK8odyO4sFUXY4qy3POv3RRgowu
         pxFe6zuWJNqnXErIWW0zeZf8QVfpDjKiTz0RTiK1BSLecjPIdBnPr7mdip0xDmab4XPC
         SoaV0jX3VlpsNVqX4+i0tpCKBXQ/TnzuU1/wXlkM0abfp0VThi+xb7YmNJHp1eahYVa/
         /LEg7ho/I4gy4S92E6cYJAsM+E05h8uBQULFiObWfjRLrFsKt3pxmSloOvroBoKF7iuo
         Mkig==

I suspect that when they start generating DMARC you will get that too.

The architectural description above is reasonably concise and can be
consistently applied. Now consider what sort of architectural
statement would be required to support the folk who allege that DMARC
is somehow broken. Instead of saying the domain name owner gets to
decide how it is used we would have to make separate statements about
the domain name owner and the users who have accounts in that domain.
And to do that we would have to start talking about specific
applications and specific circumstances.


I think architecture should read like a theory in physics. The simpler
the statement, the more generally it is seen to apply in practice, the
fewer corner cases, the better. If you have an architectural statement
that resorts to special pleading, it is a pretty good sign that it is
wrong.

As a rule, I don't think there is anything wrong in the IETF taking
decisions to make things easy for ourselves. But what is the biggest
problem we face? Is it really our personal ability to exchange email
on mailing lists? I thought there were rather more important
objectives at stake.

Actually, yes, the mailing list model and the fact that we contribute
as individuals are both pretty important objectives, not incidentals,
in the way the IETF works, distinctly different from the model in some
other SDOs. And please, I wasn't finger-pointing when I started this thread:
I was asking how do we fix this, since it apparently concerns 15 to 20%
of IETF participants.

Architecturally, we need to validate that phill(_at_)hallambaker(_dot_)com is 
the
genuine sender even after the message has been relayed. DMARC doesn't do
that in its present form.

    Brian