spf-discuss
[Top] [All Lists]

Re: Standards Strategy

2005-05-19 15:02:42
At 09:23 PM 5/19/2005 +0200, Frank Ellermann wrote:

David MacQuigg wrote:

> The IETF doesn't want to get involved in the SPF/SenderID
> battle.

"The IETF" is anybody writing on IETF lists, that includes you.

I mean the folks who make the decisions on standards, the IESG and whoever they listen to.

> The best you can expect from them is no interference in how
> each group defines its own method

The best I expect is Bruce seriously trying to find all bugs,
and of course I hope that he won't find any serious bug.  Not
counting "I hate it" as bug, that's already clear.

LOL. Good one. I do appreciate Bruce Lilly's comments, even though they are a PITA. The only problem is when I see him argue on one occasion that we must assume header order gets "randomized" as it crosses the Internet, and on another occasion, no change in header order is allowed. Seems like he picks his position just to be "negative".

> If I understand the IETF "consensus" process, any
> uncompromising minority can block a standard.

That's not the idea, trolls are no serious technical objection.

How do they decide what objections are serious? Do the members of the IESG actually understand all the drafts they vote on, or is there some kind of "inner circle" that they trust to figure things out? Do these "inner circle" folks actually take the time to understand the issues, or do they work from the same prejudices and misconceptions as other participants?

Consensus is not defined in the documents I have found, but since the voting on the IESG is 2 out of 3, I would assume it is something like that in the working groups. Since working group membership is open to all, it seems that a well-organized faction will always have at least the 1/3 necessary to block anything. Even if there is no technical substance to the objections, the arguments will be sophisticated enough that they can't be dismissed as "trolls". That means someone or some group has to take the time to understand all the arguments, and decide which is valid. That seems to be the missing element in what I have seen of the IETF's handling of the email authentication problem.

I'm submitting the Sender's Declaration draft, not with the expectation that it will be accepted, but just to see first-hand how the process works with something so simple it is hard to imagine a valid objection. If something this simple cannot make it through the process, there really is no hope for an inter-operability protocol.

> I expect that will block both SenderID and SPF for many more
> years.

Do you have a serious technical objetion against SPF ?  Besides
from being "baroque" and the known issue of its TXT RR ?  It
was already reviewed by the IESG and -00 passed without a "new
I-D requested" (unlike Sender-ID).

It is my understanding that the forwarding problem and the DNS load problem are serious worries, and that large-scale deployment is needed to resolve these issues. I don't see that happening, in spite of an early burst of domains publishing SPF records. Maybe if there was some measure of progress, and people weren't wasting time fighting Microsoft, I wouldn't be thinking we are in a deadlock. Someone said the recent leveling off of spam is progress. I see no evidence that is a result of authentication, and every reason to believe it is just the zombies being slowly shut down, and spammers not yet moving on to their next trick. Anyway 80% spam is unacceptable, even if it is leveling off. We need a knockout punch.

It is re-assuring the IESG has given a slight nod to SPF, but my guess is Microsoft doesn't care. They don't need IETF to establish a de-facto standard.

And the Sender-ID folks will probably love all the processing
limits and error handling stuff in -01, otherwise they'd simply
roll their own "protocol" I-D based on Mark's drafts.

 <crystalball>
> don't forget about CSV.  They have a lot of influence with
> the IETF, and a strong dislike of both SenderID and SPF.

Of course Dave has a lot of influence, he wrote STD 11 and the
ABNF stuff and tons of more RfCs.  That doesn't mean that he
will kill anything only because he doesn't like it.  He will
look for serious bugs.  And he's too smart to confuse Sender-ID
with SPF.  </crystalball>

What is happening with CSV and IETF? Is this a possible standard? I haven't heard any talk of technical problems. I did raise the issue of DNS load, but the discussion was quashed.

> we all know who has the biggest consortium going.

Sure, the various free and open source "communities".  Bye.

I'm with you in spirit, just not confident of the outcome, and frustrated with the deadlock.

--
Dave
************************************************************     *
* David MacQuigg, PhD     email: david_macquigg at yahoo.com     *  *
* IC Design Engineer            phone:  USA 520-721-4583      *  *  *
* Analog Design Methodologies                                 *  *  *
*                                 9320 East Mikelyn Lane       * * *
* VRS Consulting, P.C.            Tucson, Arizona 85710          *
************************************************************     *



<Prev in Thread] Current Thread [Next in Thread>