RE: Appeal from Tim McSweeney regarding draft-mcsweeney-drop-scheme

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> I have railed against 'vanity crypto' in the past. And there is actually a

> pretty good argument that less crypto is more. But I have since realized

> even that type of gatekeeping is counterproductive. 

 

Some of the COSE registries (for example, at https://www.iana.org/assignments/cose/cose.xhtml#algorithms) have a column marked “Recommended”. I find this helpful, but maybe the language is not as strong as we would like. As IETFers we assume this to mean something more than is written, and perhaps (in order to make clear what is going on) we should be explicit in changing the column heading to “Recommended by the IETF” or by saying s/No/Not recommended by the IETF/ 

 

Doing this in other registries would allow “vanity” registrations while making it clear what the IETF’s opinion is.

 

Cheers,

Adrian

 

From: ietf <ietf-bounces@xxxxxxxx> On Behalf Of Phillip Hallam-Baker
Sent: 22 July 2020 04:18
To: Mark Nottingham <mnot@xxxxxxxx>
Cc: Ted Hardie <ted.ietf@xxxxxxxxx>; IETF <ietf@xxxxxxxx>
Subject: Re: Appeal from Tim McSweeney regarding draft-mcsweeney-drop-scheme

 

On Tue, Jul 21, 2020 at 2:42 AM Mark Nottingham <mnot@xxxxxxxx> wrote:

That's a good summary. To me, the question is whether there are ways to avoid spurious / vanity registrations without creating unnecessary barriers to entry.

 

I have railed against 'vanity crypto' in the past. And there is actually a pretty good argument that less crypto is more. But I have since realized even that type of gatekeeping is counterproductive. 

 

There are some important and valid concerns, the two most important for me being:

 

* Avoiding ambiguity where two communities attempt to use the same scheme.

* Avoiding namespace exhaustion.

There is also:

 

* Enabling interoperability. 

* Ensuring availability of documentation

* Maintaining quality

 

Which are important to some of course. BUT is it worth our time and effort to save people from their own folly unasked? I don't ask people to look at my stuff because I enjoy having people jump up and down on the little pieces. I do it because I want it to work, and to be useful. If people want to shoot themselves in the feets, why not let them?

 

I come to the IETF for advice and to build a deployment coalition for my proposals. I have never come to ask permission.

 

 

The IETF tried to establish a gatekeeper role over DNS SRV prefixes at one point. And it collapsed because there was far more interest in gatekeeping than allowing anyone allocations. When I attempted to register the code points for SAML, the IETF had no process whatsoever and those attempting to create one were still being given the run-around five years after the SAML specs published with code points I made up.

 

The area where I do see a real need for process is defining schemes for existing protocols. Lets say someone invents a pgp: scheme. I think it would be pretty important that such a scheme get community review.

 

Gatekeeping can be a useful function but it can also do immense damage. Stopping one good idea does real harm. And lets not be prejudiced about ideas people have in the shower. I do much of my best thinking in the hot tub. 

 

There have always been people who think that their role in the Internet is to identify bad ideas and stop them happening and that this is doing the community a favor. 

 

So while the second set of concerns are valid, I don't see the IETF achieving anything good by attempting to enforce them, on the contrary, it is only causing harm.

 

 

The IANA protocol directory has been open for some time. I have registered mmm for Mathematical Mesh Services. Now, I ask you, should anyone else be allowed to register mmm for their URI scheme? Seems like that would only lead to confusion. And I would make the exact same argument for ..well-known. 

 

My proposal is this:

 

Collapse the protocol, .well-known and uri registries into one registry of application name labels. Registering a label in the application name labels registry would be 'essentially' first come first served and automatically create reservations for the .well-known and uri scheme, to be used if required.

 

By 'essentially', I mean we should have guards in place to stop speculative reservation of namespace, namejumping and the like. 


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux