I find myself in complete agreement with Keith's major points: Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote: > > 1. Several people have argued (somewhat convincingly) that: >... > It's important to keep these in mind, as they appear to make a > compelling case for some kind of standardized reputation service. I might add that we don't need to standardize anything if we're happy with what we already have. > 2. Several people have also related experiences of valid messages being > blocked by such reputation services, and of the difficulty of routing > around them and getting their reputations corrected. >... Many "ordinary" folks are abandoning email rather than even _try_ to fix such problems. > 3. An informal protocol for reporting reputations using DNS has been in > use for several years, and such use has become widespread. An IRTF > group (ASRG) began a useful effort to document this protocol. Such an effort is clearly useful for research purposes, and should also be useful for any future attempts at standardization. > 4. At some point ASRG decided that the protocol should be on the IETF > standards track and has requested such. This is where we went wrong. Well, actually we went wrong quite a while ago, when a prior IESG decided not to have a WG considering the spam problem in general. I can't entirely blame the folks who have latched onto IRTF's ASRG in the absence of an appropriate IESG forum. (And now we're carrying out a flame-war here -- a clear indication IMHO that we need an IETF (not IRTF) list to move this discussion to.) > This process that produced this proposal reminds me of several patterns > I've seen come up often in IETF. > > 1. The first pattern is when an author or group gets confused between > the goal of writing an informational document to describe existing > practice, and the goal of writing a standards-track document that > describes desirable practice. This is human nature. IETF has developed protections againt this (which do not require flame-wars). We should use them. > 2. The second pattern is when people insist that a widely deployed > protocol is inherently deserving of standardization, without further > vetting or changes, merely because it is widely deployed. This is commercial nature. IETF could use better protections against this... > 3. The third pattern is when a closed industry group, or an open group > that is not chartered to develop a standard protocol, insists that its > product merits standardization by IETF because it has gained consensus > of that group. This is not necessarily bad. But IESG (usually) tries to avoid the situation getting this far -- by giving widespread notice of a WG charter and encouraging cross-area review _before_ IETF last-call. > Such efforts can be considered in the IETF process as individual > submissions, but they need a great deal of scrutiny... I entirely agree, even though the necessary scrutiny is easy to misinterpret as personal attacks by folks who "don't understand the situation". > The main point to be made here is that the consensus of an external > group means nothing in terms of either IETF consensus or judgment of > technical soundness. In particular, external groups often have a much > narrower view of protocol requirements than IETF does. This is important! It's worth reading again. > All of these patterns are associated with delays in accepting a > standard. They are also associated with poorer quality standards. > So my recommendation to ASRG (and this document's authors) is as follows: > > 1. Abandon the effort to publish draft-irtf-asrg-dnsbl as a standards > track document, and instead commit to publishing it as an Informational > document as an accurate description of existing practice. Be sure to > document observed limitations of existing practice. This is really easy to do, and wouldn't cause any delays. > 2. Ask IETF to charter a working group tasked with developing a protocol > for communicating email sender reputation. The group can consider > DNSBL as a possible solution but should not be bound by a requirement to > be compatible with it, or to use DNS at all. Lisa and Chris have stated that they're open to consider chartering new WG if there seems to be consensus on a charter. What about it, folks? -- John Leslie <john@xxxxxxx> _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf