RE: IP-based reputation services vs. DNSBL (long)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > 2. Ask IETF to charter a working group tasked with developing a protocol
> > for communicating email sender reputation.   The group can consider
> > DNSBL as a possible solution but should not be bound by a requirement to
> > be compatible with it, or to use DNS at all.
> 
>    Lisa and Chris have stated that they're open to consider chartering
> new WG if there seems to be consensus on a charter.
> 
>    What about it, folks?

As one of the people who objected when the previous spam WG was under way, I
now support this proposal to form a new WG to address the technical problem.

I hope the charter, unlike the previous one, will require the development of
a protocol for communicating email sender reputation that can be implemented
in email products without known patent encumbrances that are incompatible
with open source software. Email is simply too important to allow otherwise.

Best,

/Larry


Lawrence Rosen
Rosenlaw & Einschlag, a technology law firm (www.rosenlaw.com)
3001 King Ranch Road, Ukiah, CA 95482
707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243
Skype: LawrenceRosen
Author of "Open Source Licensing: Software Freedom and 
                Intellectual Property Law" (Prentice Hall 2004)

> -----Original Message-----
> From: ietf-bounces@xxxxxxxx [mailto:ietf-bounces@xxxxxxxx] On Behalf Of
> John Leslie
> Sent: Monday, November 10, 2008 12:38 PM
> To: Keith Moore
> Cc: IETF
> Subject: Re: IP-based reputation services vs. DNSBL (long)
> 
>    I find myself in complete agreement with Keith's major points:
> 
> Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote:
> >
> > 1. Several people have argued (somewhat convincingly) that:
> >...
> > It's important to keep these in mind, as they appear to make a
> > compelling case for some kind of standardized reputation service.
> 
>    I might add that we don't need to standardize anything if we're
> happy with what we already have.
> 
> > 2. Several people have also related experiences of valid messages being
> > blocked by such reputation services, and of the difficulty of routing
> > around them and getting their reputations corrected.
> >...
> 
>    Many "ordinary" folks are abandoning email rather than even _try_
> to fix such problems.
> 
> > 3. An informal protocol for reporting reputations using DNS has been in
> > use for several years, and such use has become widespread.  An IRTF
> > group (ASRG) began a useful effort to document this protocol.
> 
>    Such an effort is clearly useful for research purposes, and should
> also be useful for any future attempts at standardization.
> 
> > 4. At some point ASRG decided that the protocol should be on the IETF
> > standards track and has requested such.
> 
>    This is where we went wrong.
> 
>    Well, actually we went wrong quite a while ago, when a prior IESG
> decided not to have a WG considering the spam problem in general. I
> can't entirely blame the folks who have latched onto IRTF's ASRG in
> the absence of an appropriate IESG forum.
> 
>    (And now we're carrying out a flame-war here -- a clear indication
> IMHO that we need an IETF (not IRTF) list to move this discussion to.)
> 
> > This process that produced this proposal reminds me of several patterns
> > I've seen come up often in IETF.
> >
> > 1. The first pattern is when an author or group gets confused between
> > the goal of writing an informational document to describe existing
> > practice, and the goal of writing a standards-track document that
> > describes desirable practice.
> 
>    This is human nature. IETF has developed protections againt this
> (which do not require flame-wars). We should use them.
> 
> > 2. The second pattern is when people insist that a widely deployed
> > protocol is inherently deserving of standardization, without further
> > vetting or changes, merely because it is widely deployed.
> 
>    This is commercial nature. IETF could use better protections against
> this...
> 
> > 3. The third pattern is when a closed industry group, or an open group
> > that is not chartered to develop a standard protocol, insists that its
> > product merits standardization by IETF because it has gained consensus
> > of that group.
> 
>    This is not necessarily bad. But IESG (usually) tries to avoid the
> situation getting this far -- by giving widespread notice of a WG charter
> and encouraging cross-area review _before_ IETF last-call.
> 
> > Such efforts can be considered in the IETF process as individual
> > submissions, but they need a great deal of scrutiny...
> 
>    I entirely agree, even though the necessary scrutiny is easy to
> misinterpret as personal attacks by folks who "don't understand the
> situation".
> 
> > The main point to be made here is that the consensus of an external
> > group means nothing in terms of either IETF consensus or judgment of
> > technical soundness.  In particular, external groups often have a much
> > narrower view of protocol requirements than IETF does.
> 
>    This is important! It's worth reading again.
> 
> > All of these patterns are associated with delays in accepting a
> > standard.  They are also associated with poorer quality standards.
> 
> > So my recommendation to ASRG (and this document's authors) is as
> follows:
> >
> > 1. Abandon the effort to publish draft-irtf-asrg-dnsbl as a standards
> > track document, and instead commit to publishing it as an Informational
> > document as an accurate description of existing practice.  Be sure to
> > document observed limitations of existing practice.
> 
>    This is really easy to do, and wouldn't cause any delays.
> 
> > 2. Ask IETF to charter a working group tasked with developing a protocol
> > for communicating email sender reputation.   The group can consider
> > DNSBL as a possible solution but should not be bound by a requirement to
> > be compatible with it, or to use DNS at all.
> 
>    Lisa and Chris have stated that they're open to consider chartering
> new WG if there seems to be consensus on a charter.
> 
>    What about it, folks?
> 
> --
> John Leslie <john@xxxxxxx>
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/ietf

_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]