On Aug 1, 2011, at 6:57 PM, John Levine wrote: >> Perhaps. But it's difficult to escape the impression that this is >> another example of IETF failing to solve an important problem by >> focusing on a portion of the problem that's easy to solve, and ruling >> the difficult part out of scope for the time being. > > It's definitely a case of the best being the enemy of the good. > > There are some basic problems with any system of policy assertions: > the people making the assertions may be mistaken or lying (something > we've seen with ADSP), and there are precious few assertions that I > can make that are of any use to you in deciding how to deal with my > traffic. Since you have no reason to believe my assertions unless you > already know me, you need mechanisms for third parties that can opine > about the credibility of self-assertions. Inventing the mechanism is > only medium hard (see RFC 5518) but spinning up vouching services that > provide a usefully large amount of information is very hard. I buy all of the above. Does it follow, then, that the Right Thing to do is to avoid building any other parts of the system (even, say, the reputation service query protocol) until the easiest part is finished? Keith _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf