+1. The ITU is not evil. It just is not the right place for Internet standards development. As John points out, there are potential uses of the ITU-T for good. On Aug 13, 2012, at 10:50 AM, John C Klensin wrote: > > > --On Monday, August 13, 2012 11:11 +0200 Alessandro Vesely > <vesely@xxxxxxx> wrote: > >> ... >> FWIW, I'd like to recall that several governments endorse IETF >> protocols by establishing Internet based procedures for >> official communications with the relevant PA, possibly giving >> them legal standing. Francesco Gennai presented a brief >> review of such procedures[*] at the APPSAWG meeting in Paris. >> At the time, John Klensin suggested that, while a more >> in-depth review of existing practices would be appreciated, >> the ITU is a more suitable body for the standardization of a >> unified, compatible protocol for certified email, because of >> those governmental involvements. >> >> [*] >> > http://www.ietf.org/proceedings/83/slides/slides-83-appsawg-1.pdf > > Alessandro, > > Please be a little careful about context, as your sequence of > comments above could easily be misleading. > > For the very specific case of email certified by third parties, > especially where there is a requirement for worldwide > recognition (the topic of the talk and slides you cited), the > biggest problem has, historically, been an administrative and > policy one, not a technical standards issue. We know how to > digitally sign email in several different ways -- there is > actually no shortage of standards. While additional standards > are certainly possible, more options in the absence of > compelling need almost always reduces practical > interoperability. Perhaps the key question in the certified > mail matter is who does the certifying and why anyone else > should pay attention. The thing that makes that question > complicated was famously described by Jeff Schiller (I believe > while he was still IETF Security AD) when he suggested that > someone would need to be insane to issue general-purpose > certificates that actually certified identity unless they were > an entity able to invoke sovereign immunity, i.e., a government. > > For certified email (or certified postal mail), your ability to > rely on the certification in, e.g., legal matters ultimately > depends on your government being willing to say something to you > like "if you rely on this in the following ways, we will protect > you from bad consequences if it wasn't reliable or accurate". > If you want the same relationship with "foreign" mail, you still > have to rely on your government's assertions since a foreign > government can't do a thing for you if you get into trouble. > That, in turn, requires treaties or some sort of bilateral > agreements between the governments (for postal mail, some of > that is built into the postal treaties). > > International organizations, particularly UN-based ones, can > serve an important role in arranging such agreements and > possibly even in being the repository organization for the > treaties. In the particular case of certified email, the ITU > could reasonably play that role (although it seems to me that a > very strong case could be made for having the UPU do it instead > by building on existing foundations). > > But that has nothing to do with the development of technical > protocol standards. Historical experience with development of > technical standards by governmental/legislative bodies that then > try to mandate their use has been almost universally poor and > has often included ludicrous results. > > A similar example arises with the spam problem. There are many > technical approaches to protecting the end user from spam > (especially malicious spam) and for facilitating the efforts of > mail delivery service providers and devices to apply those > protective mechanisms. Some of them justify technical standards > that should be worked out in open forums that make their > decisions on open and technical bases. But, if one wants to > prevent spam from imposing costs on intended recipients or third > parties, that becomes largely a law-making and law enforcement > problem, not a technical one. If countries decide that they > want to prevent spam from being sent, or to punish the senders, > a certain amount of international cooperation (bilateral or > multilaterial) is obviously going to be necessary. As with the > UPU and email certification, there might be better agencies or > forums for discussion than the ITU or there might not. But it > isn't a technical protocol problem that the IETF is going to be > able to solve or should even try to address, at least without a > clear and actionable problem statement from those bodies. > > I do believe that the ITU can, and should, serve a useful role > in the modern world. The discussion above (and some of the work > of the Development and Radio Sectors) are good illustrations. > But those cases have, as far as I can tell, nothing to do with > the proposed statement, which is about the development and > deployment of technical protocol standards. > > regards, > john >