On 2/2/2014 4:44 PM, Pete Resnick wrote:
I suspect Ted might be right and this is simply an integration problem.
I'm not sure whether Dave agrees or disagrees with me on this, but I
think we've got the tools in our toolbox already:
I don't know either. Depending upon the specific service goals, it
probably is more than 'integration', which is why I harp on 'usability'.
But some service goals well might make for simplified usability demands.
Some other recent postings are also noting that these sorts of issues
depend heavily on the specific protections that are sought. Absent very
specific statements about the nature of PM threats a given technique is
intended to protect against (and is explicitly /not/ intended to protect
against), along with some indication of community support for such
protections and exposures, we are just doing a random walk through
solution space. Random walks produce random results.
If end users are a factor in a solution, then the real-world of
mass-market user constraints is a factor. There is an extensive body of
knowledge about such users and any proposal needs to pay attention to
that body. A place to start is by excluding all IETF participants from
examples. Another place to start is by distinguishing reasonable
behavioral expectations for configuration-time actions, versus
creation-time, versus posting-time. They are massively different
operating contexts.
So: Define the exact anti-PM service to be sought, define the actors
needed to implement, and then get community agreement that it's an
important goal to work towards. Then we can discuss whether it's
integration or usability or...
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net