Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dick Franks wrote:


On 13 April 2014 00:35, <ned+ietf@xxxxxxxxxxxxxxxxx <mailto:ned+ietf@xxxxxxxxxxxxxxxxx>> wrote:
[snip]


    The real question we should be discussing is what options the IETF
    has to try
    and address this.


IETF has already adequately addressed this issue by its insistence on inclusion of this statement in the document preamble:
   It is inappropriate to use Internet-Drafts as reference


   material or to cite them other than as "work in progress."

An implementation based on I-D reference material is therefore no better than "work in progress".

The blame for this debacle lies squarely with Yahoo, and its inadequate engineering change management.


That's all in the fine print. The folks behind DMARC are representing DMARC as both IETF standards-track - both implicitly (by pointing to a "specification" published as an IETF document) and explicitly (multiple statements along the lines of "intended as... " and "intend to submit), and as mature. Yahoo is using that to justify it's actions ("Today, 80% of US email user accounts and over 2B accounts globally can be protected by the DMARC standard.")

By no sense of the imagination is DMARC a "standard" (or even much of a specification) - IETF or otherwise - much less a mature one.

To my mind, IETF's inaction, and silence is both morally wrong, and carries a longer term risk:

- as the Internet standards body, IETF and its participant have a professional and moral responsibility to speak for "what is an Internet standard," as well as what constitutes responsible implementation, deployment, and operation of Internet protocols -- not just leave it in the fine print

- IETF, to a large degree, dropped the ball on a "standard," that for some period of time was worked on under the aegis of an IETF WG

- allowing someone to represent something as an IETF standard carries a risk to IETF's standing, effectiveness, and credibility as the Internet's standards body (ISO tends to get very upset if someone claims to be ISO9000 certified, but isn't; Xerox sends lawyers after competitors who refer to their copiers as "xerox machines")

From an operational perspective, concerned with the stability and reliability of the Internet infrastructure, this kind of thing really scares me - particularly in the larger context of current discussions over changes to Internet governance. This strikes me as a very clear cut example where our voluntary, cooperative model for doing things is failing very badly -- in large part because none of our institutions of self-governance are stepping up to the plate. ("We wrote a disclaimer in the fine print" is not stepping up to the plate.)

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]