John Klensin writes: > --On Wednesday, April 16, 2014 23:00 -0700 > ned+ietf@xxxxxxxxxxxxxxxxx wrote: > >> It seems extreme to lay blame on the IETF in general > >> merely for having an open mechanism by which to post a draft > >> for all to see and discuss. A "Request For Comment", as it > >> were. > > > > You may think it extreme. I don't. I think the IETF's politics > > have led to it inching closer to moral hazard territory for a > > long time, and with this incident it has stepped in it. > Indeed. We have had warnings about where the ability of anyone > to post anything and then claim IETF approval in external > contexts without any fear of meaningful pushback would lead for > a long time. It hasn't been significantly damaging before > because (i) we have been lucky and (ii) attempts to manipulate > the mechanisms have come from outsiders, not insiders. Nicely put. I completely agree. > With DMARC, the ability to claim IETF responsibility when that is > handy and that the IETF has no control when _that_ is handy have > now been utilized by insiders. Or by people with better access to insiders. It's hard to tell, and I'm not sure it really matters. > That comes after a history of > the less effective approach of bringing specs into IETF WGs and > then claiming that fundamentals cannot be changed because they > were developed by experts in another forum. As I think Ned > suggested, the ADSP issue and how it was handled should have > been another warning sign. And, with Yahoo's move and its > consequences (whether they anticipated them or not), we also ran > out of luck. An onimous phrase, isn't it? But an accurate one, I fear. > >> Are you suggesting that > >> process should be closed or moderated somehow? > > > > What I suggested is that we need to have a serious discussion > > of what, if anything can be done to ameliorate the damage in > > this case. Others have suggested that we also need to look at > > how to prevent this from happening in the future. I concur. > agreed. > >... > >> I would add to this that, by its ultimate inaction in the > >> face of a protracted period of abuse and attempts by > >> participants to solve that problem within its procedures, the > >> IETF has abdicated any authority it may have had. > > > > That may be your assessment. Given subsequent comments from > > other people, mine is now that this effort was looking for a > > rubber stamp, didn't like it when that didn't happen, and > > proceeded to skirt around the edges of the process. > > With disasterous results. > Exactly. > I'm also concerned that several of these efforts represent back > door approaches to deprecating multi-hop email. Certainly many > things are more convenient in a single hop environment. They > would become even more convenient if all email were to be > handled by a small oligarchy of providers. To the degree to > which one simultaneously believes in openness and privacy, those > would be very sad outcomes. It's not just multi-hop email - although I agree it's in danger - it's various semantics of email that happen not be to be useful to commercial email of various sorts, and whose presence makes the problem more challenging. John Levine refers to all this as "send on behalf of", which isn't exactly right but is probably close enough for purposes of this discussion. I also find it particularly revealing that one of the arguments being made here is along of the lines of, "Everything else has had to change, why are those stodgy old mailing list thingies somehow exempt?" Except that's not it at all - the approach was always essentially, "We're going to screw you, how about you do X or Y to mitigate the damage a little?" To which the answer, predictably, was less than enthusiastic. Ned