Ted,
I started that note before you posted your list of four options
and decided to send it anyway. I think your list is correct
and, since it apparently wasn't obvious from my comments, prefer
your first option.
The reason for the long note is that I don't accept this as
"just life". I believe the IETF has an affirmative obligation
to avoid breaking the Internet -- or the protocols it has chosen
to standardize -- and to avoid encouraging those who choose to
do so. Assuming there is no disagreement that the problem is
real, one implication of that involves a very strong preference
for bringing work to the IETF while it is still at (or before)
the design phase rather than having something half-designed
elsewhere, deployed, and them brought to the IETF on either as
"standardize this as is because it is deployed" or a "you folks
in the IETF can now straighten out the mess we made by
developing and deploying this without thinking through the
implications". Given that the problem is real, the IETF of
course has some obligation to take it on in a serious way.
When the breakage is bad enough (and I'm not taking a position
on whether DMARC is) and is the result of an action by a
dominant player or collection of them, I also believe that we
(individually if not in the name of the IETF, have a
professional obligation to initiate or participate in
discussions with appropriate authorities about anticompetitive
and/or monopolistic behavior.
Finally (and here is where I demonstrate that I'm very far out
in the rough), your comment about Canter and Siegel identifies a
different, but to me important, issue. Suppose we have a
community that as a significant problem with either domestic
animals or humans defecating on the sidewalks. Obviously one
option is for everyone who lives there or visits to become very
careful about where they step, but that has a number of serious
implications. Another is to prohibit doing that and to also
have "clean up after your pets and offspring" rules. However,
carrying around appropriate bags and pick-up instruments is
annoying and experience indicates that, unless those rules are
enforced (as either a matter of law or effective community
outrage), there will still be a lot of s**t on the streets.
That becomes interesting as a social problem because, if a group
of well-meaning people springs up to come around the community
every day and clean up previously-untended messes, any pressure
to punish or otherwise deter those who are responsible for those
messes disappears (and more people may be encouraged to stop
going to the trouble of cleaning up after themselves and their
pets). On the other hand, if those spontaneous and well-meaning
efforts do not occur, then the pressures within the community to
punish those who cannot be bothered to do the cleaning up rise
until either such measures are taken or the community, including
the non-offenders, are explicitly taxed to provide funding for
claiming up the problem.
There are aspects of the spam problem that are a lot like that.
Many of the significant costs are incurred as soon as the
messages start to cross the Internet. Solutions that involve
filtering the messages so they cannot be delivered do nothing to
address that problem, nor to impose costs on the message
originators. Instead, by mitigating the nuisance value of the
spam and the risks to the recipient of whatever comes with the
spam messages, they have the side-effect of reducing the
incentives to find the spammers and punish their behavior in a
serious enough way to deter the practice. Indeed, if the
spammer's objective is to get a certain number of messages
through, actions that increase the percentage of spam messages
that are blocked near the delivery point may create an incentive
to increase the number of messages sent and hence the burdens on
the network and the costs to those who maintain mail delivery
systems.
Again, I am not suggesting that the IETF (or anyone else) try to
ignore the spam problem. However, it seems to me that we need
to think a bit more about the whole system, evaluate questions
like how much we are willing to give up for the privacy
advantages of hard-to-trace message origins, and generally be
careful what we wish for.
best,
john
--On Friday, November 04, 2016 11:21 -0400 Ted Lemon
<mellon@xxxxxxxxx> wrote:
> Forgive me if this isn't as respectful as it could be, but
> your rather long dissertation on the problem didn't actually
> say what would go wrong if we did something about it. Is
> there something missing from the summary I wrote and sent to
> the mailing list yesterday?
>
> This is an operational issue, not a philosophical issue.
> People are trying to get work done, and a problem created by
> people other than them is preventing them from getting work
> done. Worse, it's doing it in a way that is difficult for
> third parties to detect, and that has resulted in people
> unexpectedly and unknowingly not getting email they needed to
> get.
>
> This is a _really serious problem_. Arguing that we
> shouldn't solve it because we have philosophical issues is
> silly. It's like arguing that we shouldn't have
> firewalls, which break IP in exactly the way you described,
> because they are bad on a philosophical level. They _are_
> bad on a philosophical level. We, the IETF, are not going to
> stop people from installing them, because they are _good_ on
> an ops level. The idea that we shouldn't solve problems
> like this regarding email went out the window when Canter and
> Siegel came on the scene.
>
> That's just life. So if you have a technical reason why
> fixing this problem is a bad idea, please share it. And I am
> always interested in your philosophy. But I do not think you
> have made a valid technical argument against the IESG
> addressing this operational problem.
>