Re: Fwd: Re: IP: Microsoft breaks Mime specification
I fear that I made a notable mistake in the original suggestion that we somehow deal with Conformance. In fact, I agree entirely that the issue of concern is Interoperability. As I have noted before, I also agree that the IETF is the wrong place to deal with the problem by serving as the judge and jury. Whatever might be done needs to be a Market Based Initiative. My apologies for setting the wrong course...\Stef At 17:33 -0800 26/01/02, Bob Braden wrote: * * But the use of a trademark, which stands for complies with RFCs * could be incredibly valuable. * Kyle, I suggest that you read RFCs 1122 and 1123 from cover to cover, and then ponder whether the nice-sounding phrase complies with the RFCs has any useful meaning. Perhaps you will begin to understand why the IETF Way is interoperability testing, not conformance testing But you are free to make your proposal at IAB plenary of the next IETF. This discussion is in a loop. Bob Braden
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
Interoperable with what? Probably as a solution to this question, the logo yanking process should basically boil down to, a system of checks and balances, as originated by someone who isn't happy with a vendor. Kind of like an Ombudsman in the standards community who's power is to reduce the marketability of a given product. Over time this power could grow significantly, and become very critical. If it did, that would be wonderful for everyone, because interoperability, as a whole benefits the Community as a whole, and puts the emphasis on superior implementations, and not on standards control. I.e., the issue be raised by whoever has the grievance with a given, logo-endowed vendor. He/she makes a list of the specific interoperability problems they are having. This is then submitted, in some official capacity to both the vendor and the ISOC. If the ISOC (or some other group / committee in charge of this) feels the complaint is a justified violation of good faith interoperability, they can submit it to the vendor, and say they are beginning the procedure for logo yanking. It should take maybe 12 months (maybe longer for some hardware issues) and give the vendor double the normal time. I guess it would need to be enforced by whatever Ultimately the process of logo yanking really amounts to the process of taking away a benefit, as opposed to a punishment. Being able to put the logo on a product is certainly a significant benefit, from a marketing standpoint. If the logo becomes recognized and enforced in contracts, it could, some day down the way, become a very potent thing. Overall there are three general benefits that this kind of an idea would deliver: - Increased interoperability, all around, help to curtail bad vendor behavior. If product designers know how important the IETF logo is to have on their product, they are going to think about that at the early stages of product development. - Increased marketability of products delivered by interoperability-caring vendors. - More money for ISOC/IETF functions. The downsides are the application fee ($100), a little bit of time on the part of whoever owns the trademark (but the reg fees could deliver sufficient administrative budget to handle that). Frankly, I don't think it should be up to external government systems or others to reign in badly behaving vendors. It is up to *US* the engineers to reign these people in. My increasing view is that it really is up to us. We're engineers, we can understand far better how to keep other engineers in line better than anyone else. We've all had that errant engineer working in our company. The ego guy, or the lazy guy, the arguer, whatever. Engineers know how to handle engineers. The problem today is that we know how to handle bad vendors, but we do not have the capacity to get them to do, well, anything to address interoperability. If we can tie a rope around the the proverbial money stream of a bad vendor, we help to insure it makes financial sense to be a good vendor. Personally, I think the time has come for something like this. I'm tired of misbehaving people and abusive people. It's horrifically inefficient. There are *SO MANY* problems IT has to solve, the one thing we shouldn't have is standards battles. Technology is hard as hell for normal people to use. *THAT* is the battle technology vendors should be focusing on, not these blasted standards battles, which are ridiculous in their own right. The enemy here is the standards control business model. The victors should be the best implementors. This kind of a thing is only dangerous to people who view the end all and be all of their livelihood to be the proprietorization of standards. That kind of behavior is the enemy of both IETF as a whole, and the entire technology industry. Because it makes it harder on everyone, because everyone has to learn multiple technologies, and you have varied benefits laying all over the place. It's not like there is a shortage of IT problems to solve. Everything is too hard to use. Fundamentally, government shouldn't be reigning in bad vendors, *WE* should be, and the way to do it is to tie a rope around the marketability of Internet Compliant products, and then educate CIOs about the importance of this. The thing I always hated about certification/conformance, blah blah, is that it imposes a static, fixed cost on all parties and isn't issue driven. I like this idea, because you pay your $100, you get improved product marketability in return, and it is totally problem or issue driven, as opposed to a static/fixed cost being eaten by all vendors, good or bad. Kyle Lussier AutoNOC LLC
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
If it's easy-in, it's not *worth* much. I definitely agree with that, see below. TYPO: Should be I definitely disagree with that. Hell, as another example. If you are born rich, with a lot of money, that didn't take any effort, and it *MEANS* a lot. In this idea, everyone is born RICH.. but did you ever try to take away a rich person's money? That's like this idea is. Rich people fight their asses off to stay rich. That's what this logo is all about. Your born RICH, but if you misbehave, you can lose all your money. Kyle Lussier AutoNOC LLC
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
If it's easy-in, it's not *worth* much. I definitely disagree with that, see below. A UL rating is worth something because it requires some effort. An ISO9001 cert means something because it requires some effort. An MCSE means something because it requires some effort. A driver's license means something because it requires some effort (OK, maybe not a LOT, but enough to pass the road test ;) A diploma from an unaccredited send us a check, we'll send you a sheepskin diploma-mill doesn't mean anything because there's no real effort to be made. Which of these 5 is your scenario most like? None of the above. I assume you *think* it means the diploma from an unaccredited university. But since when was the IETF unaccredited? Actually, the thing I think it is most similar to is citizenship, such as US citizenship. Which takes *0* effort to gain, and means *A LOT*. :) Kyle Lussier AutoNOC LLC
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
But since when was the IETF unaccredited? Ahh.. obviously you don't really understand the Tao of the IETF. ;) Hey... the IETF is fully accredited in my mind :). A lot more accredited than some of the other accredited universities around. Now.. so why did you skip over my comparison of a closest match to product citizenship? It's might convenient to give me a list to work with, which the idea doesn't fit into, and then skip over my own addition to the list :) If all products are born proverbially RICH, and gain the market acceptance as having been derived from the use of the logo, trust me, ... your not going to want to lose that logo. At first would it be meaningless? Sure. The logo will have zero meaning until it makes it's way into a few contracts and the minds of a few CIOs. By creating a logo, there has to be demand for the logo. The value of the logo is in the demand that it creates, and in the differentiation of other products that it creates. In a competitive market, everyone is looking to differentiate, accept the people who have proprietary standards at risk. Fundamentally, the logo is really about giving standards-supporting products a leg-up in the market. Well, we can argue this until we're both blue in the face. The reality is... you've got my idea on the table. We absolutely need something, so what's your idea? Or are you just saying don't do it, because it's not part of the IETF. That may be the correct answer, I don't know. That's what we're here to find out. Never bring a criticism to the table without a better solution :). Kyle Lussier
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
Kyle Lussier wrote: [..] I seem to be getting two conflicting viewpoints: #1 Vendors can only be trusted to be interoperable on their own, and can not be forced to conform. #2 Vendors absolutely can't be trusted to be interoperable, without conformance testing. Kyle, in all kindness, you're missing the most fundamental viewpoint expressed here recently: The IETF isn't the place, nor is it the organization, that could or should take on the role of interoperability-cop. cheers, gja
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
Apparently, you've never undergone the effort it takes to actually BECOME a US citizen...otherwise you'd NEVER characterize that effort as *0*. Being born in the US or its territories and thus having citizenship by birth versus becoming one through naturalization are entirely different. Well I agree with this absolutely. In any case, welcome to US citizenship for all those who have been through the process. I know it's a bare, so let me personally apologize on behalf of my government, for the fact you had to go through that. So I guess the thing we can learn from INS is to streamline the naturalization process for external proprietary products? :) Kyle Lussier AutoNOC LLC
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
I seem to be getting two conflicting viewpoints: #1 Vendors can only be trusted to be interoperable on their own, and can not be forced to conform. #2 Vendors absolutely can't be trusted to be interoperable, without conformance testing. Kyle, in all kindness, you're missing the most fundamental viewpoint expressed here recently: The IETF isn't the place, nor is it the organization, that could or should take on the role of interoperability-cop. Some have proposed the ISOC as a body to do this kind of thing. Is it also public opinion that the ISOC should or shouldn't do something like this? I agree with all of everything being said. We mostly just need to find the right body to do this kind of thing, and it's still gotta be a jury of peers for it to have any value. We need a United Nations of Standards Citizenship. Kyle Lussier AutoNOC LLC
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
Kyle Lussier wrote: I seem to be getting two conflicting viewpoints: #1 Vendors can only be trusted to be interoperable on their own, and can not be forced to conform. #2 Vendors absolutely can't be trusted to be interoperable, without conformance testing. Kyle, in all kindness, you're missing the most fundamental viewpoint expressed here recently: The IETF isn't the place, nor is it the organization, that could or should take on the role of interoperability-cop. Some have proposed the ISOC as a body to do this kind of thing. Is it also public opinion that the ISOC should or shouldn't do something like this? I agree with all of everything being said. We mostly just need to find the right body to do this kind of thing, and it's still gotta be a jury of peers for it to have any value. We need a United Nations of Standards Citizenship. Kyle, please don't take this the wrong way, but don't you think you've had your say on this subject? I count 31 messages from you on this topic since last Tuesday, including seven today. There are some people who share your interest, but the community seems to agree this is not the forum you seek. If you think ISOC might be the place, please take it over there, but personally I think it's time to let this one die here. Would somebody please mention Adolf Hitler so we can declare this thread complete? AD-thanks-VANCE... - peterd -- - Peter Deutsch [EMAIL PROTECTED] All my life I wanted to be someone. I suppose I should have been more specific. - Jane Wagner -
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
On Sun, 27 Jan 2002 18:39:39 PST, Peter Deutsch said: Would somebody please mention Adolf Hitler so we can declare this thread complete? The IETF is not the place for protocol nazis. Done. ;)
Re: Fwd: Re: IP: Microsoft breaks Mime specification
* * But the use of a trademark, which stands for complies with RFCs * could be incredibly valuable. * Kyle, I suggest that you read RFCs 1122 and 1123 from cover to cover, and then ponder whether the nice-sounding phrase complies with the RFCs has any useful meaning. Perhaps you will begin to understand why the IETF Way is interoperability testing, not conformance testing But you are free to make your proposal at IAB plenary of the next IETF. This discussion is in a loop. Bob Braden
Re: Fwd: Re: IP: Microsoft breaks Mime specification
* But the use of a trademark, which stands for complies with RFCs * could be incredibly valuable. I suggest that you read RFCs 1122 and 1123 from cover to cover, and then ponder whether the nice-sounding phrase complies with the RFCs has any useful meaning. Perhaps you will begin to understand why the IETF Way is interoperability testing, not conformance testing But you are free to make your proposal at IAB plenary of the next IETF. Thanks for the comments Bob! I think there is very much a misconception as to what I am proposing. As I've mentioned, I absolutely, positively do not want conformance testing, of any kind! Purely an IETF endorsed logo. If you *want* to use a logo, you send in your $50-$100, sign the agreement that says your product works with the RFCs, and you get permission to use the trademark. Procedures would have to be in place to provide a logo yank process in eggregious abuses. It shouldn't be easy to yank a logo, it should be thoroughly peer reviewed. I wouldn't even mind if it took 12 months+ to yank a logo. What I am fundamentally looking for here is a procedure by which there is a control mechanism for defining a vendor trying to be interoperable (which is a huge consumer, customer, and vendor benefit) vs. a vendor that is using taking standards and abusing them in the marketplace. When you yank the logo, it's not like you can't still sell your product. It's just for us, as a vendor, having something like this allows us to contract to supporting interoperable third party vendors that are well behaved, and we get an opt-out on vendors whom the IETF community has put a big red X on. Zero, and I repeat Zero conformance testing. The reality is, standards and RFCs are going to get it only mostly right the majority of the time, and standards need to change. But the good faith intentions of a vendor towards interoperability should not change. The very simple logo idea I am proposing is purely a visible rating system at to the good faith intentions of a vendor to be interoperable. I am just saying, we need to reward intoperable vendors with the logo, and give CIOs the option to sign deals with vendors who are truly faithful to standards. I think this idea could help all of the markets significantly in terms of giving everyone a visible mark of interoperability. You get the mark until you absolutely, positively aggregiously abuse it. For 99% of the companies supporting IETF this will be extraordinarily valuable, and help all of us sell our products as well as get some money to have some IETF parties. :) This will only be a pain in the butt for the 1% of particularly powerful vendors who are unwilling to support IETF standards. Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
On Sat, 26 Jan 2002 18:14:56 PST, Kyle Lussier [EMAIL PROTECTED] said: It's just for us, as a vendor, having something like this allows us to contract to supporting interoperable third party vendors that are well behaved, and we get an opt-out on vendors whom the IETF community has put a big red X on. There's problems here: 1) Two logo'ed products can still fail to interoperate. Remember - this thread was started by a failure to interoperate. But by the time the IETF even *heard* about the MIME bug that started this discussion, the vendor had already acknowledged it was a bug, and assigned a bug ID to it. So the vendor is being responsive, keeps the logo - and it didn't tell you anything about the product. 2) Two X-out'ed products can still manage to interoperate. 3) If there's *no* conformance testing, what does it *actually* tell you other than the company had $100 and bothered sending it in?. 4) What do you do if you spec that logo on an RFP, and only one vendor has a logo'ed product - and it's the worst of the bunch? I have in my bedroom a night light, which I purchased at a local grocery store. It has a UL logo on it, which doesn't tell me much about its suitability as a night light (I can't tell if it's bright enough, or if it's too bright, or what its power consumption is), but it *does* tell me 2 things: 1) It has been *tested* and found free of any known safety design problems. It may not *work* as a night light, but it won't shock me when I go to throw it in the trash can because it's not suitable. 2) A high enough percentage of night light manufacturers get UL listed that I can afford to be suspicious of any company that doesn't have the logo on their product. Ask yourself this - if there's no up-front testing of minimum compliance, how is the $100 any different from the money customarily paid in some parts of the world to the representatives of the local insert ethnic-based organized crime syndicate? Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
Kyle Lussier wrote: [..] As I've mentioned, I absolutely, positively do not want conformance testing, of any kind! [..] What I am fundamentally looking for here is a procedure by which there is a control mechanism for defining a vendor trying to be interoperable (which is a huge consumer, customer, and vendor benefit) vs. a vendor that is using taking standards and abusing them in the marketplace. Interoperable with what? Interoperability testing occurs between implementations, and doesn't require reference to a document or specification. Conformance testing is, essentially, interoperability testing against an implementation that has previously been declared standards-compliant - the reference implementation. Your process for yanking a logo requires a vendor's implementation to fail an interoperability test against a known standards compliant implementation. Anything less would make the logo meaningless. That smells dangeoursly like conformance testing. And that's why you're getting such push-back. cheers, gja
Re: Yes, conformance testing required... Re: Fwd: Re: IP: Microsoft breaks Mime specification
Your process for yanking a logo requires a vendor's implementation to fail an interoperability test against a known standards compliant implementation. Anything less would make the logo meaningless. That smells dangeoursly like conformance testing. And that's why you're getting such push-back. Well, this comment is undoubtedly going to cause some more push-back. :) I seem to be getting two conflicting viewpoints: #1 Vendors can only be trusted to be interoperable on their own, and can not be forced to conform. #2 Vendors absolutely can't be trusted to be interoperable, without conformance testing. I guess everyone approaches things in different ways. And that's why I made the proposal. Because this idea works with either viewpoint. Personally, in this particular kind of massively distributed, diverging objectives scenario, I say trust everyone to do what's right and then use the logo yanking process to (1) identify ill behaving vendors / products, (2) give them double reasonable opportunity to correct, and then in the absence of any good faith effort (3) publicly (but nicely) flog them by yanking the logo. Trust everyone to do what's right. Reward the people who do the right thing (by allowing them to use the logo). And people who do the wrong thing can lose it. I'm not really a believer in conformance testing, because the space of the Internet is so rapidly evolving, anything you test against is a moving target, and because something conforms at one point, it may not next week. I think that sentence addresses the majority of problem-type criticism the idea has had. I am absolutely on everyone's side and agree with everything posted as such. Everyone has listed problems, but no one has said they can't be worked around. I'm just looking for a solution that creates significant, immediate benefit for people who try to follow standards. And when bad vendors come around and start doing bad things to hurt interoperability (an incredible benefit to customers, consumers, you name it), the IETF makes it easier for Mostly, I'm looking for some level of easy-in product segmentation for contractual, customer visibility, and CIO empowerment type things. If you are a vendor, and your customer gets pissed at you and says you aren't being a good vendor, and you said you would be, it gives them an angle to push. A slow, bureaucratic one, but a way to lead vendors, through reward, to do the right thing. Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
Perhaps the thing to do is make the results of interoperability testing public - only for shipping versions of software. Developers can then develop and fix their bugs and not get bad press about not yet shipped products. And when they do ship their product it seems fair their competitors and the press can broadcast their noncompliant products. If it is a bug, they will fix it. If it is not, then they get bad press. begin:vcard n:Royer;Doug tel;pager:[EMAIL PROTECTED] tel;cell:208-520-4044 tel;fax:866-594-8574 tel;work:866-594-8574 x-mozilla-html:FALSE url:http://Royer.com/People/Doug org:INET-Consulting LLC http://INET-Consulting.com adr:;;1795 W. Broadway #266;Idaho Falls;ID;83402; version:2.1 email;internet:[EMAIL PROTECTED] title:Chief Executive Manager x-mozilla-cpt:;-10400 fn:Doug Royer end:vcard
S/MIME again??, Re: Fwd: Re: IP: Microsoft breaks Mime specification
Vernon Schryver wrote: ... It is all about as interesting as another recent arrival's descriptions of how we talked about the Internet in cafeterias in the old days before it really existed. Since I made that comment... yes, that is what we (maybe not you) did back in 1992 when I started to notice and use the Internet. That's only 10 years ago. I guess hindsight is always 20/20, but the idea of self-regulation needs IMO a grain of salt. At least, we could have public non-conformance notes. But, heaven forbid, no certified trademark program. Have we all forgotten S/MIME?? Cheers, Ed Gerck
Re: Fwd: Re: IP: Microsoft breaks Mime specification
Without wishing to drag this thread on yet longer... --On Wednesday, January 23, 2002 08:49 -0800 Kyle Lussier [EMAIL PROTECTED] wrote: The entire process will certainly have an impact on the organization, even if certification is never revoked. The process of developing test specifications is slow, tedious, and about as alluring as the prospect of writing a MIB. It tends to attract relatively few people As I said... no test specifications. Just $100, say you are complying, boom you have the logo and the trust of IETF. US$100 is still a lot of money for some people. *Any* amount of money may be too much for some people, especially if they're in part of the world where wiring US$100 would be difficult/impossible. It's up to an IETF working group to challenge that trust and threaten to yank the logo, which is the one true mark of that trust. Is this a working group that's there just to oversee mark value? If so I'm not sure I see how it would work, given the massively diverse set of knowledge that would be required. If you mean the current working groups, then what happens when there isn't a current working group to oversee something that can carry a mark? No one wants to be bogged down with bureaucracy, but I don't mind filling out an application, sending in $100, and getting the logo. If I become a bad vendor, then people in an IETF WG can move to yank my logo. There should be a process for the yanking of the logo that is very fair, and arguably should happen over a period of time, be pretty lenient and give vendors more than ample time to do the right thing. The goal here isn't to punish vendors, rather, to promote standards, and created a trusted one true mark that says you have the trust of the IETF. CIOs can use that mark as a differentiator with products and can choose to not buy from vendors that lose that trust... The problem here is that while presence of logo is still pretty meaningless, non-presence of logo is totally meaningless. If there's no logo it can mean that the product is very very bad and doesn't work properly, or it could equally mean that the product is perfect and the author just hasn't done the certification. Or is there a requirement for folks that have had their marks pulled to instead display a logo saying we're broken?
Re: Fwd: Re: IP: Microsoft breaks Mime specification
That's the only way I see to do it, not to mention, if it's cheap and easy, lots of people will do it, and you would generate a $10m legal fund so that it had some teeth. Are you that sure that there are 100,000 seperate products that would want to have the logo attached to them, and willing to pay $100 for it? /Valdis Well... I don't know about that, ask a marketing guy :). I know we would buy a couple for our different products, primarily because we know seeing IETF Certified with be a big value add to them. It may be that our product would benefit more from that than others, but I know we would buy enough to cover the cost of the trademark over a year or two, at a minimum. Kyle Lussier
Re: Fwd: Re: IP: Microsoft breaks Mime specification
If a vendor *fixes* something and we get burned that bad, what makes you think that yanking the right to use a logo will change anything? Well, the whole point of it is to give CIOs and IT Managers the ability to write into their contracts IETF Compliance or no money. CIOs would still need to choose to do this of course, but, as I mentioned before, I know a number of them that are ready to strangle some of their badly behaving vendors. In the economy of today, if large implementations don't go well, as a CIO, you are out the door. IETF Compliance can go a long way torwards helping secure the jobs of our CIOs by reducing interoperability headaches and vendor standards infighting. Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
This all sounds like you're being a tad fluffy on the business side here... Well.. I burst out loud laughing on that one. I guess other certification efforts, that cost $5000+ for logo compliance aren't fluffy? But the biggest problem here is that you've just created a $10M annual cashflow for the IETF to manage. This would be a massive infusion of cash for an entity that today runs on cookies and good will. Do you really think that you can put $10M (or gosh forbid, $10M *a year*) into a bank account without it starting to attract attention? History tells us it would immediately generate its own infrastructure to consume it (have you looked over at the DNS world recently?) You are right about all of this. I'm just looking for solutions to strengthen vendor compliance. Ed Gerck's Non-Compliance list is a great solution, that would probably meet our needs for contracts... which is where this discussion (from my perspective) came from. Maybe the IETF doesn't want the cash flow? Kind of sounds like it :). Worst case... have big IETF parties, courtesy of trademark registrations. Try for a moment to image the new class of problems this will entail for the IETF (and the new class of people who would show up for the budgeting and cashflow management working group) if the IETF was suddenly worth $10M a year. Remember the old curse be careful what you ask for, in case you actually get it... Your problem here is that your business case seems to fail the smell test. You are right about all of this of course. But, hey if you really feel this has merit, I encourage you to go off for a while and work up the details. But be *really* specific. Personally I'm particularly interested in your business plan because after all, you're asking for at least $10M and the market has been down for the past year. If you can build a business that generates $10M a year with *this* idea, it would suggest that the downturn is finally over... Well.. let's be clear, I don't necessarily even want to do this. I'd prefer it if we didn't actually, because all these integrity issues would appear that would cloud the vision of our product. We are a vendor, we want to make as much money as possible, and we want to do that by building the best product, on the merits, that supports the standards. But we need the standards to mean a lot more than it currently does. Maybe someone in academics should organize it. Is there like one of those NSF Engineering Research Centers for the Internet or anything? A group like that, with accounting, budgeting, etc. should probably run this kind of thing. They are always looking for ways to generate fees on industry, but they often have leaders with a great deal of integrity, so a group like that might be ideal. I just know, that as a business, we would buy the logo, and educate CIOs about the importance of it. So please include some market research on your numbers. I'd also like to see the detailed proposals outlining your processes, and I'd like to the names and fee schedules for the lawyers you've hired to vet all this. And finally, if you can work in seven layers somewhere I'd be willing to resurrect some old T-shirts from the early nineties for you, back from before people started taking the IETF this seriously... Don't blame me, I'm just a visionary trying to offer new possible solutions :). Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
From: Kyle Lussier [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Date: Wed, 23 Jan 2002 08:49:49 -0800 ... It's up to an IETF working group to challenge that trust and threaten to yank the logo, which is the one true mark of that trust. You do not understand how the IETF works. Working Groups are transient bodies tasked to do what is in their charter and then disolve. For example, right now, there is no WG dealing with SMTP or MIME in general. (The S/MIME working group is working only on certain security aspects of certain MIME constructs.) In other words, only in the rare instance of a WG that is writting a new protocol or generally revising an old one is there a WG which has any sort of general overview of a protocol. And even then, the output of the WG has no authority unless approved by the IESG and the WG ceases to exist when its job of writting or revising the protocol is done. The only permanent bodies in the IETF are the IESG, IAB (and perhaps, depending on how you look at it, the NOMCOM, IRSG, RFC Editor and IANA). While not a member of any of these bodies, it is my belief that they would all be opposed to the imposition on them of the burden you are so zealously promoting. ... Kyle Lussier AutoNOC LLC Donald
Re: S/MIME again??, Re: Fwd: Re: IP: Microsoft breaks Mime specification
From: Ed Gerck [EMAIL PROTECTED] ... It is all about as interesting as another recent arrival's descriptions of how we talked about the Internet in cafeterias in the old days before it really existed. Since I made that comment... yes, that is what we (maybe not you) did back in 1992 when I started to notice and use the Internet. That's only 10 years ago. I guess hindsight is always 20/20, but the idea of self-regulation needs IMO a grain of salt. At least, we could have public non-conformance notes. ... There's nothing wrong in remembering when one first encountered something. It's not good to urge changes on an organization based on reminisces of having been around at the beginning despite not having made even the second generation. 1992 is so long after the old days that it counts as today. The current noise not withstanding, there are fewer non-conformance problems today than there were 1992, provided you only care abount non-conformance that causes interoperability problems with open standards. There are now plenty of public non-conformance notes, particularly compared to 1992. Open any trade rag and you'll find plenty. That they are only a little less unreliable than they are incomplete shouldn't be surprising given what they cost readers. Never mind that they cost vendors 100 times the $100 that has been proposed here, and that's assuming the vendor doesn't need to buy advertising or trade show booth space to be considered. Those of us who have been attended sessions where more complete and less reliable non-conformance notes are generated know that they cost orders of magnitude more than $100 even when admission is free, since you must spend a week or two of senior engineer time. We also know that their results are rarely public in any meaningful way, because otherwise vendors could not afford to attend. For example, one sure way to end Connectathon (is it still alive?) would be to announce that all of the results would be published. (1992 was before conformance tests? Sheesh! I think the 1992 Connectathon was one of the last that I attended. Then there is RFC 1025.) Those who want any sort of conformance noting, certificating, or testing should apply to the many commercial and non-profit organizations in those businesses. All of them charge a lot more than $100 for anything but membership does. For that matter, mere membership in the non-profit consortia and forums is usually more than $1000. It is at best incredibly ironic to rail against minor Microsoft's bugs while demanding some kind of trademark certificate or conformance test. Isn't that exactly what Microsoft offers and demands for the official Windows compatibility service mark? It's one thing to be open minded and open to change for the IETF or anything. It's something else to let your brain fall out. Vernon Schryver[EMAIL PROTECTED] (In the interests of full disclosure, I encountered the net in 1972 at the console of TIP 25/DOCB. I was disconnected in the late 1970's and early 1980's. I also don't claim to have ever been in any cafeterias talking with those who were responsible, at least not until long afterwards. When I finally met some of them in the flesh, I hope I didn't pretend inside experience and insight.)
Re: Fwd: Re: IP: Microsoft breaks Mime specification
From: Kyle Lussier [EMAIL PROTECTED] ... Maybe someone in academics should organize it. ... Like UNH? If you don't know whom I'm talking about, please consider the possibility it could be good to look around before additional proposals. Vernon Schryver[EMAIL PROTECTED]
Re: Fwd: Re: IP: Microsoft breaks Mime specification
At 8:49 AM -0800 1/23/02, Kyle Lussier wrote: snip If I become a bad vendor, then people in an IETF WG can move to yank my logo. There should be a process for the yanking of the logo that is very fair, and arguably should happen over a period of time, be pretty lenient and give vendors more than ample time to do the right thing. snip Whether or not the idea is good or bad, it is not really workable within the IETF structure. IETF working groups close down after they finish their work. So if the xyz WG spends two years developing the XYZ protocol gets in into an RFC, the xyz WG usually then ceases to exist, and their may not be any other WG with a special focus on the XYZ protocol. So there will not be any WG or other group that would be appropriate to police the use of the XYZ protocol. It also would not work for WGs, after they complete their chartered work, to continue to exist just to adjudicate compliance with the relevant protocol. The IESG supervisory structure already has its hands full and could not supervise an ever growing list of WGs, and in any event 95% to 100% of the people who formed the core of a given WG would move on to other active working groups. So the idea is not something that could be easily grafted onto the IETF as it now exists. John Morris -- John Morris // CDT // http://www.cdt.org/standards --
RE: Fwd: Re: IP: Microsoft breaks Mime specification
Valdis.Kletnieks wrote: ... Microsoft's variant implementation of Kerberos however... is RFC compliant, and includes a set of interoperability notes for the defacto and predominant implementation. The fact that some people want to change the RFC to restrict the possible set of implementations to be exactly = the 10 year old one from MIT, defies the original author's expectations that the fundamental requirements would change over time as technology evolves. Tony
Re: Fwd: Re: IP: Microsoft breaks Mime specification
The only permanent bodies in the IETF are the IESG, IAB (and perhaps, depending on how you look at it, the NOMCOM, IRSG, RFC Editor and IANA). While not a member of any of these bodies, it is my belief that they would all be opposed to the imposition on them of the burden you are so zealously promoting. Well, it was just an idea. I saw support from a couple others for something like it. I'll write it off as juedge to be impractical. I would like to thank everyone for their feedback, it was thorough, novel, and intelligent. Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
I think, ultimately, this could be done. None of these are scenarios that couldn't be handled in the application, and testing would be a non-issue, because you just say my product follows IETF standards. The only worries you have are about not conforming to the IETF. But, the consensus, as I read it, seems to be that it's not what IETF is about and is impractical. That's fine, and I agree with the comments. It's just a shame there aren't better solutions to badly behaving vendors. Because the net result is that we all have to learn more products, we double our costs, we couble our expenses, and things move at half-speed. Love it or not, this is a problem we all will have to deal with, for a long time. And if not the IETF to solve this problem then who? It's easy to villify an idea that may or may not be appropriate, but we're still stuck with the same problem. Kyle Lussier AutoNOC LLC On Wed, 23 Jan 2002 12:09:30 PST, you said: You're looking at situations including: 1) Vendor X has the logo, Vendor Y hasn't applied/recieved it yet. Y has the better product, but X gets the bid. The IETF gets sued by vendor Y for conspiring to keep Y out of business, and you get sued as CIO by your shareholders for mismanagement because X turns into a boondogle. 2) Vendor X has the logo, but a *severe* bug has been found, but the logo hasn't been pulled yet. Vendor Y has had their logo pulled for a smaller infraction. Vendor Y sues you and the IETF because of unfair practices.. 3) Vendor X has the logo, but nobody has actually *verified* that their product implements the standard. Vendor Y has their logo pulled for something minor. This leads to: 3a) Vendor Y sues because nobody has tested X. 3b) Vendor X was the one who pointed out the problems in Y, and due to marketshare/influence/bribery, Y's logo got pulled while testing of X gets delayed - allowing X to get a contract that Y would have gotten otherwise. 4) You buy shrink-wrapped Z that has the logo. You subsequently find that the logo had been pulled, but of course the product wasn't recalled off the store shelves and repackaged before you bought it. You find yourself fired because you broke company policy to only buy logo'ed products. 5) Vendor Y sues because their logo gets yanked because THEIR interpretation of an RFC doesn't match the reading the WG Chair gives of the RFC, and the WC Chair happens to work for Vendor X. 6) You are cordially invited to suggest how Microsoft will brand their Outlook XP with the logo, in particular, how to keep track of all the following: 6a) Outlook XP branded as of 01/01/2002 6b) Outlook XP SP1 not branded as of 01/21/2002 because of bug 4781 6c) Outlook XP SP1+OfficeQFE:4781 branded as of release date of fix for 4781 6d) Outlook XP SP1+OfficeQFE:4781 but lacking OfficeQFE:NNN not branded as of 02/dd/2002 because of bug 6e) Outlook XP SP1+OfficeQFE:4781+OfficeQFE:NNN branded as of 03/dd/2002, but Outlook XP installs that are missing either the 4781 *or* fix are *not* branded. 6f) Outlook XP SP2 is branded, *except* if you've installed fix which breaks something, unless you've ALSO installed fix NNMM... And that's with just 3 or 4 bugfixes. Remember that a major product could have *hundreds* of bugfixes, all of which impact compliance to some extent. Enjoy. 7) Microsoft and AOL/Netscape get into a Well, *your* browser does THIS! war, with *both* sides shipping fixes and poking holes in the other's software on a daily basis, and somebody gets to track the current state of *two* browsers as per point (6) above, while both sides have lawyers breathing down your neck saying Well, if *my* bug XYZ counted, so does *their* bug QST. CIOs would still need to choose to do this of course, but, as I mentioned before, I know a number of them that are ready to strangle some of their badly behaving vendors. Again - if the CIO telling the vendor Fix it or we're going elsewhere doesn't cause the vendor to toe the line, why will Put a logo on it or we're going elsewhere do it? In the economy of today, if large implementations don't go well, as a CIO, you are out the door. IETF Compliance can go a long way torwards helping secure the jobs of our CIOs by reducing interoperability headaches and vendor standards infighting. You obviously haven't been in the industry long enough to have gotten stuck in the middle of an deployment of a certified product that won't interoperate. I'm sure most of the old-timers on this list have seen at least one case where a vendor guaranteed in writing that Version N+1 of their software would interoperate with Version N of *the same software*, but the upgrade didn't work right anyhow, since the software didn't read the guarantee -- Valdis Kletnieks Computer Systems Senior Engineer
RE: Fwd: Re: IP: Microsoft breaks Mime specification
You forgot that the ISOC funds the IETF, and currently the ISOC has financial difficulties and that its priority is to fund the IETF, which I fully support. Most of the membership money from ISOC is directed towards the IETF by the organisation members.I do not know what is the amount here, but I suspect that all platinum and gold members pay to fund IETF at USD100,000 or USD50,000 a year. I think there is already a USD1-2M fund towards the IETF... A light trademark conformance program as Kyle is proposing would allow ISOC to focus on other issues than funding the IETF, and therefore trully work on their Internet is for Everyone vision. May I remind that ISOC has only 8000 inviduals members. Kyle, I think the solution to the problem is to bring the problem to the next ISOC meeting (inet2002) and especially to the IAB. This discussion involves more people than the IETF only. You have to leave the IETF do what it does best: work on standards. But the IETF needs to agree that such trademark system could be implemented by the parent organisation: ISOC. IAB meetings and ISOC board meetings are very interesting. Kyle, attend one of them in June www.isoc.org/inet2002/ May be all people interested by the subject should meet there, discuss, and act. Check www.isoc.org Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Web site: http://www.sopac.org/ http://www.sopac.org/ Support FMaps: http://fmaps.sourceforge.net/ http://fmaps.sourceforge.net/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -Original Message- From: Peter Deutsch [mailto:[EMAIL PROTECTED]] Sent: Thursday, 24 January 2002 8:20 To: [EMAIL PROTECTED] Cc: grenville armitage; [EMAIL PROTECTED] Subject: Re: Fwd: Re: IP: Microsoft breaks Mime specification g'day, But the biggest problem here is that you've just created a $10M annual cashflow for the IETF to manage. This would be a massive infusion of cash for an entity that today runs on cookies and good will. Do you really think that you can put $10M (or gosh forbid, $10M *a year*) into a bank account without it starting to attract attention? History tells us it would immediately generate its own infrastructure to consume it (have you looked over at the DNS world recently?) - peterd
Re: Fwd: Re: IP: Microsoft breaks Mime specification
I think any attempt to get the IETF to do certification is doomed to embarrassment and failure of one form or another (quick, or slow and painful). However, the ISOC just might be interested and able to pull it off.
Re: Fwd: Re: IP: Microsoft breaks Mime specification
there's more than one kind of effectiveness. effectiveness at getting a technology deployed is quite different from effectiveness of that technology (once deployed) at supporting reliable operation for a variety of applications. keith - may i refer you to don eastlake's earlier reply? viz., the existing system is quite effective because products that don't play by the concensus rules have a much harder time thriving or even surviving. sometimes this works. as a generalization, it doesn't hold up. Just to pick a small example: MIME has been out for nearly 10 years and I'm still receiving, on a daily basis, MIME attachments that are unreadable because they lack proper content-type labelling. That's not what I would call effective. then ignore it or fix it. obviously, the pain isn't at the point where it bothers you... for myself, the program that handles my incoming mail dumps MIME-bad stuff into an audit file and then ignores it. if it was important, then whoever sent it can get on the phone... in doing this for the last 10 years, i've yet to suffer a mishap because of this... that kind of solution is easy for you or me. unfortunately, it doesn't scale to a user base of 100s of millions of people that's trying to use email to ship around attachments and wondering why they don't work. the reason I don't filter such stuff is because I want to understand the kinds of problems other folks are having. Keith
Re: Fwd: Re: IP: Microsoft breaks Mime specification
Hrm, SoUL = Software Underwriters Laboratories but I thought the UL was a distinct company in it self that other companies send stuff to for testing. So some one withe means and clout in the industy needs to take it up. Suppose could put of a website like http://www.underwriters.org... hrm www.sul.org and gear it as a contact point for software testing. At 10:08 AM 1/23/02 -0600, Alex Audu wrote: Great idea, but you also should not leave out the issue of compliance testing. May be an organization like the Underwriters Laboratories,..or some other newly formed group (opportunity,.. anyone?) could take up the role of compliance testing. Regards, Alex. Franck Martin wrote: I support the idea, what needs to be done is the IETF to come with a trademark and someone to Inform the ISOC about all this discussion and also to register this trademark... Lynn, Could you please read this thread from the IETF archives, it could be interesting for the development of ISOC/IETF. Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Web site: http://www.sopac.org/ http://www.sopac.org/ Support FMaps: http://fmaps.sourceforge.net/ http://fmaps.sourceforge.net/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -Original Message- From: Kyle Lussier [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 23 January 2002 4:04 To: Donald E. Eastlake 3rd; [EMAIL PROTECTED] Subject: Re: Fwd: Re: IP: Microsoft breaks Mime specification We need stronger enforcement of the RFC's, and we need creative thinking as to how to go about that. I like the idea of an easy in IETF Certified trademark, if you abuse it, it can be revoked, and then vendors building contracts around supporting IETF Certified products. It gives CIOs something to rattle about as well. I.e., they can require IETF Certification of products, which guarantees them standards support, as enforced by the IETF community. Just a simple precise trademark construct, with an easy-in application that costs maybe $100 per product, and supported by the IETF. That certification could be revoked down the road. IETF doesn't have to be a conformance body or litigator. It just merely needs to be the bearer of the one true mark :). Kyle Lussier AutoNOC LLC
Re: Fwd: Re: IP: Microsoft breaks Mime specification
At the minimum, such violations of IETF Standards should be formally noted in a letter from the IAB to the offending vendor, whoever that might be, when such information becomes available to the IESG or the IAB. Among other things, such notices would result in a formally recorded track record for the offending vendor, which should be made public by CC to the IETF mailing list, as these are public standards, which are of public interest and public record. This assumes that the IESG or IAB care about such violations, in the interests of promoting vendor conformance with their standards. Of course, if no one cares, then no one cares, though one might become curious about what the IETF does care about;-)... I am not suggesting that the IETF should mount a conformance police force! but it should offer more than a simple shrug of their shoulders, such as ok. i give. why?. PS: I apologize profusely to Dave and everyone else for violating my own rule against use of the Eudora Redirect Command, which always results in confusion when used as I did...\s At 08:53 -0500 22/01/02, David Farber wrote: From: Randy Bush [EMAIL PROTECTED] To: David Farber [EMAIL PROTECTED] (by way of Einar Stefferud) Cc: [EMAIL PROTECTED] Subject: Re: IP: Microsoft breaks Mime specification Date: Tue, 22 Jan 2002 14:40:41 +0100 This needs to be given some attention in the IETF...\Stef ok. i give. why? there are only a few thousand of us, far too few to fix microsoft's bugs. and we don't have the source anyway.
Re: Fwd: Re: IP: Microsoft breaks Mime specification
On Tue, 22 Jan 2002 10:30:48 PST, Einar Stefferud said: At the minimum, such violations of IETF Standards should be formally noted in a letter from the IAB to the offending vendor, whoever that might be, when such information becomes available to the IESG or the IAB. PS:I apologize profusely to Dave and everyone else for violating my own rule against use of the Eudora Redirect Command, which always results in confusion when used as I did...\s I have to wonder if the Eudora Redirect command is in violation of a standard, for its failure to re-write the headers to make the redirection clear. ;) /Valdis msg07320/pgp0.pgp Description: PGP signature