RE: namedroppers, continued

[Dean Anderson]

Every domain would have to have a public key that the public could find.
Then every mailserver would have to check every message.

And spammers could still send spam, because they are authorized to send
email from some ISP, using that ISP's domain, and that ISP mailserver will
sign their email.

Spam isn't a security problem that can be solved technically.

Spam is the exact same problem as when Randy Bush harrasses someone by
abusing his privileges as administrator. There isn't a technical solution,
other than removing the privileges. Then the new administrator could abuse
the privileges, if they were so inclined.  There isn't a technical way to
give someone privileges that they can't abuse, if so inclined.

--Dean

On Fri, 6 Dec 2002, Fred Baker wrote:

> [ post by non-subscriber.  with the massive amount of spam, it is easy to miss
>   and therefore delete posts by non-subscribers.  if you wish to regularly
>   post from an address that is not subscribed to this mailing list, send a
>   message to [EMAIL PROTECTED] and ask to have the alternate
>   address added to the list of addresses from which submissions are
>   automatically accepted. ]
>
> At 08:28 AM 12/2/2002 -0800, Hallam-Baker, Phillip wrote:
> >The only way to resolve this issue properly would be to require every
> >submission to an IETF mailing list to be cryptographically signed (PGP
> >or S/MIME), to require the subscribers to register their signing key and
> >to then filter the mail sent out on the list so that only signed mail
> >gets through.
>
> I would be in favor of that, personally, as long as we can ensure that the
> appropriate signature facility (be it RSA, PGP, or whatever) is freely
> available to all who need to use it. The issue here is not us corporate
> types who have a business reason to buy the software, it is the students
> who often lack the funds. The big issue would be the procedures for posting
> one's key to the appropriate place - what is to stop a spammer from posting
> a key and sending the spam anyway? I'm not proposing a mechanism, but
> someone who is good at such things might well find it of value.
>
> It doesn't address the "off topic" issue. As you say, that could be left to
> a working group chair equiped with formal procedures developed by consensus
> within the work group or adopted by the working group from a more general
> place (ie, the IETF could suggest a procedure, and the WG could adopt it if
> it didn't feel another procedure would be better).
>
> I have had a private exchange, over the past few days, with someone who
> wished that the IETF would please document some good spam-elimination
> procedure, so that it could be used world-wide to completely eliminate
> spam. I think that boils down to "provide a global PKI" in this solution,
> and presumes that spammers are incapable of using one. That might be a
> great research topic. Too bad nobody has ever thought of it before; we
> could really use the outcome of that research. (OK, so it's a lame attempt
> at humor...)
>
> I think it was Steve Bellovin that suggested a procedure for reducing the
> utility of spoofing source addresses in emails; if not, it was me and I
> happened to suggest something his favorite algorithm fit into, by having a
> host in each mail domain (mailid.example.com) be able to assert that its
> domain had or had not sent an email within a given recent  time period
> whose MD5 hash, when divided by  resulted in
> . I could write that up in an internet draft if folks
> think it makes sense. That would be a more global procedure that didn't
> require a PKI and only addressed spoofed addresses.
>
>
>
> --
> to unsubscribe send a message to [EMAIL PROTECTED] with
> the word 'unsubscribe' in a single line as the message text body.
> archive: 
>

RE: namedroppers, continued

[Dean Anderson]

And how much before Randy was moderator?

I'm on other large, subscriber-restricted, public lists, where this isn't
a significant problem.

--Dean

On Fri, 6 Dec 2002, Hallam-Baker, Phillip wrote:

>
> > How much spam is going to namedroppers?
>
> Well none since Randy Bush and a bunch of others turned
> on the moderator bit.
>
> The problem here is that having Randy Bush moderate is
> not a scalable solution to the problems of Spam in general.
>
>
>   Phill
>
>
>

RE: namedroppers, continued

[John C Klensin]

--On Friday, 06 December, 2002 16:22 -0700 Vernon Schryver
<[EMAIL PROTECTED]> wrote:


From: Marc Schneiders <[EMAIL PROTECTED]>



...
It might be easier to write a new protocol to succeed email,
instant messaging, mobile phones (something useful in itself)
with built-in abuse control from the start.


That's another stupid crackpot "spam solution" that just won't
go away.

You cannot have "abuse control" built into a protocol that
allows strangers to send each other mail.  Any mail protocol
that lets you receive mail from a stranger must also let the
stranger send the same message to you and to 30,000,000 of
your closest friends.  On the other hand, if you want to only
accept mail from people who are not strangers, you can use any
of the many official and ad hoc SMTP extensions to ensure you
only receive mail from them.

If your computer system, mail protocol, or whatever knows that
a stranger is not a spammer, then the stranger is not really a
stranger.


Actually, Vernon, there is a well-known, established
implementation of this approach.  It depends on no one being
able to deliver mail to anyone else except through a network of
trusted intermediaries, who are interconnected with bilateral
agreements.  Each of those intermediaries is essentially
required to authenticate any user sending a message, which they
naturally tend to do because the system strongly assumes a
per-message and per-recipient charging model with settlements
between the originating and receiving intermediary systems.

If spammers tried to use it, they would rapidly become
discouraged, first of all because the per-message charging would
destroy their "free to us, steal resources from others" business
model and second because the accounting and authentication
machinery that is essential to the business models of the
intermediary system vendors (let's call them "ADMDs" for short)
would make tracking them down fairly easy.  And, of course, the
bilateral agreements would make it fairly easy to isolate and
punish an ADMD who didn't control its spammers or pay it
settlement bills.

I suppose I can leave the name of this high-quality,
significantly overengineered, widely-deployed system as an
exercise.

Been there, wasted a lot of time, energy, and resources, gave up.

   john

RE: namedroppers, continued

[Hallam-Baker, Phillip]

Don't discount the unexloited features already supported in the deployed
base.

In particular most mail servers support inline SSL connection upgrades,
or can be upgraded to do so with minimal hassle.

Another instance in which a self signed cert is possibly sufficient
authentication - although when you consider the security you get from
upgrading the connection to SSL the price of the cert is kinda de
minimis but I'll play along with the rulling IETF assumption of millions
for hardware, not a cent for software.


Phill

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 06, 2002 3:59 PM
> To: Marc Schneiders
> Cc: Fred Baker; Hallam-Baker, Phillip; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: namedroppers, continued
>
>
> I'v been saying about need for more radical change in mail
> protocol for
> years now on mailing lists. I'd rather work on smtp itself, but some
> people who were involved in original protocol do not want any serious
> changes to what they'v done, though its clear that abuse and
> other holes
> with current system is creating too many problems.
>
> In any case, by next ietf meeting in san francisco, I'll
> bring complete
> proposal for new protocol and might even try some practical
> tests. I do still
> believe that smtp can be saved, but not without more complex
> authentication
> system during delivery of email and that can't be done with current
> protocol design or current available extension process.
>
> Also were there any discussions or more complete discription of this
> algorithm for checking if host had sent an email and if so is this
> available on website or archive to read more about? If answer
> is yes, can
> somebody send me url or approximate date of discussions so I
> could lookup
> in archives.
>
> And am I correct here in understanding what was proposed is that smtp
> conversation id be such that receiving mail server could verify with
> sender (callback?) that it deed indeed initiate the email. If
> so I do not
> quite understand how MD5 helps there, plus I see quite a few
> problems with
> creating some special mx-like record in dns just for verification. If
> this is indeed what was proposed its better to go with paul vixie's
> proposal of mailfrom dns record -
http://www.vix.com/~vixie/mailfrom.txt or
http://www.ietf.org/internet-drafts/draft-church-dns-mail-sender-02.txt

On Fri, 6 Dec 2002, Marc Schneiders wrote:

> On Fri, 6 Dec 2002, at 13:41 [=GMT-0800], Fred Baker wrote:
>
> > I think it was Steve Bellovin that suggested a procedure for
reducing the
> > utility of spoofing source addresses in emails; if not, it was me
and I
> > happened to suggest something his favorite algorithm fit into, by
having a
> > host in each mail domain (mailid.example.com) be able to assert that
its
> > domain had or had not sent an email within a given recent  time
period
> > whose MD5 hash, when divided by  resulted
in
> > . I could write that up in an internet draft
if folks
> > think it makes sense. That would be a more global procedure that
didn't
> > require a PKI and only addressed spoofed addresses.
>
> Spammers would be the first to set up your mailid host. They will have
> had years of experience to find holes in the system before you've
> convinced everyone to adopt or accept the mailid.
>
> It might be easier to write a new protocol to succeed email, instant
> messaging, mobile phones (something useful in itself) with built-in
> abuse control from the start.





smime.p7s
Description: application/pkcs7-signature

Re: IETF Sub-IP area: request for input

[Pyda Srisuresh]

I vote for DP1 - Moving the WGs back to one of the
existing permanent areas. Otherwise, the problem of
coordination with related permanent areas is likely
to get worse.

regards,
suresh

--- Alex Zinin <[EMAIL PROTECTED]> wrote:
> FYI below. (Sorry for cross-posting.)
> Please post follow-ups to [EMAIL PROTECTED]
> --
> Alex
>
> This is a forwarded message
> From: The IESG <[EMAIL PROTECTED]>
> To:
> Cc:
> Date: Wednesday, December 04, 2002, 8:08:49 AM
> Subject: IETF Sub-IP area: request for input
>
> ===8<==Original message text===
>
>
> IETF SUB-IP area
>
>  The IESG announced in November of 2000 that a new SUB-IP temporary
>  pseudo-area would be formed as a part of an effort to develop a
>  "systematic approach to dealing with what we used to describe as
>  "sub-IP" technologies." At the time the IESG said:
>
>  "Over the years the boundary between 'wires' and IP protocols has
>  become harder to define and the interaction has become more intertwined.
>  For example, what appear as 'wires' or 'circuits' in a virtual network
>  may in fact be routed datagrams in an underlying IP network. The
>  topology of dynamic underlying networks such as ATM and soon switched
>  optical networks can interact with IP-level traffic engineering and
>  routing. Additionally, with IETF technologies such as MPLS we are
>  defining a whole new class of 'wires'."
>  (http://www.ietf.org/IESG/STATEMENTS/new-area.txt)
>
>  After the December 2000 IETF meeting and taking into account the
>  discussion at that meeting the IESG formed a "temporary" SUB-IP Area.
>  IN the announcement of this action the IESG said:
>
>  "It is temporary because the IESG believes that this concentrated
>  sub-IP effort will likely be of short duration, on the order of a year
>  or two. We feel that much of the work will be done by then, and the
>  working groups closed. Any working groups that have not finished when
>  the IESG determines that the area should be closed will be moved into
>  existing the IETF areas where they seem to have the best fit." and "The
>  IESG expects to review the development process and charters, however;
>  if we conclude that this expectation is incorrect, we will need to make
>  this area more formal. At that point, the nominating committee will be
>  asked to supply dedicated area directors."
>  (http://www.ietf.org/IESG/STATEMENTS/sub_area.txt)
>
>  Although the SUB-IP working groups have made considerable progress
>  (with 7 RFCs published, another 12 IDs approved for publication, 9 IDs
>  under IESG consideration and an additional 11 IDs having been passed to
>  the ADs for their evaluation) their work is not yet done (with 53
>  working group IDs currently in progress). It does appear that some of
>  the working groups could finish the work in their charters over the next
>  6 months but it could be a lot longer for others.
>
>  Because the end is in sight for some of the working groups and since the
>  IESG had generally assumed that the area would be a temporary one and
>  the second anniversary of the creation of the SUB-IP area is next spring,
>  analysis was started in the IESG to figure out which areas would be the
>  best ones for the SUB-IP working groups to move to so that they could
>  continue their work.
>
>  As part of that analysis a SUB-IP area session was held during the IETF
>  meeting in Atlanta where this topic was discussed.
>
>  There was a spirited discussion during the session on the best path
>  forward. The opinions ranged from following the distribution of
>  working groups, to doing so with some specific changes to keeping the
>  working groups in a separate SUB-IP area. A sense of the room was
>  taken at the end of the discussion and that sense was very strongly
>  that the SUB-IP Area should become a "long-term" (the description that
>  was used during the consensus call) one and that the nomcom be asked
>  to nominate a person (or persons) to become director(s) of the SUB-IP
>  area.
>
>  To help provide more information as input for the IESG discussion we
>  would like to continue the discussion started in Atlanta on the mailing
>  list. It is our intention to keep the discussion on the future of the
>  SUB-IP area open, but short-lived, because it would be a very good idea
>  to let the nomcom know ASAP what the future holds as they need to know
>  what expertise is needed in the ADs for the existing areas and if they
>  need to search for additional people.
>
>  The IESG aim is to be able to let the nomcom know what the future of
>  the SUB-IP work is by the end of the day of Thursday Dec 12th. That
>  date was chosen because it is the date of the next IESG teleconference
>  yet it provides some time for a public discussion.
>
>  The options seem to be:
>  1/ move WGs (back) to permanent areas: migrate the SUB-IP
>  working groups to other IETF areas sometime soon, likely before next
>  summer and close the SUB-IP area. Also, reconstitute 

a personal opinion on what to do about the sub-ip area

[Scott Bradner]

for what it's worth here is my personal opionion on what we should
do in the question of the sub-ip area

I think we should go with the status quo (with the IESG selecting two
suck^H^H^H^Hvolunteers to manage the area next March)

I do not think that we can make a reasoned decision to do otherwise in the
next week.

Before Atlanta I was of the opinion that moving the WGs into other areas
was the right thing to do, not because of any particular event, but
more because we had said this was a temporary area and it was getting
to be a long temporary (but I suppose we should note that the last
temporary area (ipng) lasted 4 years)  But the feedback we got in
Atlanta has convinced me that this is not reason enough to make a change.

temporary area (ipng) lasted 4 years)  But the feedback we got in
Atlanta has convinced me that this is not reason enough to make a change.
And any move at this time to move the WGs would be seen as a slap in
the face of the quite strong (even if in a limited venue) opinion
expressed in Atlanta.

Right after Atlanta I was convinced that we should follow the consensus and
ask the nomcom to find a AD but upon refection I'm not sure that is the
right thing either - partially  because as Randy has pointed out, we do
not have a clear mission statement for such an area but mostly because
enough of the WGs are close enough to finishing up that we whould have a
quite small area in 6 months to a year and an area with only 2 or 3  
working groups seems a bit of a waste.  But if there is a long-term
future for sub-IP work in the IETF then aditional working groups may
be in the offering.  We need the time to reflect on what that future  
should be.

So I think we should continue as-is until:
1/ the WGs which will finish "soon" finish
2/ we (the IESG, IAB & ietf community) figure out what role  
   sub-ip should play in the IETF in the long term

but it would be good to hear from more of you both to the IETF list and
to the IESG directly

Scott

Re: namedroppers, continued

[Stephen Sprunk]

Vernon Schryver wrote:
> It's been years since it was possible to be amused by the number of
> people who assume that spammers are more ignorant and less competent
> than they are, and so propose spam "solutions" predicated on spammers
> being unable to register as many names, keys, identities, or whatever
> as needed or as many as everybody else can.

The problem I've seen repeatedly, including in an off-list discussion I'm
having about this topic, is people confusing authentication with
authorization.

Even if you can authenticate every sender of every piece of email, that
gains us virtually nothing -- not to mention it's a reasonably well-solved
problem, e.g. PGP, S/MIME.  As Vernon notes, spammers can create authentic
credentials just as easily as anyone else.

The devil is in determining what senders are authorized once we've
authenticated them.  My fear is the only effective solution may turn out to
be closed lists with permission grants, such as the IM services introduced
to keep spammers out.  That will greatly reduce the utility of email.

S

Re: namedroppers, continued

[Stephen Sprunk]

Paul Vixie wrote:
>> - many ISPs won't let you forward or submit mail through someone
>>   else's SMTP server, even if you have permission to do so.  so you
>>   can't forward your mail through your "home" ISP's mail server to
>>   allow the "mail from" check to work.
>
> in that case you'd be wise to not insert a MAIL-FROM MX for your
> domain.

The vast majority of users do not have the ability to make that decision.

The curious thing is that it is in an ISP's best interests _not_ to
implement this draft, since doing so will likely mark nomadic users' email
as suspect and potentially lose a customer.  Most companies only support the
"public good" to the extent it doesn't cost them any revenue.

S

Re: a personal opinion on what to do about the sub-ip area

[Joe Touch]

Scott Bradner wrote:

for what it's worth here is my personal opionion on what we should
do in the question of the sub-ip area

I think we should go with the status quo (with the IESG selecting two
volunteers to manage the area next March)

I do not think that we can make a reasoned decision to do otherwise in the
next week.

Before Atlanta I was of the opinion that moving the WGs into other areas
was the right thing to do, not because of any particular event, but
more because we had said this was a temporary area and it was getting
to be a long temporary (but I suppose we should note that the last
temporary area (ipng) lasted 4 years)  But the feedback we got in
Atlanta has convinced me that this is not reason enough to make a change.


I'll add that most of the attendees at this meeting in Atlanta were from 
the WGs themselves. It is unsurprising that the overwhelming position of 
that group is to maintain the status quo. Moving them is definitely seen 
as unwelcome change from within the groups themselves.

It would be useful to hear from the community at large regarding this 
issue, rather than letting the group decide (essentially) for itself.

FWIW, I have yet to see a substantive justification for the _creation_ 
of a new area yet. I, and others, have pointed out that the 'status quo' 
here is to let the area dissolve on schedule.

Joe

RE: namedroppers, continued

[Hallam-Baker, Phillip]

> Well, it's also the availability of the right signature
> facility in the
> myriad email clients people use.

I disagree here, I believe it is a case of supporting the
overwhelming majority of the platforms with software that
is freely available and free.

I don't believe that we should consider support for Open
Genera to be a 'must support' issue. Years ago people used
to whinge when someone sent a MIME attachment of 10K or
so because it took too long to download over a 300 baud
modem.

I don't think it is a bad thing to consider that high
bandwidth connectivity is still a constrained resource
absent in many less developed parts of the world. However
the complaints about using MIME never come from those
quarters.


> I could write that up in an internet
> draft if folks
> >think it makes sense. That would be a more global procedure
> that didn't
> >require a PKI and only addressed spoofed addresses.
> >
> Wasn't me...

The problem is not the PKI, the problem is the directory.

Deployment of PKI is easy. It is the Directory baggage that
people foisted onto PKI that is the failure. X.500 has set
us back more than the NSA crypto export regulations ever did.
LDAP merely compounds the problem, building failure on top
of failure.

We need a DNS linked PKI, not a directory linked PKI.

We need a PKI that only cares about the addresses the
applications route on. The idea of using human names for
PKI is bogus.

The directory PKI model fails for the Internet for many
reasons. First taxonomic organization is a broken concept.
No real world information is stuctured in that fashion,
not even genealogies (cousins marry cousins). The reason
that so many enterprise directory projects are fiascos
is that they are trying to fit data into a representation
that is simply inappropriate.

The other main reason that directories are a failure for
Internet PKI is that they are exclusively an internal
data resource. VeriSign has an employee directory accessible
from the inside of the company. There is no way it is
ever going to be accessible from the outside.

At the Internet level trust relationships are complex,
they are certainly not hierarchical. Trying to store that
data in a taxanomic sturcture then do path discovery is
nonsense on stilts.


Linking the PKI to the DNS completes the picture. I want
to send Fred Baker an email, well I had better know his
email address first. My email client can follow an SRV
record from cisco.com to find an XKMS service for cisco.com
where I can ask 'what key should I use to send an
encrypted S/MIME email to [EMAIL PROTECTED]'.

Allowing organizations to find out that [EMAIL PROTECTED] is still
working for Cisco is actually a security improvement. It
means that Office Max can shut off his personal stationary
account ordering privs the minute he leaves Cisco.


Don't reject the leverage that public key provides just
because you don't like the package people tried to wrap
arround it. The protocol you describe requires state and
is simply not deployable for large systems like hotmail.

It would be nice if the IETF could get ahead of the curve
this time instead of being the brake. We still have members
of the IESG speaking to security forums disputing the
utility of network security measures such as firewalls
even after Steve became a security area director.

We need to shift towards a comprehensive multi-level
security approach which accepts that there are problems
that cannot be addressed by the end to end argument.

Real users are saying that SPAM is their number one
internet related problem today. Classify it how you like
but deal with it with a security mentality. The spamers
are seriously degrading the utility of email. We need
a short term approach to mitigate the problem (filtering)
and long term approaches that have the potential to
put them out of business. Authenticating the good signal
is completely complimentary with rejecting the bad.

Phill



smime.p7s
Description: application/pkcs7-signature

RE: namedroppers, continued

[Dean Anderson]

This seems clever, however, it will also take significant computational
effort to verify the computational effort was actually done. Even if a
class of functions are found that are "easier" to verify than to compute,
they will no doubt still take up a significant fraction of time.

Also, all outgoing messages would need this computation, since a
mailserver does not know who it has sent mail to in the past, and whether
they are still in receipt of the verification.  So then you would only be
able to send 8000 messages a day, too.

Clearly, that doesn't scale very well.

It seems unlikely that this would change the percentage of spam, since it
would merely reduce the total amount of mail sent.

I haven't observed a recent proliferation of spam, however. Spam seems to
be level.

--Dean

On Fri, 6 Dec 2002, Ayyasamy, Senthilkumar  (UMKC-Student) wrote:
> this is the work all about (yesterday's seminar in a MIT group)
>
> " If I don't know you, and you want your e-mail to appear in my
>   inbox, then you must attach to your message an easily verified
>  "proof of computational effort", just for me and just for this
>  message.
>
> If the proof of effort requires, say, 10 seconds to compute, then the
> economics of sending spam are radically altered, as a single machine
> can send only 8,000 messages per day.
>
> The recent proliferation of spam has lead to a renewed interest in
> these ideas.  This  work is about both the choice of
> functions that can be used to yield easily verifiable proofs of
> computational effort, and architectures for implementing the proof of
> effort approach.  Filtering and/or forcing senders to pay in other
> currencies, such as human attention and money, will be covered as time
> permits"
>
>
> for more details http://research.microsoft.com/research/sv/PennyBlack
>
>
>
> --
> to unsubscribe send a message to [EMAIL PROTECTED] with
> the word 'unsubscribe' in a single line as the message text body.
> archive: 
>

Re: namedroppers, continued

[Dean Anderson]

This doesn't adequately describe backup relays.  If uunet is providing an
alternate relay service, then all or any of uunet's relays might be
providing that service. So it would have to be able to recursively look up
uunets mail-from mx's, and the mail-from mx's of any subdomains listed by
uunet.  This process might contain loops.

Additionally, the mail forwarding behavior is highly undesirable.  A large
mail site does not want to have to manually configure essentially the
whole of the internet as possible multi-stage mail relays so that its
users can forward mail from other servers to their mailbox. Indeed, even a
relatively small site would not want to do that.

However, even this approach won't stop spam, since a spammer will still be
able to use their ISP's mailservers, with a stolen, or disposable account.
There are plenty of KLEZ viruses out there, and plenty of stolen
passwords. And it won't have any effect at all on spam from real
commercial operators like Exactis who don't forge the from addresses.

Essentially, I'm convinced after years of interaction with some radical
anti-spammers that most of the non-commercial spam (and quite a lot of the
forged-address spam) is sent by anti-spammers trying to essentially
terrorize their way to some kind of technical solution that they think
exists. However, no such solution exists.  If there were such a solution,
we could prevent all kinds of evils, like government corruption,
embezzlement, misuse of all kinds of property.  But there is no substitute
for honesty and responsibility. If someone has possession of a privilege,
(however that privilege was obtained--it may have been stolen), and they
are so inclined to abuse that privilege, the only way to stop them is to
remove the privilege.

--Dean

On Sat, 7 Dec 2002, Paul Vixie wrote:

> it's difficult to imagine a mailing list for which this thread is on-topic.
>
> > I think it was Steve Bellovin that suggested a procedure for reducing the
> > utility of spoofing source addresses in emails; if not, it was me and I
> > happened to suggest something his favorite algorithm fit into, by having a
> > host in each mail domain (mailid.example.com) be able to assert that its
> > domain had or had not sent an email within a given recent  time period
> > whose MD5 hash, when divided by  resulted in
> > . I could write that up in an internet draft if folks
> > think it makes sense. That would be a more global procedure that didn't
> > require a PKI and only addressed spoofed addresses. --
>
> here was my attempt at this, which i didn't really know where to go next with:
>
>
>
>
>
>
>
>IndependentPaul Vixie (Ed.)
>Request for Comments:  Category: Experimental
>June 6, 2002
>
> Repudiating MAIL FROM
>
>Status of this Memo
>
>   This memo describes an experimental procedure for handling received
>   e-mail.  It does not specify an Internet standard of any kind.
>   Distribution of this memo is unlimited.
>
>Copyright Notice
>
>   Copyright (C) The Internet Society (2002).  All Rights Reserved.
>
>Abstract
>
>   At the time of this writing, more than half of all e-mail received by
>   the author has a forged return address, due to the total absence of
>   address authentication in SMTP (see [RFC2821]).  We present a simple
>   and backward compatible method whereby cooperating e-mail senders and
>   receivers can detect forged source/return addresses in e-mail.
>
>1 - Introduction and Overview
>
>1.1. Internet e-mail return addresses are nonrepudiable by design of the
>relevant transport protocols (see [RFC2821]).  Simply put, there is no
>cause for ANY confidence in the proposition "this e-mail came from where
>it says it came from."
>
>1.2. Irresponsible actors who wish to transmit unwanted bulk e-mail
>routinely use this designed-in lack of source/return authenticity to
>hide their point of origin, which usually involves forging a valid
>return address belonging to some highly visible and popular ISP (for
>example, HOTMAIL.COM).
>
>1.3. Recipients who wish to reject unwanted bulk e-mail containing
>forged source/return addresses are prevented from doing so since the
>addresses, as presented, are nonrepudiable by design.  Simply put, there
>would be too many false positives, and too much valid e-mail rejected,
>if one were to program an e-mail relay to "reject all e-mail claiming to
>be from HOTMAIL.COM" since, statistically, most e-mail claiming to be
>from HOTMAIL.COM is actually from somewhere else.  HOTMAIL.COM, in this
>example, is a victim of forgery.
>
>
>
>Vixie Experimental  [Page 1]
>
>RFC   Repudiating MAIL FROM May 26, 2002
>
>
>1.4. What's needed is a way to guaranty that each received e-mail
>mes

RE: namedroppers, continued

[Ketil Froyn]

On Fri, 6 Dec 2002, Ayyasamy, Senthilkumarwrote:

> If the proof of effort requires, say, 10 seconds to compute, then the
> economics of sending spam are radically altered, as a single machine
> can send only 8,000 messages per day.

Wouldn't something like this cause problems for (large/free) email
providers?  They would probably need a lot of extra hardware to do all
this computation. And until something like this is included in the
standard, the receiver must accept mail from senders that don't implement
this yet.

I personally like the idea behind qconfirm (http://smarden.org/qconfirm/)
and TMDA (http://tmda.net/). If I receive an email that I do not recognize
or otherwise find to be authentic, a mail is sent back to the sender,
requesting that they send a verification mail to a unique secret address.
When a mail is received at this secret address, the original mail is
delivered to me, and the secret address is removed. For a spammer, it is
too expensive to receive and reply to all these mails.

Ketil

Re: namedroppers, continued

[Dean Anderson]

To make them do all the work, and you do little to verify, you need a lot
of things done independently, so that a random sample can be selected that
is much smaller than the work they had to do. This will get bulky.  The
less they send, the larger the fraction of work you have to do in relation
to theirs.  And of course, you have to do the same amount of work on your
outgoing messages as they do.

The result is that it costs you much more than it costs the spammer.
(since you have to do the work for both sending and receiving, and the
spammer only has to do the work for sending.

This would not result in a reduction of spam, as a percent of total mail.
If everyone used this, it might (at best or worst) reduce the total mail
sent, since the billions of legitimate messages sent each day would
require significantly more work to send.

Further, it would open one up to a denial of service type attack where
garbage is sent, and you have to do the work to check the (invalid)
signature, thereby wasting your cpu resources.

Essentially, this shoots oneself in the foot. Or perhaps the CPU.

--Dean

On Sat, 7 Dec 2002, Steven M. Bellovin wrote:

> In message <[EMAIL PROTECTED]>, Dean An
> derson writes:
> >This seems clever, however, it will also take significant computational
> >effort to verify the computational effort was actually done. Even if a
> >class of functions are found that are "easier" to verify than to compute,
> >they will no doubt still take up a significant fraction of time.
>
> In fact, that's the easy part.  You could demand that the sender
> compute 1,000,000 HMACs of the text, the envelope, the time of day, and
> a counter.  The verifier could check 100 randomly-chosen ones -- if any
> fail, there's a forgery.  (Well, you probably wouldn't want those
> values, since 1,000,000 HMACs would be a lot of data to transmit.  But
> you get the general idea.)
>
>   --Steve Bellovin, http://www.research.att.com/~smb (me)
>   http://www.wilyhacker.com ("Firewalls" book)
>
>
>
> --
> to unsubscribe send a message to [EMAIL PROTECTED] with
> the word 'unsubscribe' in a single line as the message text body.
> archive: 
>

RE: namedroppers, continued

[Dean Anderson]

On Sun, 8 Dec 2002, Lloyd Wood wrote:
> "Sender pays" is good. The penny black stamp effectively introduced a
> flat-rate tax on sending letters, rather than a variable-rate tax on
> receiving them, effectively turning mail into a common good available
> to all society.

You assume this really means "the spammer pays" [more]. But that isn't the
case.  This is based on the myth that somehow the receiver pays the entire
cost of a spam message. This isn't true, and never was true. The sender is
already paying, whether they are spammer or mailing list operator, or
regular end user.  The fact is that email is so cheap that it costs almost
nothing per message to send and receive.  It gets cheaper every day, as
disks and bandwidth get cheaper and cheaper. The receiver doesn't pay any
more than the sender pays. Real commercial spam happens because the cost
of sending spam is less than the cost of sending letters or postcards.

If you artificially made email expensive, it would be expensive for list
operators and regular people as well. You mentioned a rate of one cent per
message.  That would not be enough to deter spam. A rate of ten cents per
message would still be cheaper than postal mail, and so spammers would
still exist.  Much non-commmercial spam is sent by KLEZ or Nimda viruses.
This sort of abuse would not be affected whatsoever.  Note that KLEZ
infections are already illegal.

Think how much it would cost to send out namedroppers, (and the entire
bulk of IETF standards related email) if each message to each recipient
cost, say $0.10.  Or even one cent per message per recipient.  This
proposal would essentially wipe out many if not most mailing list
operators, and most ISPs.

I made a proposal back in 1997 that would not eliminate spam, but would
keep it out of your mailbox. My proposal was rejected because radicals
demanded a complete ban on spam. In 1998, there was an opportunity to get
anti-spam legislation passed.  Unreasonable anti-spam radicals passed up
that opportunity when they insisted on unrealistic demands, and
exaggerated and factually wrong assertions about the cost of spam.  They
assumed they could "shout down" any opposition, as they shouted down more
reasonable proposals.  They were understandably and easily crushed by the
Direct Marketing Association (DMA).  You can still see my proposal at
http://www.av8.com/H.4581/better.html This proposal would have been
difficult for the DMA to challenge since they already accept these
restrictions on postal mail.  You have the radical anti-spam leadership to
thank for your spam, and the fact that you don't have a universal opt-out
list.

The anti-spam effort was for all practical purposes completely crushed
when Exactis successfully sued MAPS and demonstrated that blacklists are
subject to the Sherman Anti Trust Act and that blacklists weren't
protected by the First Amendment.  I told Vixie this would happen in 1997.
He assured me that anti-spammers could win by technical means. If it
wasn't clear that he was wrong in 1997, (and it seemed pretty obvious even
then), it is now painfully obvious that Vixie and the rest were very
wrong.

It is really time for new, reasonable, anti-spam leadership, not artifical
changes to the cost of email, or schemes to try to make sending mail more
expensive for the senders, and certainly not gyrations in the sending of
namedroppers.

Thanks to the ineptitude, lack of foresight, irrationality, and general
unreasonableness of the anti-spam leadership, spam is here to stay. It is
just a matter of degrees of how bad it will be.  I note there is some
legislation before the house and senate (HR 1017) on spam control, that
reportedly isn't opposed by the DMA. However, these only control
fraudulent spam.  HR 1017 proposes extensions of 18 USC 1030, which makes
it a fraudulent spam a crime, but the FBI probably won't bring charges for
small violations. There is no provision for a civil action.

Another bill (S.630) would require each spammer to maintain an opt-out
list.  You would have to contact each spammer, and have your email address
added to their list, one by one. There would be thousands of spammers to
contact.

Note that my proposal would had a single opt-out list (the Post Office
already maintains such a list for postal junk mail), and my proposal
probably could have been passed into law in 1998.

--Dean

RE: a personal opinion on what to do about the sub-ip area

[Vach Kompella]

Let's also let the VRRP WG decide on the fate of SIP WG documents, the CALSCH WG
decide on the fate of OSPF WG docs...  Let's particularly ignore the fact that
the folks closest to the issues have the most interest in getting the best
possible outcome.

You might not think that's a fair analogy, but it's really the constituents who
are most impacted by the decision, not the IETF as a whole.  I'm not sure why
the other IETF WGs or areas would as a whole care about SUBIP, except on
principle.  And it's not like they don't have a voice (this mailing list and
particularly the plenaries).

I think the request for comments might be targeted at a slightly larger audience
(other WGs in the Routing Area, Transport Area, Operations Area, perhaps) whose,
since not everyone subscribes to the spam abatement, er, ietf mailing list.

-Vach

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joe
> Touch
> Sent: Monday, December 09, 2002 10:34 AM
> To: Scott Bradner
> Cc: [EMAIL PROTECTED]
> Subject: Re: a personal opinion on what to do about the sub-ip area
>
>
> Scott Bradner wrote:
> > for what it's worth here is my personal opionion on what we should
> > do in the question of the sub-ip area
> >
> > I think we should go with the status quo (with the IESG selecting two
> > volunteers to manage the area next March)
> >
> > I do not think that we can make a reasoned decision to do otherwise in the
> > next week.
> >
> > Before Atlanta I was of the opinion that moving the WGs into other areas
> > was the right thing to do, not because of any particular event, but
> > more because we had said this was a temporary area and it was getting
> > to be a long temporary (but I suppose we should note that the last
> > temporary area (ipng) lasted 4 years)  But the feedback we got in
> > Atlanta has convinced me that this is not reason enough to make a change.
>
> I'll add that most of the attendees at this meeting in Atlanta were from
> the WGs themselves. It is unsurprising that the overwhelming position of
> that group is to maintain the status quo. Moving them is definitely seen
> as unwelcome change from within the groups themselves.
>
> It would be useful to hear from the community at large regarding this
> issue, rather than letting the group decide (essentially) for itself.
>
> FWIW, I have yet to see a substantive justification for the _creation_
> of a new area yet. I, and others, have pointed out that the 'status quo'
> here is to let the area dissolve on schedule.
>
> Joe
>
>
>

Re: a personal opinion on what to do about the sub-ip area

[Joe Touch]

Vach Kompella wrote:

Let's also let the VRRP WG decide on the fate of SIP WG documents, the CALSCH WG
decide on the fate of OSPF WG docs...  Let's particularly ignore the fact that
the folks closest to the issues have the most interest in getting the best
possible outcome.


We don't let WGs decide the fate of WG docs; the IESG and RFC editors do 
that. The WGs make their - sometimes myopic - decisions, and the IESG 
decides how to proceed for the community.

By closer analogy, we certainly don't let BOFs decide whether to be WGs 
themselves.

Joe

RE: a personal opinion on what to do about the sub-ip area

[Vach Kompella]

Here's my personal opinion.

I think we have two suck^H^H^H^Hvolunteers :-)

I think the area's WGs need ADs who have been close enough to keep the
continuity of relations with other standards bodies, the past work, etc.

Regarding whether there is a need for an area long-term, it would depend on how
we foresee the charter of each WG developing.

ccamp: no opinion, since I haven't been keeping pace
gsmp: their work is nearly done (according to my interpretation of Avri's
comments)
ipo: no opinion, since I haven't been keeping pace
mpls: long-term
ppvpn: possibly long-term
tewg: their work is nearly done too (from the tewg minutes posted by Jim Boyle)

We "don't have visibility into the next year", so we should keep the area as is,
which would allow the greatest progress in those WGs that are close to done.  We
will also know better what to do with the remaining WGs.  If at that point,
there's still work to be done, but not enough long-term WGs to warrant an area,
I am perfectly happy to close the area, and move ccamp and mpls to RTG and ppvpn
to (TSV | RTG).

-Vach

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott
> Bradner
> Sent: Monday, December 09, 2002 8:28 AM
> To: [EMAIL PROTECTED]
> Subject: a personal opinion on what to do about the sub-ip area
>
>
>
> for what it's worth here is my personal opionion on what we should
> do in the question of the sub-ip area
>
> I think we should go with the status quo (with the IESG selecting two
> suck^H^H^H^Hvolunteers to manage the area next March)
>
> I do not think that we can make a reasoned decision to do otherwise in the
> next week.
>
> Before Atlanta I was of the opinion that moving the WGs into other areas
> was the right thing to do, not because of any particular event, but
> more because we had said this was a temporary area and it was getting
> to be a long temporary (but I suppose we should note that the last
> temporary area (ipng) lasted 4 years)  But the feedback we got in
> Atlanta has convinced me that this is not reason enough to make a change.
>
> temporary area (ipng) lasted 4 years)  But the feedback we got in
> Atlanta has convinced me that this is not reason enough to make a change.
> And any move at this time to move the WGs would be seen as a slap in
> the face of the quite strong (even if in a limited venue) opinion
> expressed in Atlanta.
>
> Right after Atlanta I was convinced that we should follow the consensus and
> ask the nomcom to find a AD but upon refection I'm not sure that is the
> right thing either - partially  because as Randy has pointed out, we do
> not have a clear mission statement for such an area but mostly because
> enough of the WGs are close enough to finishing up that we whould have a
> quite small area in 6 months to a year and an area with only 2 or 3
> working groups seems a bit of a waste.  But if there is a long-term
> future for sub-IP work in the IETF then aditional working groups may
> be in the offering.  We need the time to reflect on what that future
> should be.
>
> So I think we should continue as-is until:
> 1/ the WGs which will finish "soon" finish
> 2/ we (the IESG, IAB & ietf community) figure out what role
>sub-ip should play in the IETF in the long term
>
> but it would be good to hear from more of you both to the IETF list and
> to the IESG directly
>
> Scott
>
>

Re: namedroppers, continued

[Vernon Schryver]

> From: "Stephen Sprunk" <[EMAIL PROTECTED]>

> ...
> The problem I've seen repeatedly, including in an off-list discussion I'm
> having about this topic, is people confusing authentication with
> authorization.
> ...

Yes, that's a good way of putting the problem, but only for those able
and willing to see the differences among authorization, authentication,
confidentiality, non-repudiation, and so forth.

It's sad that weak as dishwater authentication as authorization (and
everything else) snake oil sells so well, as witnessed by Verisign's
PKI and Microsoft's ActiveX.


>   ...My fear is the only effective solution may turn out to
> be closed lists with permission grants, such as the IM services introduced
> to keep spammers out.  That will greatly reduce the utility of email.

That has already happened about as much as it is going to happen or
could happen, as witnessed by the IETF lists.  The variations in
effectiveness and mechanisms among the IETF lists are minor details.
The notion of limiting submissions to known authors was once very
controversial here, but it's now accepted as necessary and desirable.
I don't see any reduction in  utility as a result.

Individual mailboxes differ.  Because people value its utility, personal
addresses will continue to accept mail from strangers who might be
sending the same message to 100,000 others.  Various technical and
administrative defenses will limit spam.

Except for those few of us who are obsessed with spam, filters that
are sufficent and require little effort will be used.  Popular choices
will be what people can do for themselves such as private and DNS white-
and blacklists, SpamAssassin, Brightmail, Postinni, Cloudmark/Razor, and
the DCC.  ("Do for themselves" includes hiring a competent ISP.)  Filters
that require joint actions by the sender and receiver, including the
computing-cost and authenticating DNS RR proposals, will never be popular.
Because they won't be popular, installations that start to use them will
switch to sufficient equivalents such as simple white-listing.  Sufficient
existing protocols are never vulnerable to slightly better replacements.

Joint action is an enormous barrier.  It is a cost that is justified
only in special cases.  That is why we are not routinely using PGP or
S-MIME for our private mail.  That's also why I see many more SMTP-TLS
connections to my SMTP server than I expected (many including from
spammers), and why almost none of them are authenticated.  To use
SMTP-TLS you need only install and configure a current SMTP server.
To use authenticated SMTP-TLS, you must use PKI or exchange keys.


Vernon Schryver[EMAIL PROTECTED]

RE: a personal opinion on what to do about the sub-ip area

[Fred Baker]

At 11:15 AM 12/9/2002 -0800, Vach Kompella wrote:

Let's also let the VRRP WG decide on the fate of SIP WG documents, the 
CALSCH WG decide on the fate of OSPF WG docs...  Let's particularly ignore 
the fact that the folks closest to the issues have the most interest in 
getting the best possible outcome.

AFAIK, we're not discussing document status; we're discussing working 
groups and the area that contains them. The documents will be published. 
And by the way, what do you think a "last call" is? We *do* in fact ask 
folks to comment on drafts being published outside their immediate area of 
concern.

As presented, we are discussing six working groups (ccamp, gsmp, ipo, mpls, 
ppvpn, and tewg), down from an original nine if memory serves, and of which 
four are likely to complete their work and dissolve during the coming year 
anyway. So we're really talking about two working groups: ccamp and mpls. 
The comparison is to Transport (27 working groups, up from a year ago) or 
Security (17 working groups), and User Services (now closed, with both of 
its working groups).

If there were new working groups spawning here, one might be able to argue 
that there is work justifying asking one or two people to dedicate their 
time as area directors to managing the working groups. It seems to me that 
moving the two continuing-to-be-active working groups to an active home 
when the others close is just good-management-101. If we're going to keep 
the area open, there needs to be a solid justification for doing so, and 
it's not there. 

Reminder: Deadline for input on sub-ip discussion

[Harald Tveit Alvestrand]

All,

On Wed Dec 4th, we asked for input to help us decide on the future of
the SUB-IP Area. See our posting at

 http://www.ietf.org/mail-archive/ietf/Current/msg18370.html

We had a large majority of people at the SUBIP Area meeting in Atlanta
expressing that they want the area to be long(er) lived. This will be part
of our input.

But we need/want to hear from the IETF community. So please express
your opionion (and the reasoning behind it) asap on [EMAIL PROTECTED], but 
certainly before Thursday Dec 12th 10am US Eastern time.

As expressed in the above posting (with data points and discussion 
included),
the 3 choices for the SUB-IP Area seem to be:

 1/ move WGs (back) to permanent areas: migrate the SUB-IP
working groups to other IETF areas sometime soon, likely before next
summer and close the SUB-IP area. Also, reconstitute the SUB-IP (and/or
other) directorates to ensure the continued coordination between the
remaining WGs.

 2/ establish a long-term area: decide that the SUB-IP
area will be a long-term one, clearly define its charter, and ask the
nomcom to select one or two people to be Area Directors

 3/ status quo: continue the SUB-IP Area as a temporary,
ad-hoc effort, much as it has been, with the IESG selecting two sitting
ADs to continue the effort that Bert & Scott have been doing. But maybe
give more responsibility to the working group's technical advisors,
normally the AD from the area where the working group might otherwise
live.

The opinions expressed so far seem to show clearly that the community is 
divided on the issue, with perhaps some preference for the status quo 
(alternative 3).

If you have a strong preference for one (or two) of these, and have not yet 
said so, please indicate your opinion (and your reasons) by mail to 
[EMAIL PROTECTED] before Thursday.

Thank you!

 Harald Alvestrand, for the IESG

(please repost this message where appropriate)

RE: a personal opinion on what to do about the sub-ip area

[Vach Kompella]

You normally don't get to last call without having gotten the WG's opinion on
whether it should even go to the IESG.  I think the IESG expects that due
diligence from the WG.  It has been pointed out that the sub-ip area meeting had
an majority that wished the area to continue, at least for the time being.  I
don't want that to be ignored, or dismissed as "just the choir's opinion".  The
general solicitation of input on the ietf mailing list (and, as I suggested in
my email, we should probably have included other RTG and TSV working groups -
not just those involved in SUB-IP related work), is like the last call.

I've aleady posted my personal opinion on where I think we should go with
sub-ip.  To clarify, in terms of the three options given, it's option 3 (status
quo).

I am of the opinion that if the target for 3 WGs (ipo, tewg, gsmp) is to close
soon, then keeping the area (with the same ADs) open temporarily long enough for
the continuity needed to bring stuff to closure is also good management-101.
I'm not very bullish on ppvpn closing on schedule.

I don't think ccamp and mpls will close that soon.  So, I would expect that
these two would go into RTG and ppvpn (because of its affinity to pwe3) would go
into TSV, but perhaps it may end up in RTG.

-Vach

> -Original Message-
> From: Fred Baker [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 09, 2002 12:31 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: a personal opinion on what to do about the sub-ip area
>
>
> At 11:15 AM 12/9/2002 -0800, Vach Kompella wrote:
> >Let's also let the VRRP WG decide on the fate of SIP WG documents, the
> >CALSCH WG decide on the fate of OSPF WG docs...  Let's particularly ignore
> >the fact that the folks closest to the issues have the most interest in
> >getting the best possible outcome.
>
> AFAIK, we're not discussing document status; we're discussing working
> groups and the area that contains them. The documents will be published.
> And by the way, what do you think a "last call" is? We *do* in fact ask
> folks to comment on drafts being published outside their immediate area of
> concern.
>
> As presented, we are discussing six working groups (ccamp, gsmp, ipo, mpls,
> ppvpn, and tewg), down from an original nine if memory serves, and of which
> four are likely to complete their work and dissolve during the coming year
> anyway. So we're really talking about two working groups: ccamp and mpls.
> The comparison is to Transport (27 working groups, up from a year ago) or
> Security (17 working groups), and User Services (now closed, with both of
> its working groups).
>
> If there were new working groups spawning here, one might be able to argue
> that there is work justifying asking one or two people to dedicate their
> time as area directors to managing the working groups. It seems to me that
> moving the two continuing-to-be-active working groups to an active home
> when the others close is just good-management-101. If we're going to keep
> the area open, there needs to be a solid justification for doing so, and
> it's not there.
>

Re: Reminder: Deadline for input on sub-ip discussion

[Scott W Brim]

On Mon, Dec 09, 2002 10:21:59PM +0100, Harald Tveit Alvestrand allegedly wrote:
> The opinions expressed so far seem to show clearly that the community is 
> divided on the issue, with perhaps some preference for the status quo 
> (alternative 3).

That means to me you should just leave it alone for now.  Are they
destroying the IETF's reputation?  Creating designs which make other
areas' work impossible?  If in fact half the working groups in the area
are about to finish, let them do so.  This particular problem is one
that's getting better, not worse.  We have other things that are more
urgent.

..Scott

Re: namedroppers, continued

[Valdis . Kletnieks]

On Mon, 09 Dec 2002 11:52:26 CST, Stephen Sprunk <[EMAIL PROTECTED]>  said:

> The problem I've seen repeatedly, including in an off-list discussion I'm
> having about this topic, is people confusing authentication with
> authorization.

Authentication:  Yes, you seem to be Jeffrey Dahlmer.
Authorization:   You say you'd like to borrow a steak knife?

Usually clears up the confusion in all but the most sluggish mind.. ;)

However, "authorization" usually implies "authentication" beforehand.
Does anybody  have a reference on an authorization scheme that
doesn't imply any authentication?
-- 
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech




msg09712/pgp0.pgp
Description: PGP signature

RE: a personal opinion on what to do about the sub-ip area

[Fred Baker]

At 01:38 PM 12/9/2002 -0800, Vach Kompella wrote:

It has been pointed out that the sub-ip area meeting had an majority that 
wished the area to continue, at least for the time being.  I don't want 
that to be ignored, or dismissed as "just the choir's opinion".

I don't believe it is being ignored. It is in fact a large part of the 
reason the ADs are asking this question, and BTW the fact that they asked 
the area folks the question shows an open-ness of mind. They take a lot of 
!@#$%^ from the community, I wish the community would notice when they do 
something well, and speak as loudly about it.

But I should hope that not only would the wishes of the folks in the area 
be looked at, but the wear and tear on the ADs, and the management 
principles that apply. It has to be a sensible decision on all counts, not 
just the presently-popular one.

I've aleady posted my personal opinion on where I think we should go with
sub-ip.  To clarify, in terms of the three options given, it's option 3 
(status
quo).

which is to say, wait until the work winds down, and then close the 
temporary area. I'm glad we agree on that; from your last email, it sounded 
like we didn't. If you go back and read both emails that I have posted to 
this list, I have said as much, and I think that's pretty much what Scott 
said he came down to in the end. 

Re: namedroppers, continued

[Stephen Sprunk]

Thus spake <[EMAIL PROTECTED]>
> Authentication:  Yes, you seem to be Jeffrey Dahlmer.
> Authorization:   You say you'd like to borrow a steak knife?
>
> Usually clears up the confusion in all but the most sluggish mind.. ;)

That's a very clear example, thanks.

> However, "authorization" usually implies "authentication" beforehand.
> Does anybody  have a reference on an authorization scheme that
> doesn't imply any authentication?

In a sense:  the IETF lists (and most others) use a null authentication
method, i.e. you trust whatever is in the message.  After that (null) step,
we apply weak authorization, i.e. whether the sender is on the approved
list.

I've seen lots of proposals to improve the former-- hardly difficult -- but
none for the latter.  Perhaps using precise terminology will help focus
efforts in the right area.

S

Re: a personal opinion on what to do about the sub-ip area

[Keith Moore]

> Let's particularly ignore the fact that
> the folks closest to the issues have the most interest in getting the best
> possible outcome.

increasingly often I find WGs whose definition of "the best possible
outcome" is inconsistent with, and in some cases almost diametrically
opposed to, the interests of the larger community. 

Keith

Re: namedroppers, continued

[Edward Lewis]

At 16:53 -0500 12/9/02, [EMAIL PROTECTED] wrote:

However, "authorization" usually implies "authentication" beforehand.
Does anybody  have a reference on an authorization scheme that
doesn't imply any authentication?


World readable files.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis  +1-703-227-9854
ARIN Research Engineer

Re: Reminder: Deadline for input on sub-ip discussion

[Joe Touch]

I'm in favor of 1/

3/, again, seems contradictory. The status quo is that it disappears. 
Continuing it without a fixed end date is to subversively result in 2/ 
without a clear charter definition and Nomcom participation.

To be specific, I don't think 3/ should be on the table, at least not 
without a finite extension limit. However, what do we expect to change 
in the next N months? Will all the current groups complete their 
mission? Will no new groups want to be in this area? If we can't stick 
to a deadline now, what makes us think we can stick to one in N months?

Joe

 1/ move WGs (back) to permanent areas: migrate the SUB-IP
working groups to other IETF areas sometime soon, likely before next
summer and close the SUB-IP area. Also, reconstitute the SUB-IP (and/or
other) directorates to ensure the continued coordination between the
remaining WGs.

 2/ establish a long-term area: decide that the SUB-IP
area will be a long-term one, clearly define its charter, and ask the
nomcom to select one or two people to be Area Directors

 3/ status quo: continue the SUB-IP Area as a temporary,
ad-hoc effort, much as it has been, with the IESG selecting two sitting
ADs to continue the effort that Bert & Scott have been doing. But maybe
give more responsibility to the working group's technical advisors,
normally the AD from the area where the working group might otherwise
live.

Sub-IP: A lurker's view, choose Option 1

[grenville armitage]

I haven't been involved in, or even particularly tracking, Sub-IP
efforts since the start of 2001. That makes me either irrelevant or
independent, your choice.  I was lurking around some of the Sub-IP
topics prior to November 2000, so my perspective is probably past
its 'best before' date. Nevertheless...

I suggest Sub-IP needs to fold/fade as per its original goals, and
the remaining WGs moved to regular Areas.  If a good argument can
later be made for re-constituting a Sub-IP (or similar) area, then
let that argument be made from scratch.

I think that maps most closely Harald's Option 1 (I'd pick Option 3
if it explicitly clarified that no new WGs could be added to Sub-IP,
but without the protection of such a clause I have to pick Option 1).

Why? A couple of thoughts.

 - This discussion isn't about whether the related work itself is valuable.
   It is about the utility of an entire Area dedicated to Sub-IP.
   Different things.

 - A thought: "IP networking" involves routing, transport, e2e ('internet'),
   and security issues (at least), and the IETF has Areas to deal with each. 
   In 2000 it was broadly observed that some subnetwork technologies were
   absorbing IP-ish protocols and methods (e.g. MPLS and derivatives)
   and that other virtual network technologies were being built over/around/inside
   existing "IP networks". Despite the fact that each of these work areas have
   routing, transport, and security implications we somehow decided it could
   all be handled by a single, Sub-IP Area. This has all the halmarks of a
   short-term "until we can figure out where to properly put them" solution.
   The short-term is over, now assign the work out into the appropriate routing,
   transport, internet, or security areas.

 - I'm not convinced by arguments of Sub-IP participants that their
   Area must go on (or grow on). I've been immersed enough in WG work
   before to know the temptation of self-importance. Having one's own
   area would be pretty important. But I'm not convinced these WGs
   are best served by being supported outside the other IETF areas.
   (And see point 1 above that this isn't a debate about the value, per se,
of the work being done in Sub-IP)

cheers,
gja
-- 
Grenville Armitage
http://caia.swin.edu.au

Re: namedroppers, continued

[Bill Cunningham]

I haven't personally tried myself to opt out. But I've read they have the
form. If they told you they don't have a form to sort out junk mail for you
I'd say they were full out it. I'd call the Postmaster General's office.

- Original Message -
From: "Stephen Sprunk" <[EMAIL PROTECTED]>
To: "Bill Cunningham" <[EMAIL PROTECTED]>
Sent: Monday, December 09, 2002 12:56 PM
Subject: Re: namedroppers, continued


> Can you tell me where to get this form?  When I spoke to the USPS, they
said
> they're legally obligated to deliver all junk mail addressed to me,
> regardless of whether I want it.
>
> Now, the DMA (not the USPS) does have an opt-out list you can join, but
> unfortunately that only drops about half the junk mail I get -- many local
> mailers don't join the DMA because of cost.
>
> S
>
>
> Bill Cunningham wrote:
> > How about passing a law that makes eveyone install a BIOS patch to
> > block out spam. ;-)
> >
> > On the serious side Vernon has a point. Even with snail mail you
> > can go to the post office and the USPS will provide you with a form
> > to fill out and they will not put advertisements into your mail. If
> > ISPs would only do the same. As of yet, if all else fails, deleting a
> > email box is easier and more effective than taking a ballbat to a
> > snail mail box.
> >
> > --Bill
> > - Original Message -
> > From: "Vernon Schryver" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, December 09, 2002 12:09 AM
> > Subject: Re: namedroppers, continued
> >
> >
> >>> From: [EMAIL PROTECTED]
> >>
> >>> ...
> >>> The bootstrap problem will exist no matter what scheme we decide on.
> >>
> >> There are many spam solutions that do not have the bootstrapping
> >> problem.  Examples include effective laws and honest intent and
> >> action by ISPs.  Before saying those are hopeless, please note that
> >> the many bootstrap-limited proposals don't have proven prospects.
> >>
> >>> The point I was addressing was that there's been two major classes
> >>> of scheme proposed ...
> >>
> >>> However, the partitions created by each scheme are quite
> >>> complementary, ...
> >>
> >> Your observation of how those two solutions fit together is
> >> interesting...or would be if they did not suffer from other problems.
> >>
> >>
> >>> ...
>  Moore's law causes a bunch of problems for the computing idea. ...
> >>
> >>> It may not be as big of a problem as we think.  Rough
> >>> back-of-envelope calculations now:  Let's say we assume a function
> >>> X designed to take 10 seconds of CPU on my laptop (which has a
> >>> 1.6Gz P-4 in it) to limit it to 8K messages/day.
> >>
> >> http://www.intel.com/home/desktop/pentium4/ suggests state of the
> >> commodity art is about twice that, which lets a spammer send 16K
> >> msgs/day. Moore's law is still a treadmill that you don't want to
> >> fight.
> >>
> >>>   Now, this same function will take around 2 minutes on
> >>> a 133mz processor and be restricted to 800 mails/day. ...
> >>
> >> I would put the lower limit at around 48 MHz on 80486s, or ~8 times
> >> slower than a 133 MHz Pentium.  Such machines go back less than 10
> >> years. Would you expect your conservative correspondents to spend 15
> >> minutes to send you a message, or would you just white-list them?
> >> Once you start white-listing, it's hard to have much enthusiasm for
> >> more fancier solutions.
> >>
> >>
> >>> Now how many people are still using a 133 system to do that much
> >>> outbound mail themselves (and *NOT* just relaying all outbound mail
> >>> to a smarthost)?
> >>
> >> I think recent FreeBSD and sendmail would still work fine at 48 MHz,
> >> although you probably want to stuff the thing to the gills with 64
> >> MByte of RAM, or more if it can take it.  There are many computing
> >> tasks that don't need 3 GHZ and 3 GByte.
> >>
> >> Aren't busy smarthosts significantly busier than 80K msgs/day?
> >>> From my old experience, that was true even when they were running
> >> at less than 50 MHz and with perhaps 100 MByte.
> >>
> >> Besides, no matter what inmates of glass houses and big ISPs would
> >> have you think, SMTP is a peer-to-peer protocol.  A major damage spam
> >> is doing is helping government commissars and ISP salescritters
> >> convince people that the ancient Compuserve/AOL/Prodigy/whatever
> >> dumb-terminal- connected-to-central-servers is the only way to do
> >> public networking and computing.
> >>
> >>
> > And
> >>> even *MORE* to the point, what are the chances that a system that
> >>> old will be upgraded software-wise to support a scheme, even if it
> >>> takes zero additional CPU? ...
> >>
> >> Would you whitelist it for the next 10 years?  If there are very
> >> few, white-listing works.  If not, you've got that bootstrapping
> >> problem, and you've invited the white-listing camel into your tent.
> >>
> >>
> >> Vernon Schryver[EMAIL PROTECTED]
>
>  |  | Stephen Sprunk, K5SSS, CCIE #3723
>   

RE: a personal opinion on what to do about the sub-ip area

[Gray, Eric]

THE PRESENT SET OF AREA DIRECTORS ARE DOING A GREAT JOB.
THIS IS A CONTINUATION OF A LONG STANDING TREND.

(Is that better, Fred?)

I support option 3).  I also suspect that this is not a
case of ignoring the consensus of those attending the
meeting.  Some people may feel that the best way for the
ADs involved to find relief from their awesome burdens
was to create a new directorship.  If that doesn't make
sense from their perspective, then why do it?

Eric W. Gray
Systems Architect
Celox Networks, Inc.
[EMAIL PROTECTED]
508 305 7214


> -Original Message-
> From: Fred Baker [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 09, 2002 4:54 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: a personal opinion on what to do about the sub-ip area
> 
> At 01:38 PM 12/9/2002 -0800, Vach Kompella wrote:
> >It has been pointed out that the sub-ip area meeting had an majority that
> >wished the area to continue, at least for the time being.  I don't want
> >that to be ignored, or dismissed as "just the choir's opinion".
> 
> I don't believe it is being ignored. It is in fact a large part of the
> reason the ADs are asking this question, and BTW the fact that they asked
> the area folks the question shows an open-ness of mind. They take a lot of
> !@#$%^ from the community, I wish the community would notice when they do
> something well, and speak as loudly about it.
> 
> But I should hope that not only would the wishes of the folks in the area
> be looked at, but the wear and tear on the ADs, and the management
> principles that apply. It has to be a sensible decision on all counts, not
> just the presently-popular one.
> 
> >I've aleady posted my personal opinion on where I think we should go with
> >sub-ip.  To clarify, in terms of the three options given, it's option 3
> >(status
> >quo).
> 
> which is to say, wait until the work winds down, and then close the
> temporary area. I'm glad we agree on that; from your last email, it
> sounded
> like we didn't. If you go back and read both emails that I have posted to
> this list, I have said as much, and I think that's pretty much what Scott
> said he came down to in the end.

Re: namedroppers, continued

[Matt Crawford]

> Does anybody  have a reference on an authorization scheme that
> doesn't imply any authentication?

"You will deliver the satchel to the one who presents the matching
half of this hundred-euro note."

RE: a personal opinion on what to do about the sub-ip area

[Fred Baker]

At 05:54 PM 12/9/2002 -0500, Gray, Eric wrote:

THE PRESENT SET OF AREA DIRECTORS ARE DOING A GREAT JOB.
THIS IS A CONTINUATION OF A LONG STANDING TREND.

(Is that better, Fred?)


Wunnerful. Thanks :^) 

Re: namedroppers, continued

[Valdis . Kletnieks]

On Mon, 09 Dec 2002 17:47:58 EST, Edward Lewis said:

> >Does anybody  have a reference on an authorization scheme that
> >doesn't imply any authentication?
> 
> World readable files.

We know how to do that already ;)

I was thinking more along the lines of a zero-knowledge proof or
something like that - a scheme where you can prove you're authorized to
do something(*) without having to prove who you are first.

(*) and explicitly ruling out the 'null check, everybody is allowed' case ;)

/Valdis




msg09723/pgp0.pgp
Description: PGP signature

Re: Reminder: Deadline for input on sub-ip discussion

[Loa Andersson]

Harald Tveit Alvestrand wrote:

All,

< snip >

If you have a strong preference for one (or two) of these, and have not 
yet said so, please indicate your opinion (and your reasons) by mail to 
[EMAIL PROTECTED] before Thursday.

my preferences are 2 or 3, so far i've not seen any other argument for 1
other than it was decided 2 years ago, if we really want the 3 of the
wg's to finish let them do so with re-org

i strongly doubt that ccamp, mpls and ppvpn are candidates for closing
down in 6 months

it seems like the arguments by keith, fred and joe are good arguments
for that these wg's need a focus of their own

if you believ that they are doing harm, that is not reason to re-org,
closing down would be called for

if you believe they are doing good, let them continue to do so

in neither case shuffle groups around helps

i can live with status quo

/Loa

--
Loa Andersson

Mobile  +46 739 81 21 64
Email   [EMAIL PROTECTED]

Re: namedroppers, continued

[John C Klensin]

--On Monday, 09 December, 2002 16:17 -0600 Stephen Sprunk
<[EMAIL PROTECTED]> wrote:

> Thus spake <[EMAIL PROTECTED]>
>> Authentication:  Yes, you seem to be Jeffrey Dahlmer.
>> Authorization:   You say you'd like to borrow a steak knife?
>> 
>> Usually clears up the confusion in all but the most sluggish
>> mind.. ;)
> 
> That's a very clear example, thanks.
> 
>> However, "authorization" usually implies "authentication"
>> beforehand. Does anybody  have a reference on an
>> authorization scheme that doesn't imply any authentication?
> 
> In a sense:  the IETF lists (and most others) use a null
> authentication method, i.e. you trust whatever is in the
> message.  After that (null) step, we apply weak authorization,
> i.e. whether the sender is on the approved list.

Actually, it is a very common situation:

Think about almost any case in which possession of a token
authorizes one to do something, but no identification/
authentication is implied.  For what is perhaps one of the older
examples, can you go to a store where you are not known, in some
part of your country where you are not frequently present, and
buy something.  Of course you can: you pass an authorization
token, typically called "cash" across the counter and get some
merchandise in return.  The quantity of tokens you possess and
their value even determines the extent of your authorization.

Credit card companies often draw an analogy to that situation,
which is one of the reasons they have stayed far out of the
_public_ part of the PKI business: they don't really care who
you are, or who uses the credit card, as long as the bill gets
paid.  Anything they do or require that involves authentication
has to do with the "the bill will get paid without protest"
property, not your identity.

 john

Re: a personal opinion on what to do about the sub-ip area

[Alex Zinin]

FWIW, I support Scott's suggestion. We went somewhat different paths,
but finally came to the same conclusion. I'm personally skeptical at
this moment about SUB-IP becoming a permanent area (area overlaps,
mission statement, expected number of WGs, etc.), but we did hear in
Atlanta a strong message from the SUB-IP community against closing the
area at this time. IMO our best shot now is to continue as is, and
revisit the question in a year or when the situation with "about-to-
conclude" WGs clarifies.

Alex

Monday, December 09, 2002, 8:27:43 AM, Scott Bradner wrote:
> for what it's worth here is my personal opionion on what we should
> do in the question of the sub-ip area

> I think we should go with the status quo (with the IESG selecting two
> suck^H^H^H^Hvolunteers to manage the area next March)

> I do not think that we can make a reasoned decision to do otherwise in the
> next week.

> Before Atlanta I was of the opinion that moving the WGs into other areas
> was the right thing to do, not because of any particular event, but
> more because we had said this was a temporary area and it was getting
> to be a long temporary (but I suppose we should note that the last
> temporary area (ipng) lasted 4 years)  But the feedback we got in
> Atlanta has convinced me that this is not reason enough to make a change.

> temporary area (ipng) lasted 4 years)  But the feedback we got in
> Atlanta has convinced me that this is not reason enough to make a change.
> And any move at this time to move the WGs would be seen as a slap in
> the face of the quite strong (even if in a limited venue) opinion
> expressed in Atlanta.

> Right after Atlanta I was convinced that we should follow the consensus and
> ask the nomcom to find a AD but upon refection I'm not sure that is the
> right thing either - partially  because as Randy has pointed out, we do
> not have a clear mission statement for such an area but mostly because
> enough of the WGs are close enough to finishing up that we whould have a
> quite small area in 6 months to a year and an area with only 2 or 3  
> working groups seems a bit of a waste.  But if there is a long-term
> future for sub-IP work in the IETF then aditional working groups may
> be in the offering.  We need the time to reflect on what that future  
> should be.

> So I think we should continue as-is until:
> 1/ the WGs which will finish "soon" finish
> 2/ we (the IESG, IAB & ietf community) figure out what role  
>sub-ip should play in the IETF in the long term

> but it would be good to hear from more of you both to the IETF list and
> to the IESG directly

> Scott

Re: namedroppers, continued

[Ofer Inbar]

[EMAIL PROTECTED] wrote:
> Does anybody  have a reference on an authorization scheme that
> doesn't imply any authentication?

From:-line based email filters.

  --  Cos (Ofer Inbar)  --  [EMAIL PROTECTED] http://cos.polyamory.org/
  --  WBRS (100.1 FM)   --  [EMAIL PROTECTED] http://www.wbrs.org/
   "OSI is a beautiful dream, and TCP/IP is living it!"
 -- Einar Stefferud <[EMAIL PROTECTED]>, IETF mailing list, 12 May 1992

Re: IETF Sub-IP area: request for input

[Paul Hoffman / IMC]

A few more issues for this discussion:

- The statement that some of the WGs in the SubIP area are about to 
finish up may be deceptive. Some of the WGs are accepting new 
proposals on wide-ranging topics. Some of the proposals that are 
within the charters are bogged down in personal/political hassles 
that are only apparent in the hallways, not on the mailing lists. In 
other words, they are similar to many WGs in other areas of the IETF.

- So far, every message has miscounted the number of WGs in the area 
by one. PWE3, even though it is in Transport, is very clearly a SubIP 
WG. I have yet to speak to anyone who could clearly say why PWE3 is 
not part of SubIP (the fact that it "affects" transport is silly: all 
SubIP technologies will affect transport). And it is nowhere near 
finishing.

- There are other WGs that are not in SubIP but have many of the 
characteristics that people in this thread have been talking about. 
There is a real question about why is the IETf working on IPoverFoo 
for any given Foo. The charters for IPCDN and IPOIB and IPORPR 
indicate that they are covering layer 2 technologies carrying IP. If 
IPO is part of SubIP, these should be as well.

- The "wait for some of the WGs to wind down before acting" 
suggestions are based on the theory that the WGs will wind down. It 
is odd to hear that from people with lots of IETF experience.


The SubIP area experiment should be terminated because it didn't 
reach any appreciable results in the allotted time. Further, the IESG 
should decide for all of the WGs currently in what is really SubIP 
(that is: ccamp, gsmp, ipcdn, ipo, ipoib, iporpr, mpls, ppvpn, pwe3, 
tewg), which area is actually appropriate for each WG. It's likely 
that the answer will be "well, it doesn't really fit anywhere 
sensibly in the current IETF area structure".

That's a pretty significant answer. Fortunately, there is a solution, 
which is to disband the WGs and let the industry trade associations 
that are dealing with the topics take over the work. The MPLS Forum 
is an obvious place for the MPLS-related work. ipo could go to the 
Optical Internetworking Forum, iorpr can go to the Resilient Packet 
Ring Alliance, and so on. These are organizations that have funded 
secretariats, existing technical committees, and so on.

Keeping these WGs in the IETF has a real cost, namely on the time of 
the IESG and the IETF Secretariat. It is probably better to let 
groups whose primary focus is the named technology do the work.

--Paul Hoffman, Director
--Internet Mail Consortium

Re: Reminder: Deadline for input on sub-ip discussion

[Michael Richardson]

-BEGIN PGP SIGNED MESSAGE-


> "Harald" == Harald Tveit Alvestrand <[EMAIL PROTECTED]> writes:
Harald>   2/ establish a long-term area: decide that the SUB-IP
Harald>  area will be a long-term one, clearly define its charter, and ask the
Harald>  nomcom to select one or two people to be Area Directors

Harald>   3/ status quo: continue the SUB-IP Area as a temporary,
Harald>  ad-hoc effort, much as it has been, with the IESG selecting two 
sitting
Harald>  ADs to continue the effort that Bert & Scott have been doing. But 
maybe
Harald>  give more responsibility to the working group's technical advisors,
Harald>  normally the AD from the area where the working group might otherwise
Harald>  live.

  I prefer #3 for the next year.

  However, I would prefer that we change:

IESG selecting two sitting ADs to continue 
to
IESG selecting two people as ADs

  
  That is, the IESG could select people who aren't currently sitting ADs. (or
they can select sitting ADs)

]   ON HUMILITY: to err is human. To moo, bovine.   |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [



  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPfUnDoqHRg3pndX9AQEghQQA57ZhokVCkMDIt8Xix4yu1tjCQEb9JmcD
ksrpBr60p3dN5TKnGiHn+qPX6cX0J1PSiiPckkLjN6x1HiKDScxEFncOIeWhx9L0
Zo6dDQIP64Abg4OsF3qiKEOgr5t5QOoMyr1By7f6Q97/iF8KzPQznLmASm+diipd
Oy7Y08BefpU=
=UHO4
-END PGP SIGNATURE-

Re: namedroppers, continued

[Dave Crocker]

Stephen,


Monday, December 9, 2002, 9:52:26 AM, you wrote:
Stephen> The devil is in determining what senders are authorized once we've
Stephen> authenticated them.

The concept of being "authorized" to send someone mail has good logic, but
goes against established human communication practises for mail and
telephone.  (Filtering is common to both, but is different from
"authorization".)

Some time ago, Mike O'Dell put forward the idea of "accountable", in the
sense of being able to reach back to the sender, to hold them accountable
for their actions.

The general idea behind pursuing simple authentication presumes that the
really nasty spammers would not want to be identified.  It's not clear how
valid this presumption really would be.

d/
-- 
 Dave Crocker  
 TribalWise 
 t +1.408.246.8253; f +1.408.850.1850

RE: a personal opinion on what to do about the sub-ip area

[Tony Hain]

My question is, what harm will be done to the WG's ability to deliver
and close by moving them? If there were are real need for cross group
coordination within the sub-IP area, that would be a little clearer.
Instead we have a situation where these groups need to coordinate with a
real area to accomplish their work, but feel they need dedicated area
directors to do that. 

The only reason I can see that this would make any difference is if the
AD's in the natural home area were particularly critical of the work. If
that were the case, it would be difficult to coordinate with that area
as the charter requires, so I can't see that it really matters in the
long run. The only real gain here is the ability to run along under the
'natural home' AD's radar until the IESG gets the doc. That could be
good because it allows the group to bake the ideas before being
criticized, but it could also be bad because it makes the whole IESG
look like the bad guys when a doc is rejected after WG last call. 

If the groups are really expected to close within a year anyway, they
must be sufficiently far along that a change in management will not
derail their efforts. If that is not the case, how would they survive if
sub-IP were a standing area and the nomcom decided to change the AD? 

In any case, I believe the burden of proof needs to be on those who want
the area continued as to why close coordination between the WGs is a
more expedient approach to task completion than simply putting them back
in their natural homes.

Tony


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On 
> Behalf Of Alex Zinin
> Sent: Monday, December 09, 2002 3:17 PM
> To: Scott Bradner
> Cc: [EMAIL PROTECTED]
> Subject: Re: a personal opinion on what to do about the sub-ip area
> 
> 
> 
> FWIW, I support Scott's suggestion. We went somewhat 
> different paths, but finally came to the same conclusion. I'm 
> personally skeptical at this moment about SUB-IP becoming a 
> permanent area (area overlaps, mission statement, expected 
> number of WGs, etc.), but we did hear in Atlanta a strong 
> message from the SUB-IP community against closing the area at 
> this time. IMO our best shot now is to continue as is, and 
> revisit the question in a year or when the situation with 
> "about-to- conclude" WGs clarifies.
> 
> Alex
> 
> Monday, December 09, 2002, 8:27:43 AM, Scott Bradner wrote:
> > for what it's worth here is my personal opionion on what we 
> should do 
> > in the question of the sub-ip area
> 
> > I think we should go with the status quo (with the IESG 
> selecting two 
> > suck^H^H^H^Hvolunteers to manage the area next March)
> 
> > I do not think that we can make a reasoned decision to do 
> otherwise in 
> > the next week.
> 
> > Before Atlanta I was of the opinion that moving the WGs into other 
> > areas was the right thing to do, not because of any 
> particular event, 
> > but more because we had said this was a temporary area and it was 
> > getting to be a long temporary (but I suppose we should 
> note that the 
> > last temporary area (ipng) lasted 4 years)  But the 
> feedback we got in 
> > Atlanta has convinced me that this is not reason enough to make a 
> > change.
> 
> > temporary area (ipng) lasted 4 years)  But the feedback we got in 
> > Atlanta has convinced me that this is not reason enough to make a 
> > change. And any move at this time to move the WGs would be 
> seen as a 
> > slap in the face of the quite strong (even if in a limited venue) 
> > opinion expressed in Atlanta.
> 
> > Right after Atlanta I was convinced that we should follow the 
> > consensus and ask the nomcom to find a AD but upon 
> refection I'm not 
> > sure that is the right thing either - partially  because as 
> Randy has 
> > pointed out, we do not have a clear mission statement for 
> such an area 
> > but mostly because enough of the WGs are close enough to 
> finishing up 
> > that we whould have a quite small area in 6 months to a 
> year and an area with only 2 or 3
> > working groups seems a bit of a waste.  But if there is a long-term
> > future for sub-IP work in the IETF then aditional working groups may
> > be in the offering.  We need the time to reflect on what 
> that future  
> > should be.
> 
> > So I think we should continue as-is until:
> > 1/ the WGs which will finish "soon" finish
> > 2/ we (the IESG, IAB & ietf community) figure out 
> what role  
> >sub-ip should play in the IETF in the long term
> 
> > but it would be good to hear from more of you both to the IETF list 
> > and to the IESG directly
> 
> > Scott
> 
> 

RE: a personal opinion on what to do about the sub-ip area

[Vach Kompella]

And is that because members of the "larger" community were not allowed to
participate in those WGs whose decisions adversely impacted their interests?
Because, by your assertion, if they had participated, they would have been part
of making the WG decision, which would therefore not have been in the interest
of that remaining larger community :-)

-Vach

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 09, 2002 11:55 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: a personal opinion on what to do about the sub-ip area
>
>
> > Let's particularly ignore the fact that
> > the folks closest to the issues have the most interest in getting the best
> > possible outcome.
>
> increasingly often I find WGs whose definition of "the best possible
> outcome" is inconsistent with, and in some cases almost diametrically
> opposed to, the interests of the larger community.
>
> Keith
>

Re: a personal opinion on what to do about the sub-ip area

[Keith Moore]

> And is that because members of the "larger" community were not allowed to
> participate in those WGs whose decisions adversely impacted their interests?

I've certainly seen such participation discouraged, and the contributions
of "outside" participants dismissed as irrelevant, by even working group 
chairs.  I've also seen working groups drastically exceed, and in some
cases ignore, charters which were designed to limit the harm they
could do.

And your argument is a fallacy.  The workings of special interest groups can 
and often do have a significant effect on the general population, but nobody 
can afford the time and energy it takes to keep track of every special 
interest group that might affect him.

Keith

Re: a personal opinion on what to do about the sub-ip area

[Eliot Lear]

increasingly often I find WGs whose definition of "the best possible
outcome" is inconsistent with, and in some cases almost diametrically
opposed to, the interests of the larger community. 

I have two problems with this statement.  First, while I am all for 
being critical of our processes for the purposes of improving them, we 
as a group should avoid making these sorts of generalizations.  Say what 
you will about Dan Bernstein.  At least his complaints are specific and 
backed up.

Second, I believe the complaints that are alluded to have been raised 
again and again and again.  Can we as a community learn to agree to 
disagree on points of architecture, once decisions have been made?

Eliot

Re: a personal opinion on what to do about the sub-ip area

[Eric Rosen]

> The  workings  of  special  interest  groups  can  and  often  do  have  a
> significant effect  on the general  population, but nobody can  afford the
> time and  energy it takes  to keep track  of every special  interest group
> that might affect him.

Often  it  seems as  though  the  WGs reflect  the  broad  consensus of  the
community, and the IESG is the special interest group.

Re: a personal opinion on what to do about the sub-ip area

[Keith Moore]

> > increasingly often I find WGs whose definition of "the best possible
> > outcome" is inconsistent with, and in some cases almost diametrically
> > opposed to, the interests of the larger community.
> 
> I have two problems with this statement.  First, while I am all for
> being critical of our processes for the purposes of improving them, we
> as a group should avoid making these sorts of generalizations.  Say what
> you will about Dan Bernstein.  At least his complaints are specific and
> backed up.

Sometimes it's better to be imprecise than to point fingers and name names.
However I am seriously considering pointing fingers and naming names.

> Second, I believe the complaints that are alluded to have been raised
> again and again and again.  Can we as a community learn to agree to
> disagree on points of architecture, once decisions have been made?

Oh, you're talking about *that* group.  I had almost forgotten about them.

Keith

Re: a personal opinion on what to do about the sub-ip area

[Keith Moore]

> > The  workings  of  special  interest  groups  can  and  often  do  have  a
> > significant effect  on the general  population, but nobody can  afford the
> > time and  energy it takes  to keep track  of every special  interest group
> > that might affect him.
> 
> Often  it  seems as  though  the  WGs reflect  the  broad  consensus of  the
> community, and the IESG is the special interest group.

In my experience, IESG has tremendous breadth - considerably exceeding that 
of any single WG.

Keith 

Re: a personal opinion on what to do about the sub-ip area

[grenville armitage]

Eric Rosen wrote:
[..]
> Often  it  seems as  though  the  WGs reflect  the  broad  consensus of  the
> community, and the IESG is the special interest group.

Given that the IETF *is* a special interest group, I take this as a feature
rather than a bug.

cheers,
gja

Re: Reminder: Deadline for input on sub-ip discussion

[Yu-Shun Wang]

Michael Richardson wrote:


-BEGIN PGP SIGNED MESSAGE-



>"Harald" == Harald Tveit Alvestrand  writes:

Harald>   2/ establish a long-term area: decide that the SUB-IP
Harald>  area will be a long-term one, clearly define its charter, and 
ask the
Harald>  nomcom to select one or two people to be Area Directors

Harald>   3/ status quo: continue the SUB-IP Area as a temporary,
Harald>  ad-hoc effort, much as it has been, with the IESG selecting 
two sitting
Harald>  ADs to continue the effort that Bert & Scott have been doing. 
But maybe
Harald>  give more responsibility to the working group's technical 
advisors,
Harald>  normally the AD from the area where the working group might 
otherwise
Harald>  live.

  I prefer #3 for the next year.

The problem with #3 is that there is no timeline of any sort in this option.

While option #1 (quoted below) sounds severe, it does not close all the door
for Sub-IP. It just forces IETF as a community to rethink whether those
remaining wgs (or anything else people come up with then) belong to IETF or not,
and if they do, where. I believe this was why the Sub-IP area was marked
temporary when it was created; to force us to re-examine the issues now.


 1/ move WGs (back) to permanent areas: migrate the SUB-IP
working groups to other IETF areas sometime soon, likely before next
summer and close the SUB-IP area. Also, reconstitute the SUB-IP (and/or
other) directorates to ensure the continued coordination between the
remaining WGs. 


Status quo (#3) merely delays this discussion indefinitely because of the
lack of a timeline and, as Grenville pointed out in his email, no protection
against adding new wgs into Sub-IP area.

I prefer option #1, and if there are reasons IETF should have a Sub-IP
area, they should be argued assuming the area is closed.

yushun.




  However, I would prefer that we change:

	IESG selecting two sitting ADs to continue
to
	IESG selecting two people as ADs


  That is, the IESG could select people who aren't currently sitting ADs. (or
they can select sitting ADs)

]   ON HUMILITY: to err is human. To moo, bovine.   |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


		

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPfUnDoqHRg3pndX9AQEghQQA57ZhokVCkMDIt8Xix4yu1tjCQEb9JmcD
ksrpBr60p3dN5TKnGiHn+qPX6cX0J1PSiiPckkLjN6x1HiKDScxEFncOIeWhx9L0
Zo6dDQIP64Abg4OsF3qiKEOgr5t5QOoMyr1By7f6Q97/iF8KzPQznLmASm+diipd
Oy7Y08BefpU=
=UHO4
-END PGP SIGNATURE-




--

Yu-Shun Wang <[EMAIL PROTECTED]>   Information Sciences Institute
   University of Southern California

Re: IETF Sub-IP area: request for input

[Lars Eggert]

Paul Hoffman / IMC wrote:


- The statement that some of the WGs in the SubIP area are about to
finish up may be deceptive. Some of the WGs are accepting new 
proposals on wide-ranging topics. 

This is an important point. An example is PPVPN, which is chartered to 
work on specification of requirements, with new protocol work being 
explicitly out-of-scope.

However, some current PPVPN IDs (and several more targetted at it) read 
more like solution documents for various existing vendor schemes, 
specifying packet headers and MIBs. Another indication is that those IDs 
 aim at standards track, whereas requirements documents would more 
naturally fall under Informational or maybe BCP.

So PPVPN at least seems quite happy to go out-of-scope, and is thus 
unlikely to stick to their given timeframe.

Lars

PS: I support 1/ - close SUB-IP and migrate the WGs.
--
Lars Eggert <[EMAIL PROTECTED]>   USC Information Sciences Institute


smime.p7s
Description: S/MIME Cryptographic Signature

RE: a personal opinion on what to do about the sub-ip area

[Paul Hoffman / IMC]

At 4:50 PM -0800 12/9/02, Tony Hain wrote:

If there were are real need for cross group
coordination within the sub-IP area, that would be a little clearer.


A presentation at the SubIP Area meeting in Atlanta drove home the 
point that the amount of coordination in the area was not as high as 
expected when the area started. The originally-envisioned hourglass 
(with CCAMP in the middle) turned into spaghetti. This is not to say 
that the spaghetti is bad, just that the proposed coordination didn't 
help keep them on track and therefore might be less needed than some 
are saying.

--Paul Hoffman, Director
--Internet Mail Consortium

Re: namedroppers, continued

[Michael Froomkin - U.Miami School of Law]

Blinded coins a la digicash
http://www.law.miami.edu/~froomkin/articles/oceanno.htm#xtocid583124

On Mon, 9 Dec 2002 [EMAIL PROTECTED] wrote:

> On Mon, 09 Dec 2002 17:47:58 EST, Edward Lewis said:
> 
> > >Does anybody  have a reference on an authorization scheme that
> > >doesn't imply any authentication?
> > 
> > World readable files.
> 
> We know how to do that already ;)
> 
> I was thinking more along the lines of a zero-knowledge proof or
> something like that - a scheme where you can prove you're authorized to
> do something(*) without having to prove who you are first.
> 
> (*) and explicitly ruling out the 'null check, everybody is allowed' case ;)
> 
> /Valdis
> 
> 

-- 
Please visit http://www.icannwatch.org
A. Michael Froomkin   |Professor of Law|   [EMAIL PROTECTED]
U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
+1 (305) 284-4285  |  +1 (305) 284-6506 (fax)  |  http://www.law.tm
-->It's warm here.<--

Re: namedroppers, continued

[John C Klensin]

--On Monday, 09 December, 2002 17:49 -0500 Bill Cunningham
<[EMAIL PROTECTED]> wrote:

> I haven't personally tried myself to opt out. But I've read
> they have the form. If they told you they don't have a form to
> sort out junk mail for you I'd say they were full out it. I'd
> call the Postmaster General's office.

Bill,

For the US Post Office, they don't have the form.  In another
context, I've been over this with the Postal Inspection Service.
They have two other forms and models, one of which is probably
getting confused with this.

(1) You can decline to receive the particular form of junk mail
that is addressed to "occupant", "boxholder", or similar generic
terms.  For that, there is a form.

(2) You can also decide that particular types of materials,
identifed by specific description (nearly impossible in most
cases) or source is obscene.  Once you do that, and perform the
relevant rituals, it becomes illegal for identified sources to
send the stuff to you.  In general, you can't get the post
office to open all of your mail and do content filtering to be
sure it doesn't meet your criteria for obscenity.   And you
probably wouldn't want to, since that would require authorizing
them to open and read all of your mail.  But it can be an
effective way to prevent a particular sender for sending you
specific kinds of materials, since the penalties for sending
obscene materials through the mails are quite severe.

If it is addressed to you, by name and matching address, they
are, as Stephen indicated, legally required to deliver it
(unless it falls under the prohibitions of (2) above).  So,
oddly, you can opt out of "untargeted" mailings, but not out of
"targeted" ones.

john 

Re: Reminder: Deadline for input on sub-ip discussion

[John C Klensin]

--On Monday, 09 December, 2002 22:21 +0100 Harald Tveit
Alvestrand <[EMAIL PROTECTED]> wrote:

> All,
> 
> On Wed Dec 4th, we asked for input to help us decide on the
> future of the SUB-IP Area. See our posting a
>...


Harald,

I have not been following the work, or WGs, in this area to any
significant degree since last March and was not planning to
comment on this.  But you asked twice...  

My impression is that Bert and Scott have been doing a fine job
in a confused situation and that we all owe them a vote of
thanks for taking on the extra work.  At the same time, I am, as
you know, very concerned about both IESG workload and about our
putting resources into areas and tasks where IETF cannot do an
effective job.  To borrow from another discussion, I would
define "effective" as combining "high quality" with "taking no
longer than absolutely needed to get the work done".

Because I haven't studied the WGs, this is more a comment about
process and management style than about specific WGs and what
should be done about them.  But you asked, so...

>From the comments that have been made, especially including some
of the observations in Scott's note, I see no _IETF_
justification for making the area permanent.  Yes, I understand
that some of the people associated with Sub-IP work would prefer
to have their own area/club, but my belief is, that for any work
that isn't _clearly_ in the mainstream of IETF task areas and
responsibities, the justification for IETF's taking that work on
lies in the value-added from interactions with other groups and
areas.  

In that context, it seems to me that most of the "this should be
in because it involves the interactions between IP and foo" or
"this should be out because it is mostly foo" discussions miss
the critical point.  We either have something unique to add, as
a community, or we don't.  If we don't, then we should leave it
to others: a self-contained group of people who are going to
work a particular, below-neck-of-hourglass problem in relative
isolation  from the rest of the IETF can as well do it
elsewhere.  Their doing so reduced demands on meeting time and
load on the IESG, regardless of how areas are organized in a
given week.  We may be more hospitable to them than some other
group for one reason or another, but that isn't, of necessity,
our job or our problem.  If we do add value, then the value-add
is precisely in the interactions of these groups with other WGs
_outside_ the sub-IP tasks and work area.  

Once we dispose of "make it permanent", then we have more
flexibility about answers.   What should we do?  Well, for
starters and to be very blunt, I'm concerned about the
implicatons of an eight day review starting on 4 December.  The
IESG has known for two years that this point was coming.  An
area meeting was held in Atlanta, but there was no notice to the
general community  that this was going to be a major topic, no
strong mention of it at the plenary or pre-Atlanta mailings to
the whole IETF, etc.  I have to consider that a symptom of a
more general problem.   The version of "more general problem"
that is least damning to the IESG is "too busy with other things
to get that organized", but that answer calls for fewer WGs, and
perhaps fewer areas, not more.  But, for this specific topic,
that is water over the dam.

My answer is, I think, (4), where my (4) is fairly close in most
respects to the notes from Paul and Grenville.  Extend the
thing, in its present form, because the disruption of moving
things around that (at least one of) the relevant ADs claims are
near completion is just not worth the cost to make a point.  But
do it for a fixed, and short, time.  My recommendation is that
you extend it, in its present form, through the evening of 20
March 2003 and that you put a status report on the IESG plenary
agenda (the previous night?).  I recommend that no new WGs be
added to the area between now and then and that the IESG
evaluate moving ones that will need longer lives out well before
that date (and make those moves if the evaluation indicates that
to be appropriate).  

I would hope for a summary of which WGs have been shut down or
moved, which ones have submitted drafts and are awaiting
publication before shutting down, and which ones appear to need
to be around longer.   If the latter group is small, I believe
that they should then be moved and the area shut down.  If it is
large, I believe that all of the remaining WGs should be forced
through a serious review and rechartering process, without the
assumption that it is in the IETF's interest that they continue
(note that I'm assuming that all WGs that have an obvious role
in other areas will have been moved out before then and that
these are only the residuals which don't clearly belong
somewhere else).  If the nomcom and confirming bodies do their
jobs on time, I would presume and hope that you (and the current
IESG) would involve incoming IESG members in the review and
discussion -- they a

Re: IETF Sub-IP area: request for input (fwd)

[Michael StJohns]

At 09:55 PM 12/4/2002 +0100, Harald Tveit Alvestrand wrote:


The options seem to be:
1/ move WGs (back) to permanent areas: migrate the SUB-IP
working groups to other IETF areas sometime soon, likely before next
summer and close the SUB-IP area. Also, reconstitute the SUB-IP (and/or
other) directorates to ensure the continued coordination between the
remaining WGs.

2/ establish a long-term area: decide that the SUB-IP
area will be a long-term one, clearly define its charter, and ask the
nomcom to select one or two people to be Area Directors

3/ status quo: continue the SUB-IP Area as a temporary,
ad-hoc effort, much as it has been, with the IESG selecting two sitting
ADs to continue the effort that Bert & Scott have been doing. But maybe
give more responsibility to the working group's technical advisors,
normally the AD from the area where the working group might otherwise
live.



After reading through the discussions and thinking about the IETF needs as 
a whole, I want to propose a 4th alternative (which is a merge of the opt 2 
and 3):

a) Sunset the area with a final decision point as 12/31/2003 and a closing 
date of 03/01/2004.  No further WGs will be chartered in this area.
b) Ask the Nomcom to appoint 1 area director not from the current set of 
ADs for a term of 1 year. Term would run March 02 to March 03.

I think this approach would accomplish two things:  1) The area would be 
legitimized for the period of operation and that would bring it under 
normal IETF procedures.  2) We (the IETF) would have an opportunity to 
apprentice/train a new AD in a lower stress/load environment than the usual 
area.  In Dec 03, if there is sufficient reason to continue the area, the 
NOMCOM can act to continue the appointment or to appoint another or other 
ADs as well as more fully define the charter.  If not, the area can close 
in March.

Mike

Re: namedroppers, continued

[Bill Cunningham]

- Original Message -
From: "John C Klensin" <[EMAIL PROTECTED]>
To: "Bill Cunningham" <[EMAIL PROTECTED]>
Cc: "Stephen Sprunk" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, December 09, 2002 9:16 PM
Subject: Re: namedroppers, continued


>
>
> --On Monday, 09 December, 2002 17:49 -0500 Bill Cunningham
> <[EMAIL PROTECTED]> wrote:
>
> > I haven't personally tried myself to opt out. But I've read
> > they have the form. If they told you they don't have a form to
> > sort out junk mail for you I'd say they were full out it. I'd
> > call the Postmaster General's office.
>
> Bill,
>
> For the US Post Office, they don't have the form.  In another
> context, I've been over this with the Postal Inspection Service.
> They have two other forms and models, one of which is probably
> getting confused with this.
>
> (1) You can decline to receive the particular form of junk mail
> that is addressed to "occupant", "boxholder", or similar generic
> terms.  For that, there is a form.
>
> (2) You can also decide that particular types of materials,
> identifed by specific description (nearly impossible in most
> cases) or source is obscene.  Once you do that, and perform the
> relevant rituals, it becomes illegal for identified sources to
> send the stuff to you.  In general, you can't get the post
> office to open all of your mail and do content filtering to be
> sure it doesn't meet your criteria for obscenity.   And you
> probably wouldn't want to, since that would require authorizing
> them to open and read all of your mail.  But it can be an
> effective way to prevent a particular sender for sending you
> specific kinds of materials, since the penalties for sending
> obscene materials through the mails are quite severe.
>
> If it is addressed to you, by name and matching address, they
> are, as Stephen indicated, legally required to deliver it
> (unless it falls under the prohibitions of (2) above).  So,
> oddly, you can opt out of "untargeted" mailings, but not out of
> "targeted" ones.
>
> john

I checked 39USC and 39CFR955 I guess the postal service maintains a list if
you want to not receive mailing for sexually oriented materials,
sweepstakes, and pandering solicitations. But that's about it. As far as the
USPS goes.
>

RE: Reminder: Deadline for input on sub-ip discussion

[Bill Strahm]

I have an interesting set of questions for you Harold,
1) How effective would the IESG be with 2 more members, more effective,
or less
2) What would happen to any "new" IESG members in the SUB-IP area, if
the area is shut down ?

In otherwords, does the IESG think that a two new members would help
overall effectiveness, or make it lower

If the consensus of the IESG is that adding more members would make them
less effective go with the victim/temporary route.

If the consensus of the IESG is that adding two members would make the
IESG more effective, lets look at making it permanent, or have a place
to put the extra members when the "temporary" area shuts down.

In other words what makes that IESG more effective 

Bill


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Harald Tveit Alvestrand
Sent: Monday, December 09, 2002 1:22 PM
To: [EMAIL PROTECTED]
Subject: Reminder: Deadline for input on sub-ip discussion


All,

On Wed Dec 4th, we asked for input to help us decide on the future of
the SUB-IP Area. See our posting at

  http://www.ietf.org/mail-archive/ietf/Current/msg18370.html

We had a large majority of people at the SUBIP Area meeting in Atlanta
expressing that they want the area to be long(er) lived. This will be
part of our input.

But we need/want to hear from the IETF community. So please express your
opionion (and the reasoning behind it) asap on [EMAIL PROTECTED], but 
certainly before Thursday Dec 12th 10am US Eastern time.

As expressed in the above posting (with data points and discussion 
included),
the 3 choices for the SUB-IP Area seem to be:

  1/ move WGs (back) to permanent areas: migrate the SUB-IP
 working groups to other IETF areas sometime soon, likely before
next
 summer and close the SUB-IP area. Also, reconstitute the SUB-IP
(and/or
 other) directorates to ensure the continued coordination between
the
 remaining WGs.

  2/ establish a long-term area: decide that the SUB-IP
 area will be a long-term one, clearly define its charter, and ask
the
 nomcom to select one or two people to be Area Directors

  3/ status quo: continue the SUB-IP Area as a temporary,
 ad-hoc effort, much as it has been, with the IESG selecting two
sitting
 ADs to continue the effort that Bert & Scott have been doing. But
maybe
 give more responsibility to the working group's technical advisors,
 normally the AD from the area where the working group might
otherwise
 live.

The opinions expressed so far seem to show clearly that the community is

divided on the issue, with perhaps some preference for the status quo 
(alternative 3).

If you have a strong preference for one (or two) of these, and have not
yet 
said so, please indicate your opinion (and your reasons) by mail to 
[EMAIL PROTECTED] before Thursday.

Thank you!

  Harald Alvestrand, for the IESG

(please repost this message where appropriate)

Re: Reminder: Deadline for input on sub-ip discussion

[grenville armitage]

Bill Strahm wrote:
> 
> I have an interesting set of questions for you Harold,
> 1) How effective would the IESG be with 2 more members, more effective,
> or less
> 2) What would happen to any "new" IESG members in the SUB-IP area, if
> the area is shut down ?

I think this is a seductively reasonable-sounding-yet-misguided rephrasing
of the issue.

Sub-IP as an Area ought to be evaluated on its applicability to the
IETF. The IESG support (generally quite well and unthanked) the goals
of the IETF. If Sub-IP as an Area makes sense for the IETF, then (and
only then) does the question arise of whether to add more IESG members.
Let's not get the order reversed.

cheers,
gja
-- 
Grenville Armitage
http://caia.swin.edu.au