Re: [ietf-dkim] Work group future
Barry Leiba wrote: > Closing the working group doesn't mean that work on DKIM stops. It > just means that this particular organized piece of work has come to an > end. And I understand Hector's concern about access to MAAWG, but, > again, it's not the only place where there's discussion, and this and > the other mailing lists will continue. Many MAAWG members will still > participate in discussions outside MAAWG, and there should be a flow > of information all 'round. Thanks for your comments. For the record, I don't discount the endorsement value of this trade group. The concern is not so much about access to the trade group although that would be an issue since AFAIK there are no open forums for this trade group participation. While that may change tomorrow, overall, the general concern is the risky promotion that a trade group interest becomes the primary endorsement requirement for further work or even stop any current work and this may not represent the entire IETF mail community interest. Specifically, is the trade group promotion and suggestion for more trade group incubation periods for a DKIM Policy Proof of concept. Most people understand that the key issue is one there there is a deployment conflict between 3rd party and 1st party DKIM signatures. What makes it a DKIM sensitive issue is that the out of scope Reputation motivations pushed out in scope Policy motivations. With the last call, the out of scope reputation modeling will now become part of the standard. By not including POLICY as part of the standard, it makes is much harder to get POLICY back in the picture without a new revamping of the DKIM reputation standard. I tried to introduce practical solutions that will be not compromise reputation, keep the door open for Policy and help promotes consistent DKIM mail system integration with less need to revamp the standard. The latter is the most important and I don't think we have dealt with that. I am not asking to change the specs that now promotes reputation, I am asking that to make it work better we one basic idea instilled: - 3rd party signers are not entirely unrestricted. Since the layer for evaluation semantics for TRUST Assessment was finally added to RFC4871bis DKIM-BASE at this late stage, it is only logical that we add identity text regarding POLICY Assessment. It was stated the justification for adding the trust assessment layer semantics was because other documents already make this deployment possible. I firmly agree. It makes DKIM mail system integration more consistent. However, the same can be said for POLICY which was a chartered item and also stated in other documents, especially in the security threat document and also in the deployment document. So again, my interest is mainly about mail system DKIM protocol integration consistency. Unfortunately, while it may be comforting to know the discussions will continue, we also know it will a very hard to get policy back into an IETF WG standardization effort simply because it will requires upgrading of the DKIM standard. Once we have a large market of unrestricted signers technically legal by standards, it will be very hard to change this highly exploitable DKIM relaxation built into the standards. But then again, who knows. Maybe as bigger industry gorillas begin to endorse and add policy support such as Microsoft, the IETF will now be forced back into the position to make POLICY a standard, just like it happen in MARID which Microsoft finally endorsed SPF. SPF was taken off on its own, but IETF did nothing until Microsoft came out with their own versions. Anyway thanks for your comments regarding the WG future. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
Back from Prague, and catching up. On Mon, Apr 4, 2011 at 5:18 AM, Alessandro Vesely wrote: > Is there a difference between the WG and the mailing list, in this > respect? Shutting down the mailing list implies possibly different > members whenever a new DKIM WG will be started up. First, replace "members" with "participants". Active participants come and go over time, and people subscribe and unsubscribe to many mailing lists. It's our intention to leave the mailing list open after the working group closes. That's the normal case anyway, unless the mailing list is problematic in one way or another. Also, yes, the archives stay around, and the charter, along with the pointers to the mailing list and the archives, are still easily found. Also also, I remind people that there are other DKIM-related mailing lists on dkim.org, dealing with development and operations. In our case, we have an exception to the current rule: our mailing list is not hosted at ietf.org, and so its persistence can't be guaranteed by the IETF. That might be a problem in future, though there's no near-term issue with it. A subsequent "son of DKIM" working group would almost certainly have a new mailing list at ietf.org. > I see some agree on this point. And yet, rechartering was discussed > withing this WG just one year ago, and the text adjusted so as to meet > consensus. > > Was the charter perceived as a compromise? I, for one, was not 100% > satisfied with it Everything in life is a compromise; there's seldom something that everyone can agree on. In our case, the charter reflected "rough consensus" and expression of energy to work on what's in there. We turn out to have done two and a half of the work items (half of item 2), and now lack energy and focus for the others. Some might finish the other half of item 2 (updating the operations/deployment documents) as individual submissions, if it looks like it's a good thing to do. Closing the working group doesn't mean that work on DKIM stops. It just means that this particular organized piece of work has come to an end. And I understand Hector's concern about access to MAAWG, but, again, it's not the only place where there's discussion, and this and the other mailing lists will continue. Many MAAWG members will still participate in discussions outside MAAWG, and there should be a flow of information all 'round. Barry ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
On 4/4/2011 11:38 AM, Murray S. Kucherawy wrote: >> Is there a difference between the WG and the mailing list, in this respect? >> Shutting down the mailing list implies possibly different members whenever >> a new DKIM WG will be started up. > > I actually don't know. Someone else could chime in. I'm sure the archives > are kept "forever" though. A working group is an organizational construct of the IETF. A mailing list is a communications tool. Closing the former does not have to affect the latter. In fact it is common to leave a list open for follow-on discussions. For interesting efforts, like DKIM, that also have other, related lists, the usual roll of the list that was used for the wg is for discussion of the "technology" and possible changes to it, rather than it's "operation", but that's a subtlety that isn't formally enforced and often isn't followed. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
Murray S. Kucherawy wrote: >> -Original Message- > That's a fairly grandiose expectation. One might also wonder > why law enforcement hasn't managed to stop drug abuse, cybercrime, > or myriad other plagues on society. Does that mean laws should not exist? > The issue is that the infrastructure of the system allows it, > and I can't even imagine a system that is problem-free given > the nature of the predators and prey in these scenarios. No one said Policy will end all wars or provide world peace. But I do know one thing, it has a lot better chance than the Reputation Model can hope to provide. Reputation does not even care the current ills of the systems which are highly detectable with Policy. > We just can't get the spammers to set the evil bit on > their mail, alas. It would make things so much easier. But it doesn't have to Murry and thus why DKIM had a rare high promising industry revamping contribution to ending all wars and providing world peace. You are right, the system allows for it. The #1 problem with bad guys is the exploitation of the legacy mail operations by simply operating in legacy mode themselves - in other words - Do Nothing. DKIM POLICY is a fault Detection concept where policy raises the legacy email bar using DKIM domain declared signing policy expectations. So without lifting a finger, DKIM POLICY will immediately address all bad guys operating in legacy mode. The evil bit is the lack of a signature itself. DKIM POLICY will put legacy bad guys in a new predicament they never had to think about or incentive to do - ADAPT or DIE! Since DKIM REPUTATION does not deal with faults of the system, the legacy bad guy market will continue thrive at mail sites using DKIM REPUTATION only. You must appreciate that adaptation constitute change and change is an expense so perhaps not all bad guys will adapt. For those who do, adaptation would be in: - Invalid Domain Signatures - Valid 3rd party Signatures - Valid 1st party Signatures DKIM POLICY will immediate address the Invalid Signature Adaptation. DKIM REPUTATION would not be capable, by design to deal with this adaptation. DKIM POLICY would immediate address the valid, but anonymous, unauthorized 3rd party signer adaptations. DKIM REPUTATION will pan for gold using independent trust assessment services which the bad guy is not a member of. I have no idea how you deal with that. Maybe a DKIM Reputation AI Model based on Neural Network or Bayesian Classification would emerge and after a 3-5 year warm up period, some trickle of a return and payoff will emerge. DKIM POLICY doesn't address valid 1st signatures, so it will depend on the DKIM Reputation model. DKIM POLICY offers DKIM a better chance for success than DKIM REPUTATION can for the primary reason that it addresses a large part of the problem where CHANGE is not required. That was the beauty of it. On the other hand, any measurable success for reputation is squarely dependent on change - but change for GOOD GUYS. It has no concept to deal the legacy or adaptation for bad guys. DKIM Reputation success will depend one thing only: Every domain uses the same batteries. Of course, the ideal set of Batteries would be: A monopoly or oligopoly network of trusted assessment services allowing for consistent GOOD MAIL result across all DKIM receivers. -- HLS ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
On 4/4/2011 2:38 PM, Murray S. Kucherawy wrote: >> Alessandro Vesely wrote: >> >> On 03/Apr/11 18:45, Murray S. Kucherawy wrote: >>> I think when it's clear there's no more progress that can be made, >>> you close down and move on. You can always start up a WG later >>> when there's a chance for better progress or new work to be done. >> Is there a difference between the WG and the mailing list, in this >> respect? Shutting down the mailing list implies possibly different >> members whenever a new DKIM WG will be started up. > I actually don't know. Someone else could chime in. I'm sure the archives > are kept "forever" though. > > There are other DKIM lists around that could become a new home for such > conversation though. Or you could start your own. > > Also, "possibly different members" is not necessarily a bad thing. Some > fresh perspective might be quite welcome. When a WG shuts down, its mailing list is almost always kept alive. Tony Hansen t...@att.com ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Alessandro Vesely > Sent: Monday, April 04, 2011 2:19 AM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Work group future > > On 03/Apr/11 18:45, Murray S. Kucherawy wrote: > > I think when it's clear there's no more progress that can be made, > > you close down and move on. You can always start up a WG later > > when there's a chance for better progress or new work to be done. > > Is there a difference between the WG and the mailing list, in this > respect? Shutting down the mailing list implies possibly different > members whenever a new DKIM WG will be started up. I actually don't know. Someone else could chime in. I'm sure the archives are kept "forever" though. There are other DKIM lists around that could become a new home for such conversation though. Or you could start your own. Also, "possibly different members" is not necessarily a bad thing. Some fresh perspective might be quite welcome. > > Our outstanding chartered items have been getting nowhere for > > years. It seems nonsensical to keep it open. > > I see some agree on this point. And yet, rechartering was discussed > withing this WG just one year ago, and the text adjusted so as to meet > consensus. There's no current consensus to recharter again though. Would you like to propose a new charter? > Was the charter perceived as a compromise? I didn't get that impression. > I, for one, was not 100% > satisfied with it, but still preferred to remain in the WG to discuss > the parts that I was interested in. Possibly my decision was wrong, > because a smaller and more agile WG may have worked better. RFC 2418 > considers closed membership for "design teams" within a WG, but I > never actually saw that here. I can't recall: Did you propose such a design team? Getting a smaller, more agile WG is certainly an option. You just need to find some like-minded people that are willing to collaborate on a charter, and then get it into the system for consideration. The process is well-documented. But keep in mind that R&D is not an IETF activity. The IETF does standards. We haven't been able to come up with a standard to do policy that is universally palatable. It may be that more statistics gathering and research would solve this, but that hasn't happened. Keeping a WG alive is expensive, and I daresay we're not offering up much bang for the buck these days (other than perhaps entertainment value to outsiders). Essentially, the R&D should be done before the IETF part of things starts up. > Yes, the horses are out already. However, in general, I'm very > interested in learning why spam hasn't been stopped by the IETF, and > this sort of WG dynamics seems to be part of the response. (I wasn't > in the MARID, I only read about it after the fact.) That's a fairly grandiose expectation. One might also wonder why law enforcement hasn't managed to stop drug abuse, cybercrime, or myriad other plagues on society. The issue is that the infrastructure of the system allows it, and I can't even imagine a system that is problem-free given the nature of the predators and prey in these scenarios. We just can't get the spammers to set the evil bit on their mail, alas. It would make things so much easier. ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
On 03/Apr/11 18:45, Murray S. Kucherawy wrote: > I think when it's clear there's no more progress that can be made, > you close down and move on. You can always start up a WG later > when there's a chance for better progress or new work to be done. Is there a difference between the WG and the mailing list, in this respect? Shutting down the mailing list implies possibly different members whenever a new DKIM WG will be started up. > Our outstanding chartered items have been getting nowhere for > years. It seems nonsensical to keep it open. I see some agree on this point. And yet, rechartering was discussed withing this WG just one year ago, and the text adjusted so as to meet consensus. Was the charter perceived as a compromise? I, for one, was not 100% satisfied with it, but still preferred to remain in the WG to discuss the parts that I was interested in. Possibly my decision was wrong, because a smaller and more agile WG may have worked better. RFC 2418 considers closed membership for "design teams" within a WG, but I never actually saw that here. >> My guess is that the paramount impact that spam has rouses too >> many people, so that WGs become overpopulated, discussions >> difficult, and people nervous. Is it so? > > It's certainly true, but I don't think keeping this WG open in > spite of this solves anything. Yes, the horses are out already. However, in general, I'm very interested in learning why spam hasn't been stopped by the IETF, and this sort of WG dynamics seems to be part of the response. (I wasn't in the MARID, I only read about it after the fact.) Thanks for all responses, and my apologies for this OT. ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
On Apr 3, 2011, at 9:45 AM, Murray S. Kucherawy wrote: > > I think when it's clear there's no more progress that can be made, you close > down and move on. You can always start up a WG later when there's a chance > for better progress or new work to be done. Also, having the workgroup still open and not progressing in any particular direction risks giving the impression that DKIM isn't ready to deploy and may actually deter progress. > Our outstanding chartered items have been getting nowhere for years. It > seems nonsensical to keep it open. +1 Cheers, Steve ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
On 4/3/2011 5:45 PM, Murray S. Kucherawy wrote: > Our outstanding chartered items have been getting nowhere for years. It > seems nonsensical to keep it open. +1. Concise and correct. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Alessandro Vesely > Sent: Friday, April 01, 2011 10:27 AM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Work group future > > I think it can be immensely useful if the list plainly says /why/ the > WG closes. As Rolf noted, DKIM is not (yet) a well refined protocol > that any of us would recommend his grandma to make use of. I disagree. I wouldn't tell my grandma to use SMTP either, but it's pretty well-established. DKIM isn't a userland thing. > I understand that such meta-standardization explanations are not > IETF's core business, but there seems to be a recurring pattern of > prematurely shut down WGs, for subjects related to spam. I think when it's clear there's no more progress that can be made, you close down and move on. You can always start up a WG later when there's a chance for better progress or new work to be done. Our outstanding chartered items have been getting nowhere for years. It seems nonsensical to keep it open. > My guess is > that the paramount impact that spam has rouses too many people, so > that WGs become overpopulated, discussions difficult, and people > nervous. Is it so? It's certainly true, but I don't think keeping this WG open in spite of this solves anything. -MSK ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
On 02/Apr/11 09:08, Hector Santos wrote: > I would suggest an aura is present that the "job is not done" > especially when there are still active discussions about removing, > deprecating, changing this and that, and there is still a chartered > POLICY standard development work item yet not complete. ...and EAI coming up. I agree that the presence of such aura is not a sufficient reason for keeping the WG, and more so if we keep in mind other considerations. At any rate, do we agree that such aura is present or is it just a minority of us who feel it? ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of John R. Levine > Sent: Friday, April 01, 2011 2:40 PM > To: Rolf E. Sonneveld > Cc: DKIM List > Subject: Re: [ietf-dkim] Work group future > > > By closing down the WG the momentum will be lost; > > There's plenty of momementum in MAAWG and other operational fora. The > IETF is about standards development. You don't get deployment by keeping > a standards WG going. +1. MAAWG has been the incubator for a lot of ideas and energy that fed into standards work, most notably ARF but also some aspects of DKIM, SPF and Sender ID. It has a broad membership base (http://www.maawg.org/about/roster) so their constituency in terms of gathering deployment experience and input is substantial and ideal for this sort of work. And there are lots of smaller efforts starting to pop up that are putting forward ideas in this area as well. There's no lack of momentum. In terms of chartered items, we've done 1 and 5 insofar as we have documents getting ready to go to the IESG, but we've been spinning our wheels on the rest for a long time now. WGs are expensive to spin up and operate, and if we're not getting anywhere then it's appropriate to go dormant or shut down completely. A new working group can spin up to tackle those issues someday when there's real progress to be made. And I think that's a better use of everyone's time. ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
John R. Levine wrote: >> By closing down the WG the momentum will be lost; > > There's plenty of momementum in MAAWG and other operational fora. The > IETF is about standards development. You don't get deployment by keeping > a standards WG going. Not suggesting to keep the bar open for after hours drinks and ramblings whispers, but MAAWG represents a itsy-bitsy fragment of the total mail network population interest. Its not the IETF and I would suggest an aura is present that the "job is not done" especially when there are still active discussions about removing, deprecating, changing this and that, and there is still a chartered POLICY standard development work item yet not complete. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
There already is some work on domain reputation in progress, though it hasn't quite got enough momentum to charter a working group yet. Stay tuned. But domain reputation is explicitly something DKIM is not supposed to work on. So without that, I don't know why we still need a working group; we've done everything we set out to do. From: ietf-dkim-boun...@mipassoc.org [ietf-dkim-boun...@mipassoc.org] On Behalf Of Rolf E. Sonneveld [r.e.sonnev...@sonnection.nl] Sent: Friday, April 01, 2011 2:03 PM To: John R. Levine Cc: ietf-dkim@mipassoc.org; Alessandro Vesely Subject: Re: [ietf-dkim] Work group future On 4/1/11 9:18 PM, John R. Levine wrote: >> I think it can be immensely useful if the list plainly says /why/ the >> WG closes. As Rolf noted, DKIM is not (yet) a well refined protocol >> that any of us would recommend his grandma to make use of. > If that's the requirement, I think that pretty much every IETF standard > since the dawn of the Internet is a failure. DKIM's main audience is the > people who run mail systems, for MTA-MTA security, not individual users. it seems to me you don't take Alesandro's statement very serious, by responding only to this part of his message. Let's face the situation. Some 90% of all mail sent across the Internet is spam. The vast majority of this spam is caught by DNSBL based filtering. As we all know, the upcoming use of IPv6 poses some interesting challenges to the way current DNSBLs operate/are used. Over the years, 'the people who run mail systems' have started to use non-(IETF-)standard anti-spam tools, not bothering too much about the collateral damage (false positives and delivery delays) they cause. We all know the examples of call back verification, greylisting, DNS back and forward checking of IP/names etc. etc. Because these techniques are not standardized, they cause problems with the delivery of legitimate mail. Although DKIM is not an anti-spam technique in and by itself, it is the only spam-related standards track technology around. By closing down the WG the momentum will be lost; in my view it's essential to keep momentum and a WG that is actively investigating the impact of DKIM and further developing the standard based on real-world usage, can be a way to keep the industry and government interested. Note that the investigation of the real-world usage of DKIM has led to the removal of g= and to the proposal to remove i= in 4871bis. However, if there is consensus to close down the WG, I would like to suggest to followup this WG by chartering a reputation WG, which will pick up the work done so far on the domainrep mailing list, to make a start with 'cashing' on the results achieved with DKIM so far. /rolf ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
Plus, the future of DKIM doesn't have to come from this WG. If there's momentum to be preserved, interested people can spin up a DKIMbis WG or something similar. The domain reputation stuff and DOSETA both have people talking at the IETF, for example. From: ietf-dkim-boun...@mipassoc.org [ietf-dkim-boun...@mipassoc.org] On Behalf Of John R. Levine [jo...@iecc.com] Sent: Friday, April 01, 2011 2:40 PM To: Rolf E. Sonneveld Cc: DKIM List Subject: Re: [ietf-dkim] Work group future > By closing down the WG the momentum will be lost; There's plenty of momementum in MAAWG and other operational fora. The IETF is about standards development. You don't get deployment by keeping a standards WG going. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
On 4/1/11 9:18 PM, John R. Levine wrote: >> I think it can be immensely useful if the list plainly says /why/ the >> WG closes. As Rolf noted, DKIM is not (yet) a well refined protocol >> that any of us would recommend his grandma to make use of. > If that's the requirement, I think that pretty much every IETF standard > since the dawn of the Internet is a failure. DKIM's main audience is the > people who run mail systems, for MTA-MTA security, not individual users. it seems to me you don't take Alesandro's statement very serious, by responding only to this part of his message. Let's face the situation. Some 90% of all mail sent across the Internet is spam. The vast majority of this spam is caught by DNSBL based filtering. As we all know, the upcoming use of IPv6 poses some interesting challenges to the way current DNSBLs operate/are used. Over the years, 'the people who run mail systems' have started to use non-(IETF-)standard anti-spam tools, not bothering too much about the collateral damage (false positives and delivery delays) they cause. We all know the examples of call back verification, greylisting, DNS back and forward checking of IP/names etc. etc. Because these techniques are not standardized, they cause problems with the delivery of legitimate mail. Although DKIM is not an anti-spam technique in and by itself, it is the only spam-related standards track technology around. By closing down the WG the momentum will be lost; in my view it's essential to keep momentum and a WG that is actively investigating the impact of DKIM and further developing the standard based on real-world usage, can be a way to keep the industry and government interested. Note that the investigation of the real-world usage of DKIM has led to the removal of g= and to the proposal to remove i= in 4871bis. However, if there is consensus to close down the WG, I would like to suggest to followup this WG by chartering a reputation WG, which will pick up the work done so far on the domainrep mailing list, to make a start with 'cashing' on the results achieved with DKIM so far. /rolf ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
> By closing down the WG the momentum will be lost; There's plenty of momementum in MAAWG and other operational fora. The IETF is about standards development. You don't get deployment by keeping a standards WG going. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
> I think it can be immensely useful if the list plainly says /why/ the > WG closes. As Rolf noted, DKIM is not (yet) a well refined protocol > that any of us would recommend his grandma to make use of. If that's the requirement, I think that pretty much every IETF standard since the dawn of the Internet is a failure. DKIM's main audience is the people who run mail systems, for MTA-MTA security, not individual users. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
On 28/Mar/11 15:34, Barry Leiba wrote: > Consensus in room and jabber is to close. Will confirm on the mailing list. I think it can be immensely useful if the list plainly says /why/ the WG closes. As Rolf noted, DKIM is not (yet) a well refined protocol that any of us would recommend his grandma to make use of. I understand that such meta-standardization explanations are not IETF's core business, but there seems to be a recurring pattern of prematurely shut down WGs, for subjects related to spam. My guess is that the paramount impact that spam has rouses too many people, so that WGs become overpopulated, discussions difficult, and people nervous. Is it so? In order to learn from our experience, we have to give an explicit account of it. ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
Barry Leiba wrote: > -- > 4. Discussion of the future of the working group > > Two charter items not yet done: >3. Collect data on the deployment, interoperability, and > effectiveness of the Author Domain Signing Practices protocol > (RFC 5617), and determine if/when it's ready to advance on the > standards track. Update it at Proposed Standard, advance it to > Draft Standard, deprecate it, or determine another disposition, > as appropriate. >4. Taking into account the data collected in (2) and (3), update > the overview and deployment/operations documents. These are > considered living documents, and should be updated periodically, > as we have more real-world experience. > > - Is there energy and desire to do this? Not for these two items. Barry, the issue is never about convincing POLICY advocates. This "collect data" was perceived as yet another way to further put off completing a chartered work product. If we had a true champion as the editor of ADSP, no question, it would of been a lively active working document and WG discussion with sincere updated proposal design changes because of all the high interest and input provided to try to make POLICY work. POLICY was not provided "an equal opportunity" chance to be a) worked on, b) by a highly motivated believer of his work, and c) was there simply no interest by the editor to do anything about it to move it forward short of just saying it broken, by design, therefore Don't use it, 3rd party signers can ignore it and tried to get it removed from the charter. It never had a chance. We know what POLICY can offer immediate domain security. We spent many man-hours on it with two document products, RFC for SSP Requirements and RFC for Threat Analysis which were essentially ignored. I'm sure any SMTP vendors in the mail business really don't need additional proof of concept to see a how new method effectively "legalizing" a new higher bar expectation for mail transactions which can help provide a new "legal" dissemination for legacy operations to a very high zero false positive degree - with no questions asked. So what is the real question we wish answered with "Collect Data?" Who uses ADSP? Thats easy, systems who support it and all existing APIs support it. The problem is the ADSP editor has promoted the idea ADSP is broken and promotes the idea that 3rd party signers (like mailing list) do not need to support it. So within the WG, there will be little incentive to support an idea not even the author supports. I'm pretty confident having a true champion behind POLICY and we will we see a different positive situation occur for POLICY. I believe if that was to happen, the collect data would flow like a flood as DKIM systems are encouraged not discouraged from supporting it. > - Should we recharter instead for different work? If we can get a renewed focus for DKIM POLICY with a different editor. Yes. > - Should we close the working group? I don't see any further useful outcome with a status quo. So yes, if we can not get a new set of supporting engineering eyes for POLICY. > Are there objections to this? Does anyone want to convince us that > there's interest and energy to keep it open and do more work? Barry, I'm sure you know has always been a high interest in a DKIM+POLICY layer. Its in the charter and its diminishing focus was not one due to primarily to technical merits but simply put we had the wrong person on it. It was clear and obvious conflict of interest and incompatible issue which should of been addressed long ago by the IETF. POLICY had no change with Levine behind. There was never a desire to address all the comments provided and the fact is there was never any updates to fix all the clear ambiguity expressed by so many. So lets get to the real issue. What you are really asking is about the future of POLICY, not the WG. I would like to see a WG whether as a continuation of this IETF-DKIM list or a new IETF-DKIM-POLICY WG to finally give us a chance to complete a solid DKIM+POLICY security protocol for DKIM without all the intentional anti-policy WG disruptive interference seen over the years. I personally believe that if the IETF can help give POLICY a WG chance to be designed right, I think you will see some real positive adoption, marketing and confidence for DKIM. But who knows if that is true or not. We don't but you (speaking in general) can not denied there has always been a strong interest for a DKIM POLICY layer - its even a chartered item. But we just never really had a chance. My concern is sincere. I still have hope DKIM can help tremendously in the ongoing email security fight against domain fraud. What I don't want to see come to a reality is the "Cry Wolf" comments such as one I received recently from a customer testing and exploring our new DKIM+POLICY implementation:
Re: [ietf-dkim] Work group future
Hi Rolf, I think the simple answer is that there wasn't anything close to consensus in the room or on the Jabber to recharter to cover the questions you posed. We didn't even have enough consensus to complete the one or two chartered items that haven't been finished. And because of the nature of the way cryptography works, it's hard to tell what the 7% of failures are; crypto either passes or it doesn't, without telling you what broke or why. We have some hints from the use of "z=" to compare to messages that fail to verify, but that only describes a subset of failures. We can't conclude that the 7% are spammers because lots of signatures on spam verify just fine. I think the answer is a mix of things you listed as well as some others you didn't. Reputation is an application that takes DKIM as input, but is not itself part of the DKIM protocol. Applications that consume DKIM in general have a scope outside of what DKIM can and should define. And in general, I think this group has gone as far as it can go. It's time for some other group, or context, to take over. Perhaps "where do we go from here" is a question best tackled by something like the IRTF. -MSK From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Rolf E. Sonneveld Sent: Monday, March 28, 2011 3:23 PM To: Barry Leiba Cc: DKIM Mailing List Subject: Re: [ietf-dkim] Work group future Hi, On 3/28/11 3:34 PM, Barry Leiba wrote: As you'll see from the minutes (available at https://datatracker.ietf.org/meeting/80/materials.html ), consensus in the room and among remote participants at the IETF 80 DKIM session was to close the working group after the 4871bis and mailng-lists documents have been finished. From the minutes: -- 4. Discussion of the future of the working group Two charter items not yet done: 3. Collect data on the deployment, interoperability, and effectiveness of the Author Domain Signing Practices protocol (RFC 5617), and determine if/when it's ready to advance on the standards track. Update it at Proposed Standard, advance it to Draft Standard, deprecate it, or determine another disposition, as appropriate. 4. Taking into account the data collected in (2) and (3), update the overview and deployment/operations documents. These are considered living documents, and should be updated periodically, as we have more real-world experience. - Is there energy and desire to do this? - Should we recharter instead for different work? - Should we close the working group? Consensus in room and jabber is to close. Will confirm on the mailing list. I seem to remember that there was neither consensus for close, nor for continue. But I was a remote participant, so I may have it wrong. I wonder whether there should be a followup on the figures, presented by Murray in the implementation report. Excellent work (thanks Murray), but are we satisfied with the outcome? Is 93% successful verification OK? Is it good, is it good enough, is it bad? What if SMTP had been designed in such a way, that in 93% of all cases messages were delivered with contents unchanged, but in 7% of all cases message content was lost or malformed? Would it have been a success? What are these 7% DKIM signature verification failures, are these: * spammers? * MTA's violating the rules? * MTA's fixing stuff, that did not comply with the standards? * other? Furthermore, I'm not sure whether the DKIM WG has concluded on thinking about the value of DKIM, what it can be used for. Is it's purpose limited to providing input to a reputation engine? Is that it? Or is there more than that? Anyway, these things will not fit into the current charter... /rolf ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
>Furthermore, I'm not sure whether the DKIM WG has concluded on >thinking about the value of DKIM, what it can be used for. Is it's >purpose limited to providing input to a reputation engine? Is that >it? Or is there more than that? Those are all interesting questions, but I don't see what they have to do with standards development. If at some point in the future we figure out something where there would be a benefit if everyone did it the same way, we can charter a son-of-DKIM group to work on it. R's, John ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
Re: [ietf-dkim] Work group future
Hi, On 3/28/11 3:34 PM, Barry Leiba wrote: As you'll see from the minutes (available at https://datatracker.ietf.org/meeting/80/materials.html ), consensus in the room and among remote participants at the IETF 80 DKIM session was to close the working group after the 4871bis and mailng-lists documents have been finished. From the minutes: -- 4. Discussion of the future of the working group Two charter items not yet done: 3. Collect data on the deployment, interoperability, and effectiveness of the Author Domain Signing Practices protocol (RFC 5617), and determine if/when it's ready to advance on the standards track. Update it at Proposed Standard, advance it to Draft Standard, deprecate it, or determine another disposition, as appropriate. 4. Taking into account the data collected in (2) and (3), update the overview and deployment/operations documents. These are considered living documents, and should be updated periodically, as we have more real-world experience. - Is there energy and desire to do this? - Should we recharter instead for different work? - Should we close the working group? Consensus in room and jabber is to close. Will confirm on the mailing list. I seem to remember that there was neither consensus for close, nor for continue. But I was a remote participant, so I may have it wrong. I wonder whether there should be a followup on the figures, presented by Murray in the implementation report. Excellent work (thanks Murray), but are we satisfied with the outcome? Is 93% successful verification OK? Is it good, is it good enough, is it bad? What if SMTP had been designed in such a way, that in 93% of all cases messages were delivered with contents unchanged, but in 7% of all cases message content was lost or malformed? Would it have been a success? What are these 7% DKIM signature verification failures, are these: * spammers? * MTA's violating the rules? * MTA's fixing stuff, that did not comply with the standards? * other? Furthermore, I'm not sure whether the DKIM WG has concluded on thinking about the value of DKIM, what it can be used for. Is it's purpose limited to providing input to a reputation engine? Is that it? Or is there more than that? Anyway, these things will not fit into the current charter... /rolf ___ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html