Re: [apps-discuss] DMARC working group charter proposal

Barry Leiba <barryleiba@computer.org> Fri, 05 April 2013 16:15 UTC

Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F3BD21F9828 for <apps-discuss@ietfa.amsl.com>; Fri, 5 Apr 2013 09:15:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.877
X-Spam-Level:
X-Spam-Status: No, score=-102.877 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NVRJ0QJaSbXL for <apps-discuss@ietfa.amsl.com>; Fri, 5 Apr 2013 09:15:37 -0700 (PDT)
Received: from mail-ve0-f170.google.com (mail-ve0-f170.google.com [209.85.128.170]) by ietfa.amsl.com (Postfix) with ESMTP id BBE8121F982B for <apps-discuss@ietf.org>; Fri, 5 Apr 2013 09:15:36 -0700 (PDT)
Received: by mail-ve0-f170.google.com with SMTP id 15so3814793vea.29 for <apps-discuss@ietf.org>; Fri, 05 Apr 2013 09:15:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=JvpAdSeB3OUdIo0CeQwRAgcWMEEmCHMQupjxWBs16MQ=; b=Hb3wdKVyVvB9jiv0gWKEmauSM2RNSBvwBv387nmNyBPLTBuEIVZOELp1rDEhkjZADT BP8wiYvycCgm9Agz1ODM66GQzitQTJ/kllRusyIrJHUa22p8OvBuYc3E0umR62b1dmB9 ZzYUhccOypQQvyPF99KZGnUtpXsAx+DkQsI/KDPzzI1b1R6UtGDgkX7Q8EABQ2FsOr55 gsVoaUeNaR87BVDyArLEJN7edzfzSZd4QsfRJ5XjZ2KfOSJ9gU9urVOGluZ6caeVSkS7 ibTcLPcHyIEJLpbKRpDOX1DOIU1h7+qPfg+EqOMzBP1LF4SYKGhfbbvRQnNG4HaIJprK 32bQ==
MIME-Version: 1.0
X-Received: by 10.52.155.5 with SMTP id vs5mr7332282vdb.24.1365178536004; Fri, 05 Apr 2013 09:15:36 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.59.3.41 with HTTP; Fri, 5 Apr 2013 09:15:35 -0700 (PDT)
In-Reply-To: <515B401B.3070809@cs.tcd.ie>
References: <CAL0qLwYc757fw_VhPMHDrgcCimNFak02brDRLAVTq+NR4w34pA@mail.gmail.com> <5159D7A4.4000701@cs.tcd.ie> <CAL0qLwa0JtksC7iE_noz_ZC1L-NQU1EyH1X=dcrkPL-4UWJ-yA@mail.gmail.com> <515A0895.2090209@cs.tcd.ie> <515A1581.9030402@dcrocker.net> <515A2464.8090401@cs.tcd.ie> <515B2E1D.4050102@dcrocker.net> <515B401B.3070809@cs.tcd.ie>
Date: Fri, 5 Apr 2013 12:15:35 -0400
X-Google-Sender-Auth: 5boXPJUskt3r-pEu6i-sCtS0Kxw
Message-ID: <CAC4RtVASwR=7Qvz9iY5GMzOAkEHnS-TjoROEE1JQpzX_X-JLHA@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1
Cc: IETF Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] DMARC working group charter proposal
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 16:15:38 -0000

My sense is that this conversation's gotten too heated to shed much
light on things, so I want to try to pull it back into what the issues
are, and away from any sort of attack/defense mode.

I believe that Stephen's issue with the charter involves the
restrictions on what the working group would not be allowed to do with
the proposed DMARC spec.  So let me pick out a few quotes from the
proposed charter (
http://trac.tools.ietf.org/wg/appsawg/trac/wiki/DMARC ) and try to
address that, giving my own opinions on the points:

> DMARC already has achieved significant production deployment. Consequently,
> any changes to the specification that create software or operations incompatibilities
> with the installed base need to be considered carefully.

I think this states a requirement clearly, and it seems to me not to
be very controversial.  It doesn't forbid any types of changes to the
spec.  It does say that some sorts of changes "need to be considered
carefully."  Given that there's significant deployment at this point,
that seems wise.

> The strong preference is for the working group to preserve existing software
> and procedures.

Again, nothing forbidden, but it's clear that we have running code,
and requiring those deployments to roll out new core or new
operational parameters would be disruptive.  It's our *preference* not
to do that, so, again, we need to consider carefully.

> For changes likely to affect the installed base, the working group will seek
> review and advice, beyond working group participants, to include other
> developers and operators of DMARC-based mechanisms.

We have a lot of evidence that comes from development and refinement
of application-layer protocols that, while some implementors and
operators will be here participating, many will not: they have a ship
to run.  They understand that disruptive changes aren't likely, and
they're off doing what pays their bills.

This sentence is saying that if we start seriously considering a
disruptive change, we'll explicitly reach out to such operators, alert
them to what we're considering, and bring them in, asking for their
review and comment.  I think that's an acceptable approach.

> However discussion, debate and resolution of issues that target revision
> of the specification are out of scope for this working group.

This is the only sentence that I have difficulty with, for a couple of reasons:

1. The word "revision" is too broad and vague.  On the surface, it
could mean that *any* change to the specification is out of scope.
There's no point in asking the IETF to work on something for which
that's the case.

2. It puts *discussion* out of scope.  That would arguably include
discussion that could lead to the identification of a major fault or
serious omission in the spec -- a fault or omission that the vast
majority of participants might consider it critical to fix.  If we
can't discuss it, we can't determine whether it's something that rough
consensus is against, something that's a good idea that can be dealt
with later, or a critical problem that needs to be addressed now.

I understand that this is meant to prevent the working group from
becoming bogged down in repeated requests for changes that could and
should be taken up later.  But until we discuss them, we don't know
what category they fall into.  This is why we have chairs, and I would
prefer to trust the chairs to manage the discussion -- and to
appropriately manage people who are bringing issues up for discussion
just to be disruptive.

I strongly suggest changing that sentence so that it gives a more
workable characterization of what's out of scope.


Now, to Stephen:

Again, let's step back and perhaps repeat, but in clearer focus, what
your issue(s) are.  Can you quote specific text from the proposed
charter that you have an issue with, say specifically what your issue
is, and say what you'd like done about it (with specific proposed text
if you can)?

If we state that clearly, and afresh, maybe we'll have a better chance
of moving forward.

Barry