Re: "why I quit writing internet standards"

Miles Fidelman <mfidelman@meetinghouse.net> Tue, 15 April 2014 03:41 UTC

Return-Path: <mfidelman@meetinghouse.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12B2F1A0714 for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 20:41:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.398
X-Spam-Level: *
X-Spam-Status: No, score=1.398 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_16=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YN9XxWn6NPbi for <ietf@ietfa.amsl.com>; Mon, 14 Apr 2014 20:41:15 -0700 (PDT)
Received: from server1.neighborhoods.net (server1.neighborhoods.net [207.154.13.48]) by ietfa.amsl.com (Postfix) with ESMTP id 128501A06E1 for <ietf@ietf.org>; Mon, 14 Apr 2014 20:41:15 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id 1954FCC0C2 for <ietf@ietf.org>; Mon, 14 Apr 2014 23:41:12 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net
Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id M01X1xu1r+tI for <ietf@ietf.org>; Mon, 14 Apr 2014 23:41:03 -0400 (EDT)
Received: from Miles-Fidelmans-MacBook-Pro.local (pool-173-76-155-14.bstnma.fios.verizon.net [173.76.155.14]) by server1.neighborhoods.net (Postfix) with ESMTPSA id 55725CC0C1 for <ietf@ietf.org>; Mon, 14 Apr 2014 23:41:03 -0400 (EDT)
Message-ID: <534CAA4F.5030200@meetinghouse.net>
Date: Mon, 14 Apr 2014 23:41:03 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: "why I quit writing internet standards"
References: <CF71721A.180A9%wesley.george@twcable.com> <534C067D.8080506@meetinghouse.net> <CAL0qLwa5CRwxn0V=7D84KFv9K_u5W5L+PPUXc3KPkD0YHkNo1w@mail.gmail.com> <4756885.Eo3b3po9Vj@scott-latitude-e6320>
In-Reply-To: <4756885.Eo3b3po9Vj@scott-latitude-e6320>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/0a2g9s3GmDt4WqrPGtdQTPeAY5k
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 03:41:16 -0000

Scott Kitterman wrote:
> On Monday, April 14, 2014 10:14:19 Murray S. Kucherawy wrote:
>> On Mon, Apr 14, 2014 at 9:02 AM, Miles Fidelman
>>
>> <mfidelman@meetinghouse.net>wrote;wrote:
>>> Then again, the current DMARC debacle presents a cautionary tale of more
>>> ad hoc approaches.
>> DMARC's proponents tried to come to the IETF to form a working group so
>> that it could undergo the rigors of standards development, and thus not be
>> as "ad hoc" as you're describing.  It was not accepted, on the basis that,
>> in essence, the work was already done so there's nothing for the IETF to
>> contribute.
>>
>> (If I've mischaracterized this, I'm happy to be corrected.)
> If that's true, it's my impression it's true because the DMARC proponents
> insisted any possible working group charter preclude meaningful changes to the
> base specification because the work was already done.
>
> Personally, I was kind of OK with the current plan, although I thought it far
> from ideal because I thought there was a clear understanding among the DMARC
> proponents about what kinds of domains p=reject was appropriate for (not ones
> with real users that commonly use use cases for which p=reject is
> problematic).
>
> Now that that clearly isn't the case, I think the plan needs to be revisited.
>

It it was clearly understood about when p=reject is/is not appropriate - 
and someone (who's corporate name begins with Y) misapplied it - is this 
not akin to the propagation of corrupted routing data, and meriting a 
comparable response from all concerned?  If done intentionally, with 
knowledge of the potential consequences - does this not tread into the 
grounds of a DDoS attack, and merit comparable response?  And if the 
perpetrator does not act to roll back their action - does that not merit 
a strong response?

I believe that there are laws against "knowingly caus[ing] the 
transmission of a program, information code, or command, and as a result 
of such conduct, intentionally causes damages without authorization to a 
protected computer” (That's from the Computer Fraud and Abuse Act.)

And.. just for the heck of it.. I reported this to CERT.  The impact on 
the systems I run has been far higher than, say, the Heartbeat 
vulnerability.  Kind of interested to see what kind of response I get.

Miles Fidelman


-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra