Re: "why I quit writing internet standards"

Miles Fidelman <> Tue, 15 April 2014 03:41 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 12B2F1A0714 for <>; Mon, 14 Apr 2014 20:41:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.398
X-Spam-Level: *
X-Spam-Status: No, score=1.398 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_16=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YN9XxWn6NPbi for <>; Mon, 14 Apr 2014 20:41:15 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 128501A06E1 for <>; Mon, 14 Apr 2014 20:41:15 -0700 (PDT)
Received: from localhost (localhost.localdomain []) by (Postfix) with ESMTP id 1954FCC0C2 for <>; Mon, 14 Apr 2014 23:41:12 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with LMTP id M01X1xu1r+tI for <>; Mon, 14 Apr 2014 23:41:03 -0400 (EDT)
Received: from Miles-Fidelmans-MacBook-Pro.local ( []) by (Postfix) with ESMTPSA id 55725CC0C1 for <>; Mon, 14 Apr 2014 23:41:03 -0400 (EDT)
Message-ID: <>
Date: Mon, 14 Apr 2014 23:41:03 -0400
From: Miles Fidelman <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
Subject: Re: "why I quit writing internet standards"
References: <> <> <> <4756885.Eo3b3po9Vj@scott-latitude-e6320>
In-Reply-To: <4756885.Eo3b3po9Vj@scott-latitude-e6320>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Apr 2014 03:41:16 -0000

Scott Kitterman wrote:
> On Monday, April 14, 2014 10:14:19 Murray S. Kucherawy wrote:
>> On Mon, Apr 14, 2014 at 9:02 AM, Miles Fidelman
>> <>wrote;wrote:
>>> Then again, the current DMARC debacle presents a cautionary tale of more
>>> ad hoc approaches.
>> DMARC's proponents tried to come to the IETF to form a working group so
>> that it could undergo the rigors of standards development, and thus not be
>> as "ad hoc" as you're describing.  It was not accepted, on the basis that,
>> in essence, the work was already done so there's nothing for the IETF to
>> contribute.
>> (If I've mischaracterized this, I'm happy to be corrected.)
> If that's true, it's my impression it's true because the DMARC proponents
> insisted any possible working group charter preclude meaningful changes to the
> base specification because the work was already done.
> Personally, I was kind of OK with the current plan, although I thought it far
> from ideal because I thought there was a clear understanding among the DMARC
> proponents about what kinds of domains p=reject was appropriate for (not ones
> with real users that commonly use use cases for which p=reject is
> problematic).
> Now that that clearly isn't the case, I think the plan needs to be revisited.

It it was clearly understood about when p=reject is/is not appropriate - 
and someone (who's corporate name begins with Y) misapplied it - is this 
not akin to the propagation of corrupted routing data, and meriting a 
comparable response from all concerned?  If done intentionally, with 
knowledge of the potential consequences - does this not tread into the 
grounds of a DDoS attack, and merit comparable response?  And if the 
perpetrator does not act to roll back their action - does that not merit 
a strong response?

I believe that there are laws against "knowingly caus[ing] the 
transmission of a program, information code, or command, and as a result 
of such conduct, intentionally causes damages without authorization to a 
protected computer” (That's from the Computer Fraud and Abuse Act.)

And.. just for the heck of it.. I reported this to CERT.  The impact on 
the systems I run has been far higher than, say, the Heartbeat 
vulnerability.  Kind of interested to see what kind of response I get.

Miles Fidelman

In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra