Re: Diversity and Inclusiveness in the IETF

Michael Thomas <> Wed, 24 February 2021 17:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 14B773A0BC5 for <>; Wed, 24 Feb 2021 09:28:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id v9hANSqVSVqH for <>; Wed, 24 Feb 2021 09:28:35 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4CB7B3A0BBC for <>; Wed, 24 Feb 2021 09:28:35 -0800 (PST)
Received: by with SMTP id 201so1770601pfw.5 for <>; Wed, 24 Feb 2021 09:28:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=UxeMPTFjL2raoGrY89A+24tIaT20x5WTYOa0B81uKx4=; b=gX9W14xoeBk+mmd6HPP2ruM1Ywq08H7IajvEqUxrFFczw5oQB3GN+IEa5z+yOHtjU0 9sQGm+hlNP+Gx/ssjyk6+H76EYL2yml6fshX3IwzU9pTWG6rAfcbFjbeT2H3arj90SNc h6kQRXZ/q4NssNNwCZe08ORTvQV7PTjoXJ0ChLrmqLdWtt+snEy9JpXRCHIp7ORp88Me EDxriJ/esCBusfVbuuh/K3brzXUSwNjpjaO/kGup+jndmJohRwHnLDf/0CmjLSacx01d ABeXvZYtcDgz2nHXRpvBacdSDfvbU6edKlnZXil0ImrzE4HmC0CcDzrvQGdY09MIGxzT mevA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=UxeMPTFjL2raoGrY89A+24tIaT20x5WTYOa0B81uKx4=; b=gXGSw6/k452utZxBrVAxo9rIAY2dtpci/9n6xdaTG4UOA/ClONc+8aJWn8c5pMp4nM CNGPgSboub79MVrbPTiW7AwcmTWoCbiwJCSYJcMeuo4qoIQpGDcegEZSQe2R/tHu3Up0 S5YNlv2cA5pIAFAfx0nBLTsmr0RWA+SGr3OFU1NReNfaMy2u+kdMug4bZOaMbZGiR4EH cpZmSul6Qdq/nSUCr+FajffYubAVyvZgcbz4mFCw7kXL6OiY7a0hdH8tR3+JeMDLYEtw 68u61NXPXve1wFelCR/3nyiAjfwf/1I4L1FY+GcYwQaKkvQfHhOkOkuF2Hgs3EX9wElZ HBVw==
X-Gm-Message-State: AOAM530iWT39luBqfJp8R5G6SCLGCYSa1Tejhg43Ikp/rFw7o7FB6grT vYIdHkFLeIHykSlLVIL6fLo3yw/n73Xz0w==
X-Google-Smtp-Source: ABdhPJzRzb45OzgvSjDY1ctqHMnwn+eM2C54x3UB72Sh9pBdZhr3yYReSqM10uedbweg33j/AWjwNw==
X-Received: by 2002:a62:a204:0:b029:1c2:8442:e7bf with SMTP id m4-20020a62a2040000b02901c28442e7bfmr32248367pff.58.1614187714285; Wed, 24 Feb 2021 09:28:34 -0800 (PST)
Received: from mike-mac.lan ([]) by with ESMTPSA id g8sm3784459pfu.13.2021. for <> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Feb 2021 09:28:33 -0800 (PST)
Subject: Re: Diversity and Inclusiveness in the IETF
References: <> <> <> <> <> <> <> <> <>
From: Michael Thomas <>
Message-ID: <>
Date: Wed, 24 Feb 2021 09:28:32 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------9ED2DB48FB61C8D0623F353B"
Content-Language: en-US
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Feb 2021 17:28:38 -0000

On 2/23/21 9:47 PM, Phillip Hallam-Baker wrote:
> One of the big problems of IETF is that a lot of people don't think 
> about how to get their scheme deployed and when they do, their plan is 
> to tie it to some other group as a boat anchor. Back when we were 
> doing DKIM and SPF we had to tell certain DNS folk that the fact that 
> almost no DNS Registrars offered customers the ability to specify new 
> RRTypes was their problem and was going to remain their problem no 
> matter how loudly they tried to complain that it should become our 
> problem.

We had a solution for that which was to use the IIM KRS concept which 
was just HTTP. It would have solved the weakness of relying on DNSSec 
trivially too. People were worried about performance, but DoH pretty 
much shows that was probably not well founded. A PKI using a HTTPS key 
server would scale just fine these days.