Re: [iucg] Last Call: Modern Global Standards Paradigm

[t.p. <daedulus@btconnect.com>]

----- Original Message -----
From: "ALAIN AINA" <aalain@trstech.net>
To: "IETF" <ietf@ietf.org>
Sent: Tuesday, August 14, 2012 1:21 PM

I will say "there are potential uses of the  ITU for good".

<tp>
Yes, they did a brilliant job in developing standards which allow
the proprietary phone network of one country to interface to
the proprietary phone network of another country, without
which we could never have had International Subscriber Trunk
Dialling.  Whether this is a suitable model for the Internet
seems doubtful to me.

Tom Petch

</tp>--Alain

On Aug 14, 2012, at 6:26 AM, Eric Burger wrote:

> +1. The ITU is not evil. It just is not the right place for Internet
standards development. As John points out, there are potential uses of
the ITU-T for good.
>
> On Aug 13, 2012, at 10:50 AM, John C Klensin wrote:
>
>>
>>
>> --On Monday, August 13, 2012 11:11 +0200 Alessandro Vesely
>> <vesely@tana.it> wrote:
>>
>>> ...
>>> FWIW, I'd like to recall that several governments endorse IETF
>>> protocols by establishing Internet based procedures for
>>> official communications with the relevant PA, possibly giving
>>> them legal standing.  Francesco Gennai presented a brief
>>> review of such procedures[*] at the APPSAWG meeting in Paris.
>>> At the time, John Klensin suggested that, while a more
>>> in-depth review of existing practices would be appreciated,
>>> the ITU is a more suitable body for the standardization of a
>>> unified, compatible protocol for certified email, because of
>>> those governmental involvements.
>>>
>>> [*]
>>>
>> http://www.ietf.org/proceedings/83/slides/slides-83-appsawg-1.pdf
>>
>> Alessandro,
>>
>> Please be a little careful about context, as your sequence of
>> comments above could easily be misleading.
>>
>> For the very specific case of email certified by third parties,
>> especially where there is a requirement for worldwide
>> recognition (the topic of the talk and slides you cited), the
>> biggest problem has, historically, been an administrative and
>> policy one, not a technical standards issue.  We know how to
>> digitally sign email in several different ways -- there is
>> actually no shortage of standards.   While additional standards
>> are certainly possible, more options in the absence of
>> compelling need almost always reduces practical
>> interoperability.  Perhaps the key question in the certified
>> mail matter is who does the certifying and why anyone else
>> should pay attention.  The thing that makes that question
>> complicated was famously described by Jeff Schiller (I believe
>> while he was still IETF Security AD) when he suggested that
>> someone would need to be insane to issue general-purpose
>> certificates that actually certified identity unless they were
>> an entity able to invoke sovereign immunity, i.e., a government.
>>
>> For certified email (or certified postal mail), your ability to
>> rely on the certification in, e.g., legal matters ultimately
>> depends on your government being willing to say something to you
>> like "if you rely on this in the following ways, we will protect
>> you from bad consequences if it wasn't reliable or accurate".
>> If you want the same relationship with "foreign" mail, you still
>> have to rely on your government's assertions since a foreign
>> government can't do a thing for you if you get into trouble.
>> That, in turn, requires treaties or some sort of bilateral
>> agreements between the governments (for postal mail, some of
>> that is built into the postal treaties).
>>
>> International organizations, particularly UN-based ones, can
>> serve an important role in arranging such agreements and
>> possibly even in being the repository organization for the
>> treaties.  In the particular case of certified email, the ITU
>> could reasonably play that role (although it seems to me that a
>> very strong case could be made for having the UPU do it instead
>> by building on existing foundations).
>>
>> But that has nothing to do with the development of technical
>> protocol standards.  Historical experience with development of
>> technical standards by governmental/legislative bodies that then
>> try to mandate their use has been almost universally poor and
>> has often included ludicrous results.
>>
>> A similar example arises with the spam problem.  There are many
>> technical approaches to protecting the end user from spam
>> (especially malicious spam) and for facilitating the efforts of
>> mail delivery service providers and devices to apply those
>> protective mechanisms.  Some of them justify technical standards
>> that should be worked out in open forums that make their
>> decisions on open and technical bases.  But, if one wants to
>> prevent spam from imposing costs on intended recipients or third
>> parties, that becomes largely a law-making and law enforcement
>> problem, not a technical one.  If countries decide that they
>> want to prevent spam from being sent, or to punish the senders,
>> a certain amount of international cooperation (bilateral or
>> multilaterial) is obviously going to be necessary.   As with the
>> UPU and email certification, there might be better agencies or
>> forums for discussion than the ITU or there might not.  But it
>> isn't a technical protocol problem that the IETF is going to be
>> able to solve or should even try to address, at least without a
>> clear and actionable problem statement from those bodies.
>>
>> I do believe that the ITU can, and should, serve a useful role
>> in the modern world.  The discussion above (and some of the work
>> of the Development and Radio Sectors) are good illustrations.
>> But those cases have, as far as I can tell, nothing to do with
>> the proposed statement, which is about the development and
>> deployment of technical protocol standards.
>>
>> regards,
>>   john
>>
>