On Fri, Aug 18, 2017 at 10:08 AM, Dave Crocker <dcroc...@gmail.com> wrote:
> On 8/18/2017 10:00 AM, Seth Blank wrote: > >> >> Right now, we've got deployed code that we know works and improves the >> landscape. Everything else is - rightly or wrongly - conjecture. >> > > > Personal Point of order: > > Using an 'installed base' argument for a brand new specification that > is still in development and has minuscule deployment is not appropriate, in > spite of having a long and storied history of being used to resist a > proposal. > > What's supposed to happen with a proposal is an evaluation of its > technical and functional merits. > > > The entire point behind bringing a nascent specification to the IETF is to > get review and suggestions from a wider audience. While I would normally agree firmly with that position, my view in this case is softer given what I believe was consensus (I'm not the chair, so that's not my call officially) that we're going to go for Experimental status. I submit that our primary mission here per our charter is to come up with a mechanism that mitigates DMARC's damage to mailing lists. The claim that ARC as designed over-engineers a solution seems secondary to me; the question we need to answer is "Can this mitigate the damage?" With or without Bron's reduced design, that's the question before us. The "snake oil" claim may be true but it's orthogonal to that core question, and moreover points to the way we describe what exactly ARC provides ("chain of custody" is clearly not appropriate given that we are no longer sure what that actually covers), independent of whether it tells us enough to solve the question at hand. Accordingly, I would suggest we continue to deploy and experiment with the specification as-is, because there are implementations now, until we've determined that ARC as currently defined does or does not address DMARC's mailing list issues. I also suggest that an appendix be added acknowledging that the super-crypto of ARC-Seal may be superfluous, and at the conclusion of the experiment we can make a decision about removing it and moving more toward what Bron's suggesting. Of course, the danger of proceeding along that line is that we do establish a deployed base, however small, that will be difficult to change later. I don't know the answer to that question immediately, and admittedly I'm only going to be on the periphery of cleaning up whatever mess results. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc