On Fri, Aug 18, 2017 at 10:08 AM, Dave Crocker <dcroc...@gmail.com> wrote:
> On 8/18/2017 10:00 AM, Seth Blank wrote:
>
>>
>> Right now, we've got deployed code that we know works and improves the
>> landscape. Everything else is - rightly or wrongly - conjecture.
>>
>
>
> Personal Point of order:
>
> Using an 'installed base' argument for a brand new specification that
> is still in development and has minuscule deployment is not appropriate, in
> spite of having a long and storied history of being used to resist a
> proposal.
>
> What's supposed to happen with a proposal is an evaluation of its
> technical and functional merits.
>
>
> The entire point behind bringing a nascent specification to the IETF is to
> get review and suggestions from a wider audience.
While I would normally agree firmly with that position, my view in this
case is softer given what I believe was consensus (I'm not the chair, so
that's not my call officially) that we're going to go for Experimental
status.
I submit that our primary mission here per our charter is to come up with a
mechanism that mitigates DMARC's damage to mailing lists. The claim that
ARC as designed over-engineers a solution seems secondary to me; the
question we need to answer is "Can this mitigate the damage?" With or
without Bron's reduced design, that's the question before us.
The "snake oil" claim may be true but it's orthogonal to that core
question, and moreover points to the way we describe what exactly ARC
provides ("chain of custody" is clearly not appropriate given that we are
no longer sure what that actually covers), independent of whether it tells
us enough to solve the question at hand.
Accordingly, I would suggest we continue to deploy and experiment with the
specification as-is, because there are implementations now, until we've
determined that ARC as currently defined does or does not address DMARC's
mailing list issues. I also suggest that an appendix be added
acknowledging that the super-crypto of ARC-Seal may be superfluous, and at
the conclusion of the experiment we can make a decision about removing it
and moving more toward what Bron's suggesting.
Of course, the danger of proceeding along that line is that we do establish
a deployed base, however small, that will be difficult to change later. I
don't know the answer to that question immediately, and admittedly I'm only
going to be on the periphery of cleaning up whatever mess results.
-MSK
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
