Barry Leiba wrote: > -------------------------- > 4. Discussion of the future of the working group > > Two charter items not yet done: > 3. Collect data on the deployment, interoperability, and > effectiveness of the Author Domain Signing Practices protocol > (RFC 5617), and determine if/when it's ready to advance on the > standards track. Update it at Proposed Standard, advance it to > Draft Standard, deprecate it, or determine another disposition, > as appropriate. > 4. Taking into account the data collected in (2) and (3), update > the overview and deployment/operations documents. These are > considered living documents, and should be updated periodically, > as we have more real-world experience. > > - Is there energy and desire to do this?
Not for these two items. Barry, the issue is never about convincing POLICY advocates. This "collect data" was perceived as yet another way to further put off completing a chartered work product. If we had a true champion as the editor of ADSP, no question, it would of been a lively active working document and WG discussion with sincere updated proposal design changes because of all the high interest and input provided to try to make POLICY work. POLICY was not provided "an equal opportunity" chance to be a) worked on, b) by a highly motivated believer of his work, and c) was there simply no interest by the editor to do anything about it to move it forward short of just saying it broken, by design, therefore Don't use it, 3rd party signers can ignore it and tried to get it removed from the charter. It never had a chance. We know what POLICY can offer immediate domain security. We spent many man-hours on it with two document products, RFC for SSP Requirements and RFC for Threat Analysis which were essentially ignored. I'm sure any SMTP vendors in the mail business really don't need additional proof of concept to see a how new method effectively "legalizing" a new higher bar expectation for mail transactions which can help provide a new "legal" dissemination for legacy operations to a very high zero false positive degree - with no questions asked. So what is the real question we wish answered with "Collect Data?" Who uses ADSP? Thats easy, systems who support it and all existing APIs support it. The problem is the ADSP editor has promoted the idea ADSP is broken and promotes the idea that 3rd party signers (like mailing list) do not need to support it. So within the WG, there will be little incentive to support an idea not even the author supports. I'm pretty confident having a true champion behind POLICY and we will we see a different positive situation occur for POLICY. I believe if that was to happen, the collect data would flow like a flood as DKIM systems are encouraged not discouraged from supporting it. > - Should we recharter instead for different work? If we can get a renewed focus for DKIM POLICY with a different editor. Yes. > - Should we close the working group? I don't see any further useful outcome with a status quo. So yes, if we can not get a new set of supporting engineering eyes for POLICY. > Are there objections to this? Does anyone want to convince us that > there's interest and energy to keep it open and do more work? Barry, I'm sure you know has always been a high interest in a DKIM+POLICY layer. Its in the charter and its diminishing focus was not one due to primarily to technical merits but simply put we had the wrong person on it. It was clear and obvious conflict of interest and incompatible issue which should of been addressed long ago by the IETF. POLICY had no change with Levine behind. There was never a desire to address all the comments provided and the fact is there was never any updates to fix all the clear ambiguity expressed by so many. So lets get to the real issue. What you are really asking is about the future of POLICY, not the WG. I would like to see a WG whether as a continuation of this IETF-DKIM list or a new IETF-DKIM-POLICY WG to finally give us a chance to complete a solid DKIM+POLICY security protocol for DKIM without all the intentional anti-policy WG disruptive interference seen over the years. I personally believe that if the IETF can help give POLICY a WG chance to be designed right, I think you will see some real positive adoption, marketing and confidence for DKIM. But who knows if that is true or not. We don't but you (speaking in general) can not denied there has always been a strong interest for a DKIM POLICY layer - its even a chartered item. But we just never really had a chance. My concern is sincere. I still have hope DKIM can help tremendously in the ongoing email security fight against domain fraud. What I don't want to see come to a reality is the "Cry Wolf" comments such as one I received recently from a customer testing and exploring our new DKIM+POLICY implementation: "The initial version for non list mail worked fine for me for a period of time and then I started regularly getting DKIM=FAIL in the smtptrace log so I have not looked at again for some months." - Customer comment on using our new DKIM implementation Do we really want DKIM to get into a common situation where lacking a protective layer for domain DKIM signed mail becomes ignored as wasted overhead and bandwidth? I hope not. I perfectly understand the DKIM-REPUTATION model promotes the idea that only VALID mail (Good Mail, white listing model) should be considered when its signed by a trusted source. Everything else is basically "undefined" by DKIM. Fine, I won't debate the GOOD MAIL Trusted Source model. The job was well done by the WG promoters of this model. VBR seems to be promising as an open protocol. But maybe the POLICY promoters can be given a chance to address a layer that helps protect the unsecured abusive "undefined" block ignored by REPUTATION. Thanks -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html