Re: ietf mailing list Acceptable Use Policy
One rule of any list policy would be: stick to the subject or change the subject header, I think. Brian JFC (Jefsey) Morfin wrote: Dear Harald, At 01:14 21/07/2005, Harald Tveit Alvestrand wrote: So I resorted to here's what would happen if this was a WG list, and I had the power of the WG chair to control the list, and because I run the list, I'm going to make it happen. Did you? I will not dispute here the way a proposition of your consortium tries to exclude Open Source propositions and every further innovation from multilingual network development area. I will just thank you to repeat you are the private owner of a public IANA list documented by an RFC (of yours). This is why il will not tease your WG procedure without proper steps, concerted ADs, appeal, etc. To come back to your answer: one must add RFC 2860 for registry lists which should be/are own by the IANA. One of the signs of a maturing organization is said to be that it relies upon explicit rules rather than people's individual judgment. One of the signs of an ossifying organization is said to be that it has rules for everything. What then to say of an organisation with 4200+ RFCs? This shows how complex the IETF has become and the necessity documented by many outside of an Intenet Book maintaining, along a clear, accepted and stable table of content, the matter and the experience (also included in obsoleted ones) of these 4200 RFCs. Brian, it also shows the necessity, IMHO, of a WG-IANA to work on the many details of a complete review of RFC 2860, 2434, etc. extending to a standard Registry framework management by IETF and ICANN. jfc ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: ietf mailing list Acceptable Use Policy
Harald Tveit Alvestrand wrote: --On onsdag, juli 20, 2005 14:49:27 -0700 Dave Crocker [EMAIL PROTECTED] wrote: Folks, I am burdening the IETF list with this note because I looked around on the IETF web pages and couldn't find the document or statement that would resolve the point. The question of acceptable behaviors on ietf mailing lists has been discussed at length, of course. But I cannot find a statement that should be used by ietf list that is, for example, on a par with the Note Well statement about IPR. I believe that we DO have pretty consistent rules, but I can't find a pointer to text that makes the usual statements about technical focus, professionalism, absence of ad hominem language, etc. It would be great to have an IETF-wide, core consensus-based statement on Acceptable Use that new lists could just point to. For working group lists, people point to RFC 2418 (WG guidelines) and RFC 3434 (updates), and for the IETF list, they point to RFC 3005 (IETF list charter). And sometimes to RFC 3184 (IETF Guidelines for Conduct), or RFC 3683 (IETF-wide posting right removal). But when having to evaluate the question for the ietf-languages list a month ago, I did not find a written statement anywhere that said here's how you operate an IETF list that is not a WG list. One of the first items would be to define what an IETF list that is not a WG list is. Presumably, it's something to do with being set up in furtherance of the IETF Mission Statement and subject to IETF IPR rules. That being so, I think all the basics are in the above and pulling them together would be good. Rather than worsen our patchwork quilt of process documents, however, perhaps the new document could be a set of citations of the above? Volunteer in the house? Brian So I resorted to here's what would happen if this was a WG list, and I had the power of the WG chair to control the list, and because I run the list, I'm going to make it happen. One of the signs of a maturing organization is said to be that it relies upon explicit rules rather than people's individual judgment. One of the signs of an ossifying organization is said to be that it has rules for everything. So I kind of look favourably upon the idea of writing such a document - but... could we do it in such a way that the number of documents we have to ask people to read grows shorter, not longer? Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: ietf mailing list Acceptable Use Policy
--On 21. juli 2005 12:49 +0200 Brian E Carpenter [EMAIL PROTECTED] wrote: But when having to evaluate the question for the ietf-languages list a month ago, I did not find a written statement anywhere that said here's how you operate an IETF list that is not a WG list. One of the first items would be to define what an IETF list that is not a WG list is. Presumably, it's something to do with being set up in furtherance of the IETF Mission Statement and subject to IETF IPR rules. We were faced with this question some time ago, and the result was the creation of the IETF Non-WG mailing lists page, https://datatracker.ietf.org/public/nwg_list.cgi The theory being that if something is listed there, the IETF definitely considers it an IETF list; if it is not listed, it's either not an IETF list, or someone needs to take an action to get it listed (which is simple). I think defining rules about what is or is not an IETF list is tricky; it's simpler to list the ones that are. Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Test version of the Parking Area
hopefully the final result will be able to express the more complex forms of wedgitude such as your check was sent two years ago via IESG express under tracking number and is currently being held at our hub until it can be stapled to another check from a different working group So, e.g., for draft-ietf-ospf-2547-dnbit, is it enough to say Waiting for draft-ietf-l3vpn-ospf-2547 (IESG Evaluation :: AD Followup) and draft-ietf-idr-bgp-ext-communities (Approved- Announcement sent)? (Note that the 2nd one is a REF that's not there of a REF that is there). Is that too much to put on the summary page? Would it also be useful to put a link to, e.g., http://rtg.ietf.org/~fenner/ietf/deps/index.cgi?doc=draft-ietf-l3vpn-ospf-2547docx=on for each dependency, to check further dependencies? (Yes, I should have a recurse and check all that dependency's dependencies option) (Note that these dependencies are all heuristically extracted and are a best case scenario) For draft-ietf-ccamp-lmp-mib, is it sufficient to say REFs cleared on 2005/04/20, or would you want to see more detail, that it was draft-ietf-mpls-bundle that was holding it up? I'm starting to think that for most of the complex relationships, we want a summary on the top level (e.g., draft-ietf-ospf-2547-dnbit could say REF to 2 drafts not in queue) and a detail page that gives you all the info - otherwise I'm concerned about cluttering up the top page. And, of course, a picture is worth a thousand words, perhaps I could find a way to fit http://rtg.ietf.org/~fenner/iesg/rfc-deps.pdf in there. Bill ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: ietf mailing list Acceptable Use Policy
Volunteer in the house? Sure. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Test version of the Parking Area
Bill Fenner wrote: http://rtg.ietf.org/~fenner/ietf/deps/index.cgi Nice, when it says unknown it's a potential problem (= missing reference). Bye, Frank ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Meeting Locations
I'm not sure right now about what company it was (too many planes every week to remember something from almost 18 months ago), but I'm sure it was an American company. But you can be sure that I made enough noise, and it was not just me, lots of passengers where in the same situation. Moreover, despite the regulation that don't allow the baggage to be shipped in the plane if the passenger isn't there, it was shipped alone ! Nobody paid also for the extra hotel night ... Neither any other expenses. Complains afterwards didn't succeed. They said basically isn't our fault, is the US government fault increasing security checks but not doing it properly, no extra people, etc. Ask them to pay for the cost. Funny, and the worst is that they are right legally speaking: Is the US government fault and I'm sure that asking them for a compensation will be like a joke, will not work or will mean you've problems with immigration next time, or whatever. This type of behaviors should be a clear advise with every country that do that, to avoid doing meetings there. Regards, Jordi De: Hallam-Baker, Phillip [EMAIL PROTECTED] Responder a: [EMAIL PROTECTED] Fecha: Wed, 20 Jul 2005 09:40:07 -0700 Para: [EMAIL PROTECTED], ietf@ietf.org Asunto: RE: Meeting Locations From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On In Las Vegas I waited 8 hours in the security queue last time to return back to my home. Of course the flights already departed and as it was not a fault of the company, I needed to buy a new ticket, no refund and of course, I don't think the US government will pay for it, right ?. I don't think is acceptable, unless there is a commitment from the US authorities to avoid this type of unfair situations. Which carrier were you on? Did you write and complain to their HQ? Virtually every airline will refund a ticket in that situation if they receive a complaint. This is particularly true if you stand at the ticket desk and complain very loudly but not angrily. US Air once tried to refuse me a refund after they cancelled my flight to NYC. They soon relented as the queue of other customers grew. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf The IPv6 Portal: http://www.ipv6tf.org Barcelona 2005 Global IPv6 Summit Information available at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Feedback on draft-hutzler-spamops-04
I am an email system administrator at Silicon Graphics, Inc. In my role as email system administrator, I am one of about four people at my company who spends a large amount of time keeping email systems running and fighting spam, viruses and other email abuse. Before coming to SGI 15 months ago, I performed a similar role at AltaVista for about 4 years. I have reviewed the draft draft-hutzler-spamops-04. I am very pleased to see it on track to be a BCP document. The most notable thing this draft does for system operators such as myself is that it clarifies much of what was vague or weakly enforces by rfc2476. Please consider the spamops draft for status as a BCP. Thanks for your time. -- Greg Connor [EMAIL PROTECTED] ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Sarcarm and intimidation
My point here was that Steve Kent asked 'why does nobody else here seem to share your views'. My answer was that they might well have taken the advice that Steve gave that anyone who disagrees with him should give up on persuading anyone in this forum and go elsewhere. Two and a half thousand years ago a dispute arose in a Greek city on the Mediterranean concerning the nature of knowledge. One side said that knowledge should be based on observations and that these are primary. The other side said that pure reason was supreme and started making obscure metaphors about caves. The intellectual successors of Plato's faction gave us the dark ages, fascism and communism, argument from authority trumps all else. The intellectual successors of Aristotle's faction gave us the renaissance, science, medicine, engineering. Empirical observation of the state of Internet security trumps argument from authority in my view. The state of Internet security does not justify the type of rhetorical attacks being made. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Conner Sent: Wednesday, July 20, 2005 11:26 PM To: Noel Chiappa; ietf@ietf.org Subject: RE: Sarcarm and intimidation How bout an underdeveloped sense of humor? scc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Noel Chiappa Sent: Wednesday, July 20, 2005 10:46 AM To: ietf@ietf.org Cc: [EMAIL PROTECTED] Subject: Re: Sarcarm and intimidation From: Hallam-Baker, Phillip [EMAIL PROTECTED] There would probably be a lot more people working in the IETF who share my views if they did not meet with sarcasm, patronising remarks and intimidation. Just out of curiousity (and in total seriousness), I was wondering what theory (if any) you might have for why so many of your comments to this list - and in so many different areas - meet this reaction. Is that a question you have ever pondered? Noel ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Sarcarm and intimidation
On 15:23 21/07/2005, Hallam-Baker, Phillip said: Two and a half thousand years ago a dispute arose in a Greek city on the Mediterranean concerning the nature of knowledge. One side said that knowledge should be based on observations and that these are primary. The other side said that pure reason was supreme and started making obscure metaphors about caves. The intellectual successors of Plato's faction gave us the dark ages, fascism and communism, argument from authority trumps all else. The intellectual successors of Aristotle's faction gave us the renaissance, science, medicine, engineering. Dear Phillip, I love and agree with your basic reasoning. However, I suggest Plato's paradigme gives him a chance of beeing redeemed. I certainly love Aristotle but the _observation_ of the kubernetes specificity was Plato's. I certainly agree that the Dark Side confused the cybernetics, but if you come back to Ampère, Wiener, Coufignal (people thinking in an Aristotelician way), and build on them, with the extended Plato's paradigm (is the network of the networks a fleet or a shipping? an Admiralty way or an intergovernance?) and using their logic inherited from Aristotle (potentiality, granualrity, scalability, subsidiarity), I feel you can obtain most of the solutions you look for. May be could you reread our bible (RFC 1958) and enjoy its only permanent principle. jfc ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: ietf mailing list Acceptable Use Policy
On 12:45 21/07/2005, Brian E Carpenter said: One rule of any list policy would be: stick to the subject or change the subject header, I think. Brian Difficult to know if this is or not the subject. I think it is for two reasons, I might have more precisely documented: 1. There are at least three areas where non WG list exist: - discussing draft. The owner is clearly the author of the Draft and the list is temporary - the IANA registries as the list is attached to the Registry and therefore permanent. The use policy is then by the owner of the list, normally the IANA. A second problem is that the acceptable use policy is mainly seen from an existing membership point of view. The main problem observed in the case of [EMAIL PROTECTED] mailing list for the RFC 3066 registry Harald quotes, is the policy towards non members. This means the lack of exposure of the list in the IANA site and the difficulty in getting subscribed. This leads people concerned by the decision taken not to be even aware of their discussion. I use the case of that list because I know it and Harald quotes it. But I suppose it is the same for other registries? Also, the IANA section - or other documents - does not indicate who is the mailing list responsible. There is (I use the case of that list) an examiner (other RFC may use different names, so I use the name of the function) designed by the IESG, but its exact role, the duration and the powers of his mandate are not defined. - there can also be other lists, like the follow-up of a closed WG were all the solutions were not found. 2. I fully support the idea of a list of the IETF lists. This is exactly an item in the Internet Book chapter: each section should probably position the theme in a global networking model, list the involved WGs and concerned RFCs, give an historic of the standardisation, describe the best practices, document existing experimentations, link running code sources, catalogue software providers and equipment manufacturers (showing the topic is addressed in an open manner), list the interested sites and organisations, etc. and list the current mailing lists and their relations to the different SDOs, authors, registries. jfc JFC (Jefsey) Morfin wrote: Dear Harald, At 01:14 21/07/2005, Harald Tveit Alvestrand wrote: So I resorted to here's what would happen if this was a WG list, and I had the power of the WG chair to control the list, and because I run the list, I'm going to make it happen. Did you? I will not dispute here the way a proposition of your consortium tries to exclude Open Source propositions and every further innovation from multilingual network development area. I will just thank you to repeat you are the private owner of a public IANA list documented by an RFC (of yours). This is why il will not tease your WG procedure without proper steps, concerted ADs, appeal, etc. To come back to your answer: one must add RFC 2860 for registry lists which should be/are own by the IANA. One of the signs of a maturing organization is said to be that it relies upon explicit rules rather than people's individual judgment. One of the signs of an ossifying organization is said to be that it has rules for everything. What then to say of an organisation with 4200+ RFCs? This shows how complex the IETF has become and the necessity documented by many outside of an Intenet Book maintaining, along a clear, accepted and stable table of content, the matter and the experience (also included in obsoleted ones) of these 4200 RFCs. Brian, it also shows the necessity, IMHO, of a WG-IANA to work on the many details of a complete review of RFC 2860, 2434, etc. extending to a standard Registry framework management by IETF and ICANN. jfc ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Sarcarm and intimidation
On 21-jul-2005, at 15:23, Hallam-Baker, Phillip wrote: The intellectual successors of Plato's faction gave us the dark ages, fascism and communism, argument from authority trumps all else. The intellectual successors of Aristotle's faction gave us the renaissance, science, medicine, engineering. Yeah right. Aristotle only paid lip service to emperical research. One of his observations was that a stone that's twice as heavy, falls twice as fast. Interestingly, during the middle ages they couldn't get enough of Aristotle. (And nobody noticed that he was wrong about falling stones, or much else for that matter.) As an engineer, I'll take my cues from Galileo any day. As a writer, there is a lot I can learn from Plato. But Aristotle...? Empirical observation of the state of Internet security trumps argument from authority in my view. So what insights does your empirical approach to internet security provide? ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Accountability
So in the question of ingress filtering what I am looking at is mechanisms to create accountability. Just beware that accountability in an interdependence system can only based on the threat of retaliation. What means that you must be a little be more equal than you peers for it to succeed. That is not true. Accountability must have consequences but 'retaliation' is a specific type of consequence that is generally considered to be best applied as a last resort. Beware that whatever the accountability, when you are dead, you are dead. Your heirs can revenge you, but you failed your target. Accountability is used in the security field in a very specific fashion and with specific applications. Clearly you want to apply traditional access control approach to running a nuclear power station. But very few of the problems we are now concerned with fall into that category. This is to be expected, the problems for which access control is appropriate are essentially solved. The problems we have today are of the form where an individual violation is not that much of a concern but the aggregate violations are very much a concern. Spam is a prime example, one spam is a nuisance, a thousand a day makes email unusable. The other characteristic of the problems we are now facing is that the set of access criteria is not well defined. The question of what is spam is clear to the reader but very hard to define in machine readable terms. We thus have two basic tools; fuzzy logic type approaches to access control and accountability type schemes. Both are useful but in the long term the way to make the system stable is by establishing the right accountability mechanisms. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Sarcarm and intimidation
From: Iljitsch van Beijnum [mailto:[EMAIL PROTECTED] On 21-jul-2005, at 15:23, Hallam-Baker, Phillip wrote: The intellectual successors of Plato's faction gave us the dark ages, fascism and communism, argument from authority trumps all else. The intellectual successors of Aristotle's faction gave us the renaissance, science, medicine, engineering. Yeah right. Aristotle only paid lip service to emperical research. One of his observations was that a stone that's twice as heavy, falls twice as fast. Interestingly, during the middle ages they couldn't get enough of Aristotle. (And nobody noticed that he was wrong about falling stones, or much else for that matter.) Aristotle used scientific method, his medieval successors did not. Aristotle was wrong in many of his observations but he did assert that knowledge comes from observation. It was the slavish adherence to his statements by his 'followers' that did his reputation in. As an engineer, I'll take my cues from Galileo any day. As a writer, there is a lot I can learn from Plato. But Aristotle...? There are three versions of Plato, what he intended to say, what he said and how it was read. I suspect that what he was intending to say in the cave metaphor was that empirical measurements can be affected by more than the thing we intend to measure. What he said was that ideal forms are more real than observation. For the next two thousand years his argument was used to assert the primacy of reason over observation. Empirical observation of the state of Internet security trumps argument from authority in my view. So what insights does your empirical approach to internet security provide? The Internet does not provide the necessary type of security for the majority of its billion+ users. Spam, phishing, DDoS extortion are all serious Internet security problems. Attempting to change the subject, pretend that they are someone else's concern, pretend that they are insoluble and so should be ignored, all these evasions have to stop. Helping to stop Internet crime is the IETF's responsibility. If the IETF wants to remain an important player in Internet security standards it has to address these issues. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Accountability
At 16:01 21/07/2005, Hallam-Baker, Phillip wrote: So in the question of ingress filtering what I am looking at is mechanisms to create accountability. Just beware that accountability in an interdependence system can only based on the threat of retaliation. What means that you must be a little be more equal than you peers for it to succeed. That is not true. Accountability must have consequences but 'retaliation' is a specific type of consequence that is generally considered to be best applied as a last resort. Sure, but in relations what count is the ultima ratio. Graduation is only politeness. Beware that whatever the accountability, when you are dead, you are dead. Your heirs can revenge you, but you failed your target. Accountability is used in the security field in a very specific fashion and with specific applications. Clearly you want to apply traditional access control approach to running a nuclear power station. But very few of the problems we are now concerned with fall into that category. This is to be expected, the problems for which access control is appropriate are essentially solved. The problems we have today are of the form where an individual violation is not that much of a concern but the aggregate violations are very much a concern. Spam is a prime example, one spam is a nuisance, a thousand a day makes email unusable. The other characteristic of the problems we are now facing is that the set of access criteria is not well defined. The question of what is spam is clear to the reader but very hard to define in machine readable terms. We thus have two basic tools; fuzzy logic type approaches to access control and accountability type schemes. Both are useful but in the long term the way to make the system stable is by establishing the right accountability mechanisms. This is basic. I am not discussing that, but motivation and quality of the expected deliveries. By nature there is a threshold where you cannot accept the lacks of your partner. Whatever the threshold. Here is the problem. If you relate with only one partner (ally) your security depends on its priorities. If you relate with the intergovernance of your allies, his security will depend on your allies. So there will be possibilities for other solutions. So, what you name accountability mechanism is a part of what I name intergovernance, where retaliation threat is not even considered anymore, because it is impossible to leave security degrade. Difference between an alliance and a coalition. jfc ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Accountability
This is basic. I am not discussing that, but motivation and quality of the expected deliveries. I think you mis-understand the point I am maching. I do not propose that the IEFT attempt to form the type of political relationships that you rightly state will be needed. Such relationships are established in an organic fashion. Instead I am saying that the technology must be designed to provide the types information required for the accountability mechanism to function. The difference in approach is seen in the design of BGP security schemes. If you take the traditional access control approach you attempt to design a system that prevents injection of bad information. If you take the accountability approach you accept the possibility that a bad route will be injected in return for reducing the cost of maintenance and deployment. The objective is not to preclude injection of bad information but to allow identification of the party responsible. This approach is a lot more practical when one of the real world constraints that you deal with in the Internetwork is the reluctance of the carriers to take steps that would reveal details of their internal network structure to third parties - regardless of whether their network is already visible in this fashion. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Sarcarm and intimidation
On 21-jul-2005, at 16:18, Hallam-Baker, Phillip wrote: There are three versions of Plato, what he intended to say, what he said and how it was read. I suspect that what he was intending to say in the cave metaphor was that empirical measurements can be affected by more than the thing we intend to measure. What he said was that ideal forms are more real than observation. For the next two thousand years his argument was used to assert the primacy of reason over observation. No need to overcompensate, though. For instance, look at Galileo's experiments: they barely support his theories, because is tools were so crude. But Popper et al. covered this ground extensively. So what insights does your empirical approach to internet security provide? The Internet does not provide the necessary type of security for the majority of its billion+ users. Hm, then why do they use it? Spam, phishing, DDoS extortion are all serious Internet security problems. Attempting to change the subject, pretend that they are someone else's concern, pretend that they are insoluble and so should be ignored, all these evasions have to stop. Helping to stop Internet crime is the IETF's responsibility. If the IETF wants to remain an important player in Internet security standards it has to address these issues. Please don't reuse the word security for all three of these issues. They're very different. I agree that the IETF should do more against spam and DDoS. The trouble with spam is that there is simply no consensus to be reached, and the IETF doesn't have any mechanisms to move forward when there is a long-term lack of consensus. So despite being a bad precedent, it's good that Microsoft is throwing its weight around in this area. As for misspelled fishing: I haven't seen this myself, so I can't be sure what the deal is, but it sure looks like people are way too gullible and not using the mechanisms that are available today. Why doesn't any business sign its messages with S/MIME, for instance? Yes, you can ask Boeing and Airbus to make their cargo holds bomb proof, but maybe the planes don't fly too well that way and scanning baggage on the ground makes more sense. (I.e., fix this outside the IETF.) DDoS: there hasn't been any real effort to do something against DDoS except tracing it back to the source(s). I agree that we can and should do much more in this area. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Sarcarm and intimidation
Please don't reuse the word security for all three of these issues. They're very different. I agree that the IETF should do more against spam and DDoS. The trouble with spam is that there is simply no consensus to be reached, and the IETF doesn't have any mechanisms to move forward when there is a long-term lack of consensus. The reason that there is no consensus in the spam area is that most proposed solutions are claiming to solve the whole problem (or at least a big chunk of it) but are grossly overstating their applicability. To some degree this is because people want to have the prize of creating _the_ anti-spam solution, which is counterproductive. If we instead look at each of the proposals and say what does this do well, and what does it not do well, then modify the proposals so that they can work well together (and to get rid of the harm that several of the proposals would do to the email system if widely adopted), then we will be able to identify the missing pieces. So despite being a bad precedent, it's good that Microsoft is throwing its weight around in this area. As far as I can tell this is just adding to the confusion, and delaying a solution. People are asking will it be Microsoft? and therefore failing to realize that they are no closer to a solution than anyone else. Keith ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Sarcarm and intimidation
Hallam-Baker is active in anti-spam issues. More inline. On Wed, 20 Jul 2005, Iljitsch van Beijnum wrote: I am sure the majority of the people in this forum would prefer to look at ways of securing the Internet to protect against the real internet criminals stealing pensioners' life savings ??? How can you secure a communication channel against crime in general? They can't. Information Theory (covert channels et al) shows its impossible. This fact does not deter anti-spammers in anyway from saying they can and will if only they'd get cooperation. They've known about the theoretical impossibility since 2003 from me, at least, not counting the actual experience of failure of every scheme conceived over a ten+ year period. Anti-spam is a whackamole game, and information theory shows it will always be a whackamole game. Hallam-Baker responded to this question and offered proof the internet can be so secured: Accountability. They did it for the telephone system in the 1920s We can do it for the Intetnet. Another innaccuracy. We still have telephone fraud today. Catching telephone fraud is also still (similarly) a whackamole game. They only thing they did was start looking for fraud and trying to catch and prosecute it. That process still continues. Telephone fraud is not __prevented__. It is merely detered by penalties, like most crimes against civil society. Indeed, the telephone system is mostly open relay, with relatively little user pre-authentication (calling cards). Fraud is detected post-use, from call detail records (ie logs), just like open relay and other kinds of abuse. [And I think you can read telephone fraud in my statements here as meaning either unauthorized calls, or as scams conducted over the telephone, or just about anything else that would qualify as a crime the telephone system is somehow supposedly secure against.] If you expect the IETF to stop pensioner savings stealing, you're setting yourself up for a big disappointment. Right. Exactly. Yet we still have IETF people promisng they are going to stop spam through expensive, patented email authentication systems. That's just complete nonsense. If only it were a simple mistake on their part, but it isn't simply a mistake. A great deal of money is involved. And lies, defamation, and intimidation against anyone who speaks against it. However, there is certainly intimidation by the IETF. I've experienced it from former IESG members Dave Crocker and Noel Chiappa just recently. And public hostility from Harald Alvestrand (former IETF chair). I've experienced retribution in the form that IETF leaders who refuse to chastise plainly ad hominem attacks on people with unpopular views. I've experienced undeclared conflicts of interest by working group chairs. I've even experienced the Sergeant of Arms using his official role to argue merits of an Internet Draft [message: don't disagree on the draft or else] in front of the current chair, who did nothing, even after I commented on the irrelevance of the I-D argument made by the Sergeant at Arms Ted T'so. Carpenter (IETF Chair) told Nick Staff his views were a waste of time. There are many people on several sides of the spam argument: Those who agree with me (no technical solution), and those who agree with Hallam-Baker (technical solutions) (not that either of us are speakers for the respective sides), and the pro-spam viewpoint is entirely unrepresented. But I haven't seen any intimidation of Hallam-Baker's side at the IETF. If it is there on working groups, it hasn't been specifically brought to the attention of the ietf list. Hallam-Baker's posts on the current thread seems more to do with facts of disagreement rather than evidence of misbehavior in communicating those facts. If there is intimidation of Hallam-Baker, I'm against the intimidation. His side has a right to make their case. My side has a right to show why its wrong. But there is some evidence of misbehavior against myself and my views, and others who share those views, as I outlined above. It is most interesting that Crocker and Alvestrand want to have a new AUP. They are among the intimidators. The leaderhip can't fairly enforce the current rules without bias against unpopular viewpoints or irritating people. An additional AUP is just more for them to abuse. --Dean [it is an interesting asside that irritating is often used agains those who are correct, but their information is unwanted. For example, a crowd catches a known criminal, and wants to lynch the criminal, but one person stands up and says he should be tried in court. That person is irritating. But engineering isn't a popularity contest. Irritating is a fact one may have to simply accept.] -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 ___ Ietf
Phishing
No need to overcompensate, though. For instance, look at Galileo's experiments: they barely support his theories, because is tools were so crude. But Popper et al. covered this ground extensively. Actually the person who more or less originated argument that I made was Karl Popper. Volume one of The Open Society and its Enemies is all about Plato and how the idea of Platonic ideals leads to the idea of absolute truth which Popper argues is a threat to open society. The Internet does not provide the necessary type of security for the majority of its billion+ users. Hm, then why do they use it? Because they trust us and rely on us to secure it. If we do not provide the security they want they will go elsewhere. Helping to stop Internet crime is the IETF's responsibility. If the IETF wants to remain an important player in Internet security standards it has to address these issues. Please don't reuse the word security for all three of these issues. They are all security issues. For the sake of argument though lets call them 'splunge issues'. We still have to solve all the splunge issues. As for misspelled fishing: I haven't seen this myself, so I can't be sure what the deal is, but it sure looks like people are way too gullible and not using the mechanisms that are available today. Why doesn't any business sign its messages with S/MIME, for instance? Because S/MIME only works if you can rely on your recipient supporting S/MIME. If you try to sign email to consumers with S/MIME at least 1% of recipients receive an unacceptable user experience likely to result in a support call cost. That is why there is so much interest in DKIM. The question now is whether DKIM is going to be a hermetically sealled technology that cannot be extended or whether it will be possible to combine the DKIM message format with existing PKI infrastructure as an option for those who have that infrastructure. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Sarcarm and intimidation
From: Keith Moore [mailto:[EMAIL PROTECTED] The reason that there is no consensus in the spam area is that most proposed solutions are claiming to solve the whole problem (or at least a big chunk of it) but are grossly overstating their applicability. To some degree this is because people want to have the prize of creating _the_ anti-spam solution, which is counterproductive. You are absolutely right here. The problem is at least made worse by the fact that the first thing that happens when a focussed proposal is made people start saying 'That is no good, the [bad guys] will just do X'. And if you do attempt to advance a comprehensive strategy such as accountability you get the standard agenda denial tactics. If we instead look at each of the proposals and say what does this do well, and what does it not do well, then modify the proposals so that they can work well together (and to get rid of the harm that several of the proposals would do to the email system if widely adopted), then we will be able to identify the missing pieces. Somehow the statement 'we will not design an X' gets turned into 'we will not even talk to the Xs that are already designed and deployed'. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Sarcarm and intimidation
From: Dean Anderson [EMAIL PROTECTED] Hallam-Baker is active in anti-spam issues. Wow. I've just had a major cognition, as Scientology members would say. I assume everyone's read Parry meets The Doctor? Nuff' said. Anyway, I hereby propose the IETF Corollary to Godwin's Law: whenever any IETF thread migrates to the subject of spam, it's time to end the thread. Noel ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: I-D ACTION:draft-narten-iana-considerations-rfc2434bis-02.txt
John == John C Klensin [EMAIL PROTECTED] writes: John --On Wednesday, 20 July, 2005 07:03 -0400 Sam Hartman John [EMAIL PROTECTED] wrote: No, I was not intending to imply IESG review would gain a last call. I was only speaking to IETF review. I don't think IESG review gaining a last call is all that benefical. It's not clear how you would interpret the results or what the success/failure criteria is. I think interpreting IESG review last calls would be significantly more difficult than IETF review last calls. We have a lot of experience publishing documents and even dealing with last calls on documents that end up generating a lot of messages. But IESG review would be different enough that it would be highly problematic. John Sam, I would think that the purpose of a Last Call as part John of IESG review would primarily be not to evaluate success or John failure, but to be sure that the IESG has an opportunity to John hear, from the community, about issues of which the IESG John members might not be aware. I hope I can say this without John sound insulting, because insult is certainly not my intent-- John but having the IESG make a decision after soliciting John comments from the community is a safer situation and process John than having the IESG members talk only with each other or John people whom they pick, and then decide. As I'm sure you John will agree, no one around here is omniscient; the way we get John quality decisions is to get input from as broad a population John as possible. I think you have convinced me that a last call for IESg review is valuable provided that we understand it is one way to seek input. Instead, I recommend viewing IESG review as a short circuit process that can be used when a request successfully convinces the IESG that it should be approved. I think it is important that IETF review always exist as an alternative when IESG review is available. If your IESG review is not sufficiently convincing, then you can either pursue IETF review or drop the proposal depending on whether you found the IESG's arguments convincing. John Right. And that is another key point, IMO: the main point John of IESG review is to have a fairly quick, low-impact process John for registrations that can be approved. If the IESG John concludes that, for any reason, it cannot approve a John particular request, then that request should --at the option John of the requester-- be taken up with the community, through John an IETF process Agreed. John and without any prejudice from the IESG John review. If you mean that the IESG should treat the process fairly, I agree. If you mean that the IESG should not express an opinion I disagree. John Put differently, if the IESG is asked to look at John these things, you should, IMO, ask the community for comment John and then decide either yes, register or decline to make a John decision on the community's behalf. No, go away, Agreed. John and John even no, and we recommend that you go away and not pursue John this should not be options unless there really is evidence John of community consensus. Strongly disagreed. If you do choose to have a last call for IESG review, you need to have some text explaining what the IESG is evaluating and how the IESG should balance its own opinion against comments made in the last call. John I hope that issue is reasonably well covered in John draft-klensin-iana-reg-policy-01.txt. If it is not, I guess John I've got another rev in my future. I do not believe that John document is incompatible with the rfc2434bis document, just John that each raises some issues that should inform the other. John The iana-reg-policy doc is also intended to contain some key John details, such as a discussion of evaluation criteria, that John the other document omits. I agree that your draft addresses most of these issues. It happens to do so in a manner I believe I disagree with and hope to convince the community is at least significantly wrong. However I do agree that if the community approves of your draft, it would establish the criteria I'm asking for. Next week before getting on the plane I have catching up on newtrk and reading your document scheduled. I will make detailed comments. --Sam ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: I-D ACTION:draft-narten-iana-considerations-rfc2434bis-02.txt
--On Thursday, 21 July, 2005 13:59 -0400 Sam Hartman [EMAIL PROTECTED] wrote: John and without any prejudice from the IESG John review. If you mean that the IESG should treat the process fairly, I agree. If you mean that the IESG should not express an opinion I disagree. I am not opposed to the IESG expressing opinions. However, I think the IESG needs to be _extremely_ careful --both internally and in public-- to not reach a conclusion on one of these things and lock it in, especially if that conclusion is reached without significant community input. This is, to me, part of the judge and jury issue that Brian mentioned some time ago. If you have the opinion that pursuing something through an IETF process would be a bad idea, you are, IMO, welcome to say so. But you are then, again IMO, absolutely obligated to facilitate such an effort procedurally if it is proposed to see if IETF support is really out there... possibly even facilitating it more strongly than if you had not expressed a collective opinion. If, by contract, you (collectively) discourage someone from pursuing something that the IESG concluded that it didn't like sufficiently to approve it during the IETG review cycle, and then use the IESG's considerable procedural discretion to block an effort by the requestors to get IETF review or to starve such a review for resources, then you set up the appearance of an abuse of authority and, perhaps worse, create a situation in which an attempt to get IETF review of an allocation request must be managed by either intimidation or appeal (or by repetitive discussions on the IETF list :-( ). Several people have observed of late that they would prefer to see IESG service viewed as rather more like jury duty with its sense of short-term obligations to the community, rather than as a role similar to either career judicial appointments or of anointed kings. It seems to me that, to some extent, this is another aspect of that distinction. Yes, it is reasonable that the IESG be able to make quick affirmative decisions when those are clearly in order because it saves everyone time. But, when we get to the point where something requires community consensus, I believe that you are obligated to take on that jury role, soliciting community input as fairly as possible and then interpreting it equally fairly, without letting your personal or collective prior views intrude except insofar as they inform the questions you ask of the community. If, instead or in addition to that jury-role, you start influencing the community process by controlling resources or input to support your prior opinions, then we are at high risk. And, if I were forced to choose between a fair, open, and balanced community process if one is initiated and the IESG expressing an opinion, I would suggest that the IESG should not even be permitted to _have_ an opinion and that anyone on the IESG who expresses one should recuse him or herself from all further discussions on the matter. But I don't think we need to make that choice: I think you folks are more than capable of having and expressing opinions and then coordinating a fair and balanced process. The issue may well have had more to do with how the opinion was expressed than what was intended, but the statement about the Roberts allocation request that started these threads seemed to go a bit over the line in that regard and I think we are now in the process of the community clarifying what it wants and expects. John even no, and we recommend that you go away and not pursue John this should not be options unless there really is evidence John of community consensus. Strongly disagreed. See above. I have no problem with your saying the above if you are _absolutely_ sure, and can convince onlookers, that, if the applicant then goes ahead and tries to pursue it, the IESG will do absolutely nothing to block that course of action, even by passive resistance. Put differently, if you make a statement that strong, I believe you actually take on more responsibility for facilitating an effort to pursue the request with the community than you would have had if you didn't have an opinion on the subject of whether it should be pursued (note didn't have not just didn't express). When the IESG (or its members) get to say * no, we won't approve this. * you can pursue it with the community but we recommend that you not do that. And * if you do pursue it, we will (or may) starve you for resources or anything that sounds vaguely like that, then the IESG is essentially making final decisions not declining one particular type of approval option. And I don't think that is acceptable, even if somehow thinly disguisted. I agree that your draft addresses most of these issues. It happens to do so in a manner I believe I disagree with and hope to convince the community is at least
calendar file for IETF
For the daring, there is http://www.ofcourseimright.com/~lear/ietf63.ics. I claim no competence in any of this. No responsibility if you miss your meetings. No promises to update it. But it works for me. Eliot ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: calendar file for IETF
Thanks.. certainly seems to work with Mozilla Thunderbird. Regards, Elwyn Eliot Lear wrote: For the daring, there is http://www.ofcourseimright.com/~lear/ietf63.ics. I claim no competence in any of this. No responsibility if you miss your meetings. No promises to update it. But it works for me. Eliot ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Sarcarm and intimidation
On Thu, 21 Jul 2005, Hallam-Baker, Phillip wrote: The problem is at least made worse by the fact that the first thing that happens when a focussed proposal is made people start saying 'That is no good, the [bad guys] will just do X'. Often, it has actually been the case that the bad guys just did X, which was obviously possible beforehand. We went to great expense for nothing. Why didn't anyone think about what the bad guys could do? [we tend to characterize such obviously failing schemes as hair-brained, (or perhaps hare-brained for the rabbit-watchers), but this is probably unfair in some respects. An honest and direct answer is appropriate.] You can't fight spam on the assumption that abusers can't change. But nearly every anti-spam proposal does just that. That is, if it has any rationale about how it will affect spam or anyone at all. Anyone who suggests that the abuser can simply do X is generally not well received. For example The email authentication scheme promoters don't even consider reactions or ill-effects. They just take it as given that spam will be prevented if we have authentication. But even perfect authentication would have no effect on spam. [skip the details, assume users are perfectly authenticated, then ask so what?] A very expensive authentication system doesn't even require much change to what spammers do now. Yet the best technical minds of the IETF don't agree with this. Or rather, just ignore the so what? part. That isn't engineering, that's just amateurish experimentation at our expense, and perhaps their profit. Of course, if you take that analysis of channel usage to its logical end, one will find that you can't prevent spam. Or more specifically, can't secure a communication channel against topically inappropriate messages. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Sarcarm and intimidation
On Thu, 21 Jul 2005, Noel Chiappa wrote: From: Dean Anderson [EMAIL PROTECTED] Hallam-Baker is active in anti-spam issues. Wow. I've just had a major cognition, as Scientology members would say. I assume everyone's read Parry meets The Doctor? Nuff' said. Probably not everyone gets Parry meets the Doctor I couldn't find the article by Vint Cerf online [Cerf, Vinton, PARRY meets THE DOCTOR, DATAMATION, pages 62-64, July, 1973.] [BTW, The Doctor is the Eliza program] Excerpt from http://www2.mit.bme.hu/services/vimm3241/tanul/beadott/regi/BenkoKatona/extra_eng.html does it pretty well: === Parry meets the Doctor There are many other programs that cannot communicate so sophisticated like SHRDLU. The Doctor was created to simulate the non-controlled therapy of psychiatrists and Parry's task is to simulate a paranoid's misthoughts. A confrontation of these two programs was arranged on a computer network. This is the a short part of the conversation log: Parry: I don't understand your motivations. Doctor: Why don't you understand my motiwations? P: Shall I understand? D: Now why do you say this? P: Because it's exactly the way it isn't. D: Let's suppose it's exactly not that way. P: And? D: I guess I don't really understand you. P: You're stuck at the same question. D: What consequence do you make of this similarity? P: I really can't see where you're intending to get into. D: You want me to get into something? P: It's time to show a little bit of interest in direction of my feelings. D: Oh! Have I shown interest of your feelings? These programs were designed to have conversations width real people and so they are expecting that the living partners are going to give much useless information which is not really meaningful in the context. And there it was: the Doctor rose the illusion that he really understood the conversational partners - the people who talked with the Doctor said this. === If you have no interest in spam, why do you keep making such posts? Anyway, I hereby propose the IETF Corollary to Godwin's Law: whenever any IETF thread migrates to the subject of spam, it's time to end the thread. Does this mean that you think the IETF should disband the ASRG, drop all current I-D's relating to spam, and quit working on spam issues? I rather doubt that Chiappa genuinely doesn't want the IETF to work on spam issues, [at least that's not my perception of his comments] but instead means only to disparage the current discussion. But if Chiappa genuinely thinks the IETF should stop spam work, he should say so directly, so as to be clearly understood. But if the IETF is going to work on spam, then occasionally the main IETF list will have to discuss the issue, and also discuss the administrative issues that arise from the discussions. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: I-D ACTION:draft-narten-iana-considerations-rfc2434bis-02.txt
John C Klensin wrote: --On Wednesday, 20 July, 2005 07:03 -0400 Sam Hartman [EMAIL PROTECTED] wrote: No, I was not intending to imply IESG review would gain a last call. I was only speaking to IETF review. I don't think IESG review gaining a last call is all that benefical. It's not clear how you would interpret the results or what the success/failure criteria is. I think interpreting IESG review last calls would be significantly more difficult than IETF review last calls. We have a lot of experience publishing documents and even dealing with last calls on documents that end up generating a lot of messages. But IESG review would be different enough that it would be highly problematic. Sam, I would think that the purpose of a Last Call as part of IESG review would primarily be not to evaluate success or failure, but to be sure that the IESG has an opportunity to hear, from the community, about issues of which the IESG members might not be aware. Then I don't think it's a Last Call in the normal sense. It's what we might whimsically call a Request For Comments. Seriously, we could call it a Call for Comments. The IESG has been asked to assign a new Foobar codepoint to support the Barfoo protocol specified by the Splat Consortium. See http://splat.org/barfoo for details. The IESG solicits comments on this request by February 29, 2007. That seems reasonable to me. Brian I hope I can say this without sound insulting, because insult is certainly not my intent-- but having the IESG make a decision after soliciting comments from the community is a safer situation and process than having the IESG members talk only with each other or people whom they pick, and then decide. As I'm sure you will agree, no one around here is omniscient; the way we get quality decisions is to get input from as broad a population as possible. Instead, I recommend viewing IESG review as a short circuit process that can be used when a request successfully convinces the IESG that it should be approved. I think it is important that IETF review always exist as an alternative when IESG review is available. If your IESG review is not sufficiently convincing, then you can either pursue IETF review or drop the proposal depending on whether you found the IESG's arguments convincing. Right. And that is another key point, IMO: the main point of IESG review is to have a fairly quick, low-impact process for registrations that can be approved. If the IESG concludes that, for any reason, it cannot approve a particular request, then that request should --at the option of the requester-- be taken up with the community, through an IETF process and without any prejudice from the IESG review. Put differently, if the IESG is asked to look at these things, you should, IMO, ask the community for comment and then decide either yes, register or decline to make a decision on the community's behalf. No, go away, and even no, and we recommend that you go away and not pursue this should not be options unless there really is evidence of community consensus. If you do choose to have a last call for IESG review, you need to have some text explaining what the IESG is evaluating and how the IESG should balance its own opinion against comments made in the last call. I hope that issue is reasonably well covered in draft-klensin-iana-reg-policy-01.txt. If it is not, I guess I've got another rev in my future. I do not believe that document is incompatible with the rfc2434bis document, just that each raises some issues that should inform the other. The iana-reg-policy doc is also intended to contain some key details, such as a discussion of evaluation criteria, that the other document omits. regards, john john ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Sarcarm and intimidation
On Thu, Jul 21, 2005 at 06:22:24PM -0400, Dean Anderson wrote: On Thu, 21 Jul 2005, Noel Chiappa wrote: From: Dean Anderson [EMAIL PROTECTED] Hallam-Baker is active in anti-spam issues. Wow. I've just had a major cognition, as Scientology members would say. I assume everyone's read Parry meets The Doctor? Nuff' said. Probably not everyone gets Parry meets the Doctor ftp://ftp.rfc-editor.org/in-notes/rfc439.txt -- Ted Faber http://www.isi.edu/~faber PGP: http://www.isi.edu/~faber/pubkeys.asc Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG pgpfyxFpxcMAG.pgp Description: PGP signature ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: calendar file for IETF
Actually to be more precise it works with Mozilla Firefox 1.0.6 with the calendar plug-in. Regards, Elwyn Eliot Lear wrote: For the daring, there is http://www.ofcourseimright.com/~lear/ietf63.ics. I claim no competence in any of this. No responsibility if you miss your meetings. No promises to update it. But it works for me. Eliot ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
e2e [Re: Port numbers andIPv6(was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)
Tom Petch wrote: inline Tom Petch - Original Message - From: Iljitsch van Beijnum [EMAIL PROTECTED] To: Hallam-Baker, Phillip [EMAIL PROTECTED] Cc: IETF General Discussion Mailing List ietf@ietf.org Sent: Wednesday, July 20, 2005 12:36 AM Subject: Re: Port numbers andIPv6(was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt) On 19-jul-2005, at 23:35, Hallam-Baker, Phillip wrote: Host and application security are not the job of the network. They are the job of the network interfaces. The gateway between a network and the internetwork should be closely controlled and guarded. You may want to read up on the end-to-end principle (or argument, if you prefer). It's not the network interface-to-network interface principle. In other words: if the endpoints in the communication already do something, duplicating that same function in the middle as well is superfluous and usually harmful. Mmmm so if I am doing error correction in the end hosts, and somewhere along the way is a highly error prone satellite lnk, then I should let the hosts correct all the satellite-created errors? I don't think that that is the way it is done. That isn't quite the point. The end systems can't assume error correction en route; if they require correct data, they must apply e2e error correction of some kind. Certainly a TCP retransmission is not optimal if there happens to be a satellite hop - so nobody objects to satellite hops performing aggressive FEC. But this doesn't let the end systems off the hook. Likewise, if my sensitive data mostly traverses hard to penetrate links (fibre) but just somewhere uses a vulnerable one (wireless), then I just use application level encryption, as opposed to adding link encryption over the wireless link in addition? Again, I think not. Again, the end systems cannot safely assume anything. If the hypothetical encrypted wireless link goes down, and is backed up by a piece of telelphone wire, e2e protection is the only answer. End-to-end is not always best but I am not sure which law of network engineering points out the exceptions. Probably something to do with different levels of entropy along the way. We are after good enough, not best. I think that the point of the Saltzer et al paper is that e2e is always good enough. I have to agree that e2e cannot create network level QoS that isn't available - if the best path available can't offer the desired QoS, no end system magic can achieve that QoS. But it can at least make the best use of the QoS available, e.g. by reducing a streaming data rate to avoid random loss. In answer to another comment, it's perfectly true that some services today are provided by systems intermediate between the end users concerned; these are sometimes referred to as services in the network. But that really doesn't change the point of Saltzer et al. The boxes providing those services are end systems as far as Level 3 is concerned. Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Sarcarm and intimidation
Various people have made their points under this subject field, but I'm having a hard time seeing how those points relate to the IETF's technical goals, its processes, or even to the question of (in)appropriate use of this list. Since we are getting ready for an IETF meeting, could people stay relevant to our business, please? Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: ietf mailing list Acceptable Use Policy
Thanks for the reminder, Harald. Actually that looks very close to what I suggested: subject to IPR rules and relevant to the IETF mission, as judged by an AD. Brian Harald Tveit Alvestrand wrote: --On 21. juli 2005 12:49 +0200 Brian E Carpenter [EMAIL PROTECTED] wrote: But when having to evaluate the question for the ietf-languages list a month ago, I did not find a written statement anywhere that said here's how you operate an IETF list that is not a WG list. One of the first items would be to define what an IETF list that is not a WG list is. Presumably, it's something to do with being set up in furtherance of the IETF Mission Statement and subject to IETF IPR rules. We were faced with this question some time ago, and the result was the creation of the IETF Non-WG mailing lists page, https://datatracker.ietf.org/public/nwg_list.cgi The theory being that if something is listed there, the IETF definitely considers it an IETF list; if it is not listed, it's either not an IETF list, or someone needs to take an action to get it listed (which is simple). I think defining rules about what is or is not an IETF list is tricky; it's simpler to list the ones that are. Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Test version of the Parking Area
On Thu, 2005-07-21 at 08:12, Bill Fenner wrote: So, e.g., for draft-ietf-ospf-2547-dnbit, is it enough to say Waiting for draft-ietf-l3vpn-ospf-2547 (IESG Evaluation :: AD Followup) and draft-ietf-idr-bgp-ext-communities (Approved- Announcement sent)? (Note that the 2nd one is a REF that's not there of a REF that is there). Is that too much to put on the summary page? Probably. what I'm hoping for is a clear answer to the question is there anything I need to do / anyone I need to remind to get this document out. Would it also be useful to put a link to, e.g., http://rtg.ietf.org/~fenner/ietf/deps/index.cgi?doc=draft-ietf-l3vpn-ospf-2547docx=on for each dependency, to check further dependencies? (Yes, I should have a recurse and check all that dependency's dependencies option) I think that would help, yes. For draft-ietf-ccamp-lmp-mib, is it sufficient to say REFs cleared on 2005/04/20, or would you want to see more detail, that it was draft-ietf-mpls-bundle that was holding it up? If you can look at the historic state of a document's dependencies I don't think it's necessary for the top-level view to mention a resolved dependency.. I'm starting to think that for most of the complex relationships, we want a summary on the top level (e.g., draft-ietf-ospf-2547-dnbit could say REF to 2 drafts not in queue) and a detail page that gives you all the info - otherwise I'm concerned about cluttering up the top page. yup. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: calendar file for IETF
Works well with iCal 2.0.2, too. ::: Tom On Jul 21, 2005, at 7:23 PM, Elwyn Davies wrote: Actually to be more precise it works with Mozilla Firefox 1.0.6 with the calendar plug-in. Regards, Elwyn Eliot Lear wrote: For the daring, there is http://www.ofcourseimright.com/~lear/ ietf63.ics. I claim no competence in any of this. No responsibility if you miss your meetings. No promises to update it. But it works for me. Eliot ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf