|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
I will say "there are potential uses of the ITU for good". --Alain On Aug 14, 2012, at 6:26 AM, Eric Burger wrote: > +1. The ITU is not evil. It just is not the right place for Internet standards development. As John points out, there are potential uses of the ITU-T for good. > > On Aug 13, 2012, at 10:50 AM, John C Klensin wrote: > >> >> >> --On Monday, August 13, 2012 11:11 +0200 Alessandro Vesely >> <vesely@xxxxxxx> wrote: >> >>> ... >>> FWIW, I'd like to recall that several governments endorse IETF >>> protocols by establishing Internet based procedures for >>> official communications with the relevant PA, possibly giving >>> them legal standing. Francesco Gennai presented a brief >>> review of such procedures[*] at the APPSAWG meeting in Paris. >>> At the time, John Klensin suggested that, while a more >>> in-depth review of existing practices would be appreciated, >>> the ITU is a more suitable body for the standardization of a >>> unified, compatible protocol for certified email, because of >>> those governmental involvements. >>> >>> [*] >>> >> http://www.ietf.org/proceedings/83/slides/slides-83-appsawg-1.pdf >> >> Alessandro, >> >> Please be a little careful about context, as your sequence of >> comments above could easily be misleading. >> >> For the very specific case of email certified by third parties, >> especially where there is a requirement for worldwide >> recognition (the topic of the talk and slides you cited), the >> biggest problem has, historically, been an administrative and >> policy one, not a technical standards issue. We know how to >> digitally sign email in several different ways -- there is >> actually no shortage of standards. While additional standards >> are certainly possible, more options in the absence of >> compelling need almost always reduces practical >> interoperability. Perhaps the key question in the certified >> mail matter is who does the certifying and why anyone else >> should pay attention. The thing that makes that question >> complicated was famously described by Jeff Schiller (I believe >> while he was still IETF Security AD) when he suggested that >> someone would need to be insane to issue general-purpose >> certificates that actually certified identity unless they were >> an entity able to invoke sovereign immunity, i.e., a government. >> >> For certified email (or certified postal mail), your ability to >> rely on the certification in, e.g., legal matters ultimately >> depends on your government being willing to say something to you >> like "if you rely on this in the following ways, we will protect >> you from bad consequences if it wasn't reliable or accurate". >> If you want the same relationship with "foreign" mail, you still >> have to rely on your government's assertions since a foreign >> government can't do a thing for you if you get into trouble. >> That, in turn, requires treaties or some sort of bilateral >> agreements between the governments (for postal mail, some of >> that is built into the postal treaties). >> >> International organizations, particularly UN-based ones, can >> serve an important role in arranging such agreements and >> possibly even in being the repository organization for the >> treaties. In the particular case of certified email, the ITU >> could reasonably play that role (although it seems to me that a >> very strong case could be made for having the UPU do it instead >> by building on existing foundations). >> >> But that has nothing to do with the development of technical >> protocol standards. Historical experience with development of >> technical standards by governmental/legislative bodies that then >> try to mandate their use has been almost universally poor and >> has often included ludicrous results. >> >> A similar example arises with the spam problem. There are many >> technical approaches to protecting the end user from spam >> (especially malicious spam) and for facilitating the efforts of >> mail delivery service providers and devices to apply those >> protective mechanisms. Some of them justify technical standards >> that should be worked out in open forums that make their >> decisions on open and technical bases. But, if one wants to >> prevent spam from imposing costs on intended recipients or third >> parties, that becomes largely a law-making and law enforcement >> problem, not a technical one. If countries decide that they >> want to prevent spam from being sent, or to punish the senders, >> a certain amount of international cooperation (bilateral or >> multilaterial) is obviously going to be necessary. As with the >> UPU and email certification, there might be better agencies or >> forums for discussion than the ITU or there might not. But it >> isn't a technical protocol problem that the IETF is going to be >> able to solve or should even try to address, at least without a >> clear and actionable problem statement from those bodies. >> >> I do believe that the ITU can, and should, serve a useful role >> in the modern world. The discussion above (and some of the work >> of the Development and Radio Sectors) are good illustrations. >> But those cases have, as far as I can tell, nothing to do with >> the proposed statement, which is about the development and >> deployment of technical protocol standards. >> >> regards, >> john >> >