[ih] IETF relevance (was Memories of Flag Day?)

[Michael Thomas]

On 8/28/23 8:19 PM, Dave Crocker via Internet-history wrote:
> On 8/28/2023 7:45 PM, Michael Thomas via Internet-history wrote:
>> You were not part of the "private cabal". I was the one who decided 
>> that DNSSec wasn't worth fighting about. I was wrong as it turns out. 
>> DNSSec deployment has been a disaster. DK got that completely wrong. 
>> I hosted the meeting where the two drafts were merged at my house in 
>> San Francisco. You weren't there.
>
> sigh.
>
> Mark Delany, at Yahoo, solicited continuing 'community' comments from 
> me and Eric Allman, early in the development of DomainKeys. It became 
> highly collaborative.  And this was long before there was any 
> interaction with the IETF.  I'd guess a year.
>
> I've no idea how the timelines compared.  DomainKeys was quickly quite 
> visible.  I didn't know of IIM until much later, as DK was getting 
> ready to move to the IETF, as I recall.
Yet we came first with an ID with no knowledge of DK until Harald clued 
us in. Your knowledge is irrelevant and hardly an arbiter of anything.
>
> I do know that the cabal I'm referring to had a substantial number of 
> companies involved, and an extended series of meetings, over roughly a 
> year, and at a variety venues.  Yours might have been one of them.  
> For the most part, the cabal's dynamic was quite collaborative among 
> the range of participants.  There was an exception, of course.
>
> I also have no idea what your reference to DNSSec and Domainkeys is 
> about, since DK didn't involve DNSSec.

IIM protected the integrity of fetching the key record using TLS. DNSSec 
was never deployed widely. So yes, by all means let's ignore that DK's 
security for fetching the selector never materialized where IIM got it 
right using TLS. Alice, Bob and Eve entered the chat.


>
> permits easy comparison between the original Yahoo work and DKIM. 
> Perhaps significantly, IIM was not published as an RFC.
Maybe we didn't care about it? A historical RFC is about as relevant as 
my blog post.
>
> As part of the process to resolve some essential issues, during the 
> DKIM effort, at one point I did a functional matrix to compare the two 
> source specifications.  One was quite pragmatic, aesthetically ugly, 
> and very badly written.  The other was very well written, prettier in 
> design, but had adoption challenges, such as requiringd creation of a 
> new global database. Developing the comparison analysis was educational.
They were essentially the same and I resent this ad hominem attack. And 
a database on the web is the norm, not DNS. It's what SRV records were 
designed for. And of course to this day, DKIM is not suitable for more 
high value PKI uses because of its expectation of DNSSec. IIM got that 
right.
>
> As for who was present for what, my recollection is that there were a 
> number of us present at pretty much all of the activity, across the 
> arc from Yahoo's effort to DKIM's initial and revised publications.
>
You and John had nothing to do with the merger, and your influence was 
minimal. I for one have never even met John. I wrote the first 
implementation of DKIM. What is your claim?

Mike