anti-spam/forgery observations from 62nd IETF

I went to the 62nd IETF meeting in Minneapolis last week to catch up on,
among other things, anti-spam/forgery work.

If you just look at the meeting agenda, you won't find any working
groups nor BOFs on spam/forgery. I pointed this out during the IESG
plenary session on Wednesday (proceedings are in progress; see also
jabber/xmpp log) and noted that the #1 google hit for "IETF spam" is the
closing of the MARID WG [hmm... that no longer seems to be the case;
IETF to lead anti-spamcrusade now tops Internet Task Force Shuts Down
MARID Anti-SpamWorking Group in any case...]; I said surely there is
some good work on spam/forgery going on; would they please be a little
more proud of it?

IESG members noted the plan to publish the MARID-related drafts as
experimental RFCs and get some deployment experience. I noted this
didn't instill confidence in a lot of people I talk to. Others noted the
Anti-Spam Research Group (ASRG) of the Internet Research Task Force
(IRTF), though I got mixed impressions about the level of activity
there.

Others noted the Message Authentication Signature Standards (mass) Bof
at the San Diego IETF in Aug 2004 where Domain Keys and Identified
Internet Mail (IIM) were discussed. While there was no follow-up meeting
in November in Washington nor March in Minneapolis, I get the impression
there will be one next time, July/Aug in France. I gather there is quite
a bit of work going on to integrate Domain Keys and IIM.

Though I originally thought that solutions that used cryptography would
be too complex to deploy and that SPF was simpler and easier to deploy
in comparison, I'm no longer so sure that's the case. Most of the
forwarding issues that complicate SPF don't apply to DK/IIM.


-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E