[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FTC stuff 0) Lies 1)Yahoo & DK. 2)GoDaddy DNS & SPF & CSV. 3)Dean & FUSSP. 4)Testing 5)EFF, Anonymity.

To: Alan DeKok <aland@xxxxxx>, MXCOMP <ietf-mxcomp@xxxxxxx>
Subject: Re: FTC stuff 0) Lies 1)Yahoo & DK. 2)GoDaddy DNS & SPF & CSV. 3)Dean & FUSSP. 4)Testing 5)EFF, Anonymity.
From: Dave Crocker <dhc@xxxxxxxxxxxx>
Date: Sat, 20 Nov 2004 23:18:21 -0800
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
Reply-to: Dave Crocker <dcrocker@xxxxxxxxxxxxxxx>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx

On Sat, 20 Nov 2004 17:38:56 -0500, Alan DeKok wrote:
> > Some major keys to open discussion is that people avoid ad hominem
> > attacks -- for example, they do not call people liars -- and they
> > avoid hyperbole.  For example:
>
>    To quote:
>   > you want to change the nature of the infrastructure. you want to
>   > redefine established terminology.
>   > In professional fora, it is entirely inappropriate to make assertions
>   > about other people's desires, capabilities, and the like.

It's difficult to imagine your believing that either of these two statements is on a par with calling someone a liar.  (Please note that the latter of the two statements you cite was, in fact, taking exception to a posting that also had indulged in ad hominem attack.)

So I'll guess that you are assessing them as hyperbole.  Again, it is difficult to understand how you consider either of the above statements to be hyperbole, on a par with calling a service that operated well for 25 years to suddenly be "broken" or to be a "failure".

>  things like "SMTP is imperfect", for fear of getting attacked.

The semantic difference between "imperfect" and "failure" is considerable.  Diligent consultation with a competent dictionary is encouraged.

Freewheeling use of inaccurate and excessive language is, indeed, a hallmark of public discussion about spam and anti-spam techniques.  

My point is that it prevents constructive discussion.

> > The security model of SMTP is the same as the security model for
> > sending paper letters and for making phone calls.
>
>    For one, you haven't explain why.  

For example, senders are not required to identify themselves in any of those systems.  Anonymous or misrepresented authorship is easy and common for all of them.

>   At the minimum, SMTP is electronic while paper
>  mail is not, so from that information alone, the security models MUST
>  be different.

Well that certainly is an interesting assertion.  I can't imagine what makes it automatically true.

>    For two, phone calls don't have "malicious bounces", so I'm confused
>  why the security models for SMTP and telephones would be the same.

Discussing why a popular security model might have serious inadequacies for a new environment is, of course, entirely reasonable.  But that's not what you are doing.

>    For three, my statement was talking about failures of a model, not

When you referred to SMTP you said nothing about a "model", nevermind a security model.  To the extent that you really meant to refer to a particular security model, then by all means please state that, rather than broadly describing that a long-standing, well-functioning protocol as a "failure".

>  about comparisons with other models. Claiming that SMTP has the same
>  security model as something else is nice, but not really relevant to
>  the issue thar the security model of SMTP has had demonstratable
>  failures.

When messing around with global infrastructures, it is typically viewed as useful to worry a great deal about the base of experience with the model being used for that service and the model being proposed.  In that light, knowing that the existing model has extensive use in other global infrastructures is important.  

When you succinctly describe the proposed new model, you will discover that it has essentially no base of experience in a large scale.

On the average, it is considered important to worry about the impact of changes to a communication service, since the ability to communicate is usually taken as rather important for various aspects of human life.  So, for example, terminating the ability to communicate anonymously would have rather serious political ramifications.

>    SMTP as it was designed 10 years ago has failed to reach these new

23 years ago.

But really 32 years ago, since smtp is an evolution of the original ftp mail command.

>    This shouldn't be news.  It shouldn't be a sore point, either.

The sore point is not the limitations of SMTP.  The sore point is sloppy, inaccurate hyperbole.

>    The important thing now is to decide WHY the model failed, and HOW
>  it failed.  Without that information, it will be impossible to fix it.

It's unfortunate that you do see neither the formal incorrectness of the term "failed" nor the absence of substantive contributions about the nature of the changed threat and security models.

d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker  a t ...
www.brandenburg.com

Follow-Ups:
- A new SMTP "3821" [Re: FTC stuff...........]
  - From: Hector Santos
- Re: FTC stuff 0) Lies 1)Yahoo & DK. 2)GoDaddy DNS & SPF & CSV. 3)Dean & FUSSP. 4)Testing 5)EFF, Anonymity.
  - From: Alan DeKok

References:
- Re: FTC stuff 0) Lies 1)Yahoo & DK. 2)GoDaddy DNS & SPF & CSV. 3)Dean & FUSSP. 4)Testing 5)EFF, Anonymity.
  - From: Alan DeKok

Prev by Date: Re: People issues
Next by Date: Re: FTC stuff 0) Lies 1)Yahoo & DK. 2)GoDaddy DNS & SPF & CSV. 3)Dean & FUSSP. 4)Testing 5)EFF, Anonymity.
Previous by thread: Re: FTC stuff 0) Lies 1)Yahoo & DK. 2)GoDaddy DNS & SPF & CSV. 3)Dean & FUSSP. 4)Testing 5)EFF, Anonymity.
Next by thread: Re: FTC stuff 0) Lies 1)Yahoo & DK. 2)GoDaddy DNS & SPF & CSV. 3)Dean & FUSSP. 4)Testing 5)EFF, Anonymity.
Index(es):
- Date
- Thread