[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-usefor-usepro-02

To: ietf-usefor@xxxxxxx
Subject: Re: draft-ietf-usefor-usepro-02
From: Seth Breidbart <sethb@xxxxxxxxx>
Date: Thu, 30 Dec 2004 17:11:36 -0500 (EST)
In-reply-to: <> (message from John Stanley on Thu, 30 Dec 2004 13:07:48 -0800 (PST))
List-archive: <http://www.imc.org/ietf-usefor/mail-archive/>
List-id: <ietf-usefor.imc.org>
List-unsubscribe: <mailto:ietf-usefor-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-usefor@xxxxxxxxxxxx
John Stanley <stanley@xxxxxxxx> wrote:
> Seth Breidbart <sethb@xxxxxxxxx>:

>>If I can't verify you as the owner of that email address, then you
>>can't use my server to post with that email address.
> Heh heh. You must run a very quiet server. Nobody can post through it.

Anybody who can log in to my machine can post through it.

Google uses that rule, too; yet I see a lot of postings through them.

>>I'm not acting, I'm declining to act.
> Wrong. Excluding the decision on the From header, your action would be to 
                                                         ^^^^^^
See that word?

> accept the article. By not accepting it, you are ACTING, and you are 
> basing your action on information you do not have. 

Somehow, doing nothing has been transformed into acting in your
universe.  I wonder what happens if I get you to say your name
backwards.

>>If you can't verify the address to me, then you can never use it on my
>>server.
> Which server would that be?

Google groups acts that way.  (My personal server nobody cares about,
because nobody uses it even if they could validate their email address
by returning a token.)

>>I'm not assuming that it's possible, I'm stating that my policy
>>(that's my policy, I'm not requiring that anyone else adopt it)
>>requires that verification.
> A verification that is impossible.

A verification that google performs, therefore it's possible.

A verification that any ISP that has users logging in can perform.

A verification that any NSP that requires users to return an emailed
token can perform.

> By claiming that you require that verification, you imply that it is
> possible

It is possible.  Some sites do it.

>>> Wow. And Wow, you think that MOST of the articles that are posted to
>>> USENET shouldn't be posted because the address cannot be verified?
>>No, I never claimed that.
> Yessir, you did. I'll quote from just a few lines earlier:
>>>> And since they DO NOT KNOW, they should DO NOTHING SPECIAL.
>>>That is, they shouldn't post the article?
> Or was your "shouldn't" a typo?

No, that was referring to sites that choose to follow the policy I'm
writing about.  Other sites need not follow that policy: their
servers, their rules.

>>I claimed that it's an acceptable policy
>>for a server to refuse to post articles if the From header can't be
>>verified to the satisfaction of that server.
>
>>It's equally acceptable for a server to allow any From address ending
>>in ".invalid" to be used.
>
> Since verifying is impossible in many if not most cases,

So what?

> then what you are actually saying is that some admins ought not to
> be running servers.

I'm not suggesting that at all.  I'm saying that the admins who
require verification will not accept postings in the cases where
verification is actually impossible.  If, as you claim, that's a lot
of cases, then there are a lot of cases they won't accept.  Their
servers, their rules.  I know of a server whose policy is "You can use
this server if you're a personal friend of the owner."  That's even
more restrictive; would you therefore claim that the owner shouldn't
be running a server?

> And if WE tell posters they MAY use .invalid, then of course it is
> an acceptable "policy" to accept it. It is not an acceptable
> "policy" to not accept it, because that "policy" is really "don't
> conform to the standards".

What part of interoperability breaks if a server does not accept From
addresses ending in ".invalid"?

>>> I think that counts as a majority over the relatively few that
>>> Panix can.
>>Actually Panix can verify infinitely many addresses, too.  
>
> Hardly. But then, aleph1 is larger than aleph0 (if I am using the terms 
> correctly.)

You aren't.  The number of finite length strings over a finite
alphabet is aleph null.  Ignoring length limits (which we have to in
order to get any infinite number), Panix can verify
"sethb+<anything>@panix.com" as belonging to me, for aleph null values
of <anything>.  The total number of possible email addresses (still
ignoring length limits) is the same aleph null.

> There may be an infinity of Panix account they can verify, but there
> are an infinity of infinities of accounts they cannot. Still a
> majority.

Aleph null times aleph null is aleph null, not a larger infinity.

>>> That's what I said. Where did you get "the _site_ is permitted"?
>>Are you claiming that the owner of a machine is required to run the
>>machine the way _you_ want instead of the way _he_ wants?
>
> It has nothing to do with what I want. It has everything to do with
> what the standards say. They say that the poster MAY use
> .invalid. That implies that the server has to accept it, otherwise
> there would be a contradiction.

There's no contradiction.

The law says that I MAY go into a store and offer to pay them with
Canadian money.  The store MAY choose not to accept it; there's
neither a violation of the law nor a contradiction when that happens.

> And you didn't answer the question: I was talking about a section of
> the draft that says "the poster MAY", and you told me that this
> means the the server MAY. Where did you get that nonsense?

You're the one claiming that "the poster MAY" implies "the server
MUST".

>>You may ask me to post something.  I may decline to accede to your
>>request.  Those are both "MAY".
>
> That is not what we are discussing. "MAY ASK" is very different from "MAY
> USE". MAY ASK implies there is a question that you get to answer. MAY USE
> means there is no question, the poster MAY USE that address.

The poster MAY USE that address when he says POST.  The server MAY
reply "NO".

>>> A clearer statement of abdication is rarely seen here. The site will
>>> do what it wants no matter what we say, so why bother saying
>>> anything?
>>To tell it what it ought to do so that interaction with other sites
>>works properly.
>
> A site will do what it wants no matter what we say. Why bother saying 
> anything?

See above.

>>> Where the fuck do we say that posters don't have to pay their bills?
>>When you said that a poster MAY use ".invalid" and that the server is
>>therefore REQUIRED to post the message.
>
> Answer the question. Where does this draft say ANYTHING about paying 
> bills? It doesn't.

You're the one who claimed that the server is REQUIRED to accept and
post a message if the poster used ".invalid".  I'm the one saying that
the server is not REQUIRED to do something against its policies.  As
an example of such a policy, I gave "users must pay their bills".

So you are apparently claiming that some server policies ("pay your
bills") are permissible, while others ("use your verified email
address") are not.

>>> Why do you keep making this shit up?
>>It's a logical consequence of the rule that you're arguing for.
>
> And now you've fabricated some rule that I am supposedly arguing
> for. Why do you keep doing this?

Are you, or are you not, arguing that a server is not permitted to
have a policy of accepting messages only if it has verified that the
poster is entitled to use the email address in the From header?

>>>>If sites *have to* accept it, then they have to accept the articles
>>>>where it is used, right? 
>>> No, of course not. Don't be stupid.
>>So now you agree that a site need not accept an article that has a
>> From header ending in .invalid?
>
> Stop being stupid. We are talking about a criterion for acceptance
> based on the use of .invalid here, and nothing else. I've said that
> a site cannot reject an article because the poster has used a
> .invalid address because WE told the user he MAY use it.

And I'm saying that a site may have a more restrictive policy than
that.

>>Where do you think you get the right to decide on policies that sites
>>must follow? 
>
> This isn't site policy anymore. This draft tells posters they MAY do
> something. I didn't write that part of the draft, so it isn't me you want
> to argue with about this.

You're the one arguing that "the poster MAY" implies "the site MUST".
I haven't seen anyone else agreeing with you.

>>Maybe their rule is "must use address you have verified to be valid in
>>the From header."
>
> Still trying to put words in my mouth, huh? Maybe their rule is what
> I wrote.

In that case, there's no problem.  I'm not arguing against a site
having the rule you wrote.  You're arguing against a site having the
rule I wrote.

>>Except for people who want to post, where "verified" is the required
>>case.
>
> When verified is impossible, it cannot be the "required case".

It isn't always impossible.  When it is impossible, it doesn't happen,
therefore (since it's required) the posting doesn't happen.

> By saying it can be the "required case", you imply it IS always
> possible,

No, I imply it is _sometimes_ possible.

>>But they may, if they so choose, reject an article for not having a
>>From header that they do not know to be valid.
>
> It is easy to check for a syntactically valid from header; thus is
> it correct to imply that they can. It is impossible to verify, in
> most cases, a contextually valid From header, thus it is incorrect
> to imply they can.

The draft doesn't imply that they always or even usually can.

> Our draft makes this implication;

No, it doesn't.

Seth
References:
- Re: draft-ietf-usefor-usepro-02
  - From: John Stanley
Prev by Date: Re: draft-ietf-usefor-usepro-02
Previous by thread: Re: draft-ietf-usefor-usepro-02
Next by thread: [no subject]
Index(es):
- Date
- Thread