On Mon, Apr 14, 2014 at 6:59 PM, John R Levine <johnl(_at_)taugh(_dot_)com>
wrote:
I've never said that lists won't change, I've said that we're not going to
screw them up to work around your FUSSP.
It would be great if it were more of a dialog rather than a repeated
exercise in intransigence. I guess when you're a list, everything looks
like a FUSSP.
Having been involved in things like SPF, DKIM, ADSP, etc. over the years, I
can say that mailing lists always recur as a major obstacle. "Lists have
been doing what they're doing for N years and they work fine. You don't
get to mess with them." That's the mantra.
In DKIM, we even did a whole separate RFC to talk about all the fun ways
lists are a special case.
The specifications of 30 years ago included some neat capabilities for
communication, some of which mailing list servers employ to do what they
do. I mean, I get that being able to put whatever you want in the From:
field is a feature. Honest, I do. But meanwhile, increasingly, bad people
use the very same capabilities to do their hugely expensive harm. Is it
really the case that the benefit mailing lists (as they are today anyway)
bring to the Internet outweighs the harm of leaving these capabilities wide
open?
There are probably earlier examples, but remember the finger protocol? In
80s and 90s, it was on, and it was harmless, maybe even useful. Then it
started to get abused and exploited, so we collectively turned it off
because the damage outweighed the benefit. That practice has been applied
countless times since, to any service that gets rolled out in any context
you can imagine that then gets discovered and exploited by bad actors: We
fix the vulnerability, or we kill the service. We don't believe in
"substantial non-infringing use" as a reason to keep something bad online.
I can't think of an instance where that's not the case except email abuse,
because we protect mailing lists, which have enjoyed apparent immunity
despite ever-increasing pain to the victims of that abuse with no solution
in sight.
So why do lists get the privilege of being immutable? Can't there be some
quid pro quo? Do the people with the problem also have to come up with the
solution, preferably maintaining the status quo for lists, or could it
maybe be more of a cooperative brainstorming thing? Is it really totally
inconceivable and unacceptable that there has to be some evolution here?
And before anyone tries to claim it, I'm not saying lists are second class
actors, nor am I making any kind of claim about traffic percentage. I
would just like to understand when and why they were granted this protected
status in standards work that they appear to enjoy.
-MSK