ietf-asrg
[Top] [All Lists]

Re: [Asrg] RE:ASGR 8a Use of certificates

2003-04-02 09:08:54
<rant>
Vernon is always critisizing (and not only on this maillist). In my review 
of March discussions (I'v at over 1,200 messages which is 50%...) he 
critisized anything and everything - some of his points are quite correct 
and he always tries to find as many bad points about every proposal as 
possible - this comes quite handy when I'm looking what to put in 
"Objections" section which I'm creating for every proposal. Hopefully if 
I'm done by the end of the week you'll see what I mean (I may not have 
enough time as I'm leaving for ARIN conference at the end of the week and 
have lots of other work keep my net up while I'm gone - and this ASRG 
review already took more then 20 hours... - if not I'll finish while at ARIN). 

However I do believe that while critisicism is in places usefull, a more 
constructive approach would be a lot better especially when someone wants 
to make good contribution to this group. And overall for March while it 
may seem that we have not achieved that much there were offered LOT AND 
LOT of ideas on the list, its really amazing how much an area we were able 
to cover. Anybode who have listened to the list should have picked up 
something (lot more then just something!) usefull over the month.

Still it was amazing finding Vernon critique on absolutly every thread...
</rant>

On Wed, 2 Apr 2003, Tom Thomson wrote:

Vernon wrote:

It's discouraging that people are still saying that authentication
would fix spam years after common MUAs (e.g. Netscape) can send and
check signatures and/or keys and SMTP-AUTH, SUBMIT, and SMTP-TLS are
universally available.

What I find discouraging is the conytinual dismissal of possible 
solutions based on little of no apparent logic (and usually by
people who have an alternative solution to push).

SMTP-AUTH is specifically desgigned for a closed trusted environment 
(read the RFC - the words it uses are "within a trusted enclave") so 
it's not at all surprising that it hasn't been deployed to solve a 
problem in a wide-open uncontrolled environment. Do SUBMIT or 
SMTP-TLS have relevance to our issue any more than SMTP-AUTH does?  I
think not!

Although some MUAs have signature/checking capabilities, rather a lot 
have no such capability.  Do any of the webmail systems have such 
capability?  Even where an MUA has the capability, is it usable by 
the average user?  Plainly and simply, the signature and checking 
capabilities of current MUAs are not designed to address our issue.

So the arguments quoted above are completely irrelevant to the 
solution they were used to attack.

Let's try to be constructive about the various proposals made, 
instead of destructive.  

Tom Thomson

Post Script:   I suspect vernon will be very unhappy if the group 
ends up supporting approaches other than one particular one;  but 
I'm not going to decry that particular one because it wasn't 
invented here, and I just wish he would show other members of this 
list that same courtesy. We are going to need to apply lots of 
partial solutions and not reject anything that is useful just 
because it will not solve more than 90% of the problem on day one.


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg