<rant>
Vernon is always critisizing (and not only on this maillist). In my review
of March discussions (I'v at over 1,200 messages which is 50%...) he
critisized anything and everything - some of his points are quite correct
and he always tries to find as many bad points about every proposal as
possible - this comes quite handy when I'm looking what to put in
"Objections" section which I'm creating for every proposal. Hopefully if
I'm done by the end of the week you'll see what I mean (I may not have
enough time as I'm leaving for ARIN conference at the end of the week and
have lots of other work keep my net up while I'm gone - and this ASRG
review already took more then 20 hours... - if not I'll finish while at ARIN).
However I do believe that while critisicism is in places usefull, a more
constructive approach would be a lot better especially when someone wants
to make good contribution to this group. And overall for March while it
may seem that we have not achieved that much there were offered LOT AND
LOT of ideas on the list, its really amazing how much an area we were able
to cover. Anybode who have listened to the list should have picked up
something (lot more then just something!) usefull over the month.
Still it was amazing finding Vernon critique on absolutly every thread...
</rant>
On Wed, 2 Apr 2003, Tom Thomson wrote:
Vernon wrote:
It's discouraging that people are still saying that authentication
would fix spam years after common MUAs (e.g. Netscape) can send and
check signatures and/or keys and SMTP-AUTH, SUBMIT, and SMTP-TLS are
universally available.
What I find discouraging is the conytinual dismissal of possible
solutions based on little of no apparent logic (and usually by
people who have an alternative solution to push).
SMTP-AUTH is specifically desgigned for a closed trusted environment
(read the RFC - the words it uses are "within a trusted enclave") so
it's not at all surprising that it hasn't been deployed to solve a
problem in a wide-open uncontrolled environment. Do SUBMIT or
SMTP-TLS have relevance to our issue any more than SMTP-AUTH does? I
think not!
Although some MUAs have signature/checking capabilities, rather a lot
have no such capability. Do any of the webmail systems have such
capability? Even where an MUA has the capability, is it usable by
the average user? Plainly and simply, the signature and checking
capabilities of current MUAs are not designed to address our issue.
So the arguments quoted above are completely irrelevant to the
solution they were used to attack.
Let's try to be constructive about the various proposals made,
instead of destructive.
Tom Thomson
Post Script: I suspect vernon will be very unhappy if the group
ends up supporting approaches other than one particular one; but
I'm not going to decry that particular one because it wasn't
invented here, and I just wish he would show other members of this
list that same courtesy. We are going to need to apply lots of
partial solutions and not reject anything that is useful just
because it will not solve more than 90% of the problem on day one.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg