On Wed, 07 May 2003 14:58:09 -0400
Alan DeKok <aland(_at_)freeradius(_dot_)org> wrote:
J C Lawrence <claw(_at_)kanga(_dot_)nu> wrote:
No, I consider requiring explicit published consent between the DNS
masters and a sending node to be a bad thing.
Wow. So any sending node doesn't need to have consent of a DNS master
to claim to send messages from that domain.
Quite.
By trivial extension, sending nodes also don't need the consent of
users at a domain, to send messages claiming to be those users.
That's not a server-side problem, that's an individual authentication
problem with well known and variously well deployed addresses.
Great. I'll post messages claiming to be from you, to ASRG, saying
how much you like spam, liver, punk music, or anything else. Since I
don't need your consent, you will, of course, have no objection.
There is a fundamental difference between consent and lack of objection.
I can walk on your lawn and tell people on the street corner that I am
you. I don't need your consent to do that. You will however object
rather strenuously I expect.
Lack of objection does not mean consent, and lack of consent does not
mean lack of objection.
Heck, I actively dislike top posting, and yet people do it every day in
mail to me over my objections. They didn't need my consent.
Almost. Currently domains don't control the use of their names,
I'm amazed. I thought that the administrators of DNS for a domain
could control which IP's were pointed to by names in that domain.
They can prevent other IP's from being associated with a domain,
simply by NOT listing those IP's in DNS.
Absolutely.
If that's not controlling the use of a name, I don't know what is.
They don't control the use or behaviour of the node that the name points
to, and with the singular exception of MX records, they don't control
how third parties view or interact with a node that they have a record
pointing to. Some people want centralised systems. That's great and
bully for them. Others don't. That's also great. Dictating on an
Internet-wide scale that only centralised systems can send mail is
Wrong.
So the people controlling DNS for a domain are NOT, in fact,
authorized to make any statements about the domain.
Sure they are, they just currently can't explicitly control the
behaviour of edge nodes. Under RMX they are granted a very large fat
club to dictate and control the behaviour of edge nodes.
The edge nodes can still send email claiming to be from a domain.
They CANNOT, however, claim that they have the consent of the owner of
that domain to use his name.
Assume RMX becomes popular and widely deployed. Will you accept mail
from a node which doesn't have an RMX record or which is outside of the
RMX record stated for that domain?
That's a club.
The problem is that RMX encodes those statements in a machine
processable form that can and will be used mechanically for mail
filtering. Should RMX gain any traction it is safe to assume that in
fairly short order mail from non-RMX-bearing nodes will be
bounced/dropped, and thus RMX records will become a de facto
requirement for sending mail. That spells central control and
authority over how mail is processed within a domain. No thanks.
So you're opposed to other people centralizing control over their own
domain. Hmm...
I'm opposed to systems which mandate centralising control over the
behaviour of nodes in a domain, and give them (essentially) no choice
about running a decentralised model.
See, you don't have to add RMX records, or look them up. That's your
choice. But please understand that the people you send mail to will
impose conditions before they consent to accepting traffic from you.
Absolutely. That's true today and is not in argument.
The problem here is that you apparently don't want others to impose
conditions on traffic they accept from you.
No, I don't want to impose a __centralised__mandated__model__ on mail
traffic control. Please ensure you read the underlined words, then
compare the external behaviour of RMX to the simple public-key/crypto
model I mentioned a few messages ago. While broken, that model achieves
the same ends of accountability that you desire with RMX without the
costs of centralised control.
In that case, your position is *identical* to that of the spammers.
In a sense I'm taking the free speech argument, one which is also often
used by spammers. Are all free speech arguments necessarily bad because
spammers also use them? You can claim that I'm dirty/bad/evil due to
using a similar argument to spammers, or you can recognise that some
arguments are sufficiently general that they can easily be used on both
sides of the fence. Your choice and no skin off my nose.
Freedom is like that: dirty and disorganised. The problem is to clean
it up without losing the freedom. Hate speech laws are a classic
example of an attempted balance and trade-off between the two. We could
just all live as slaves in a planetary dictatorship -- then there would
be no spam. However I suspect, just a little, that most of this list
would consider that an excessive sacrifice of freedoms for the gain in
cleanliness.
Even outside of the privacy concerns, I've no wish to build systems
which not only define, but mandate dictators on an Internet-wide
scale.
Huh? Since when did we jump from domain owners adminstering consent
and control for their domains, to Internet-wide dictators?
Yeesh. That's not what I wrote. Please, read with at least minimal
care. The point is not Internet-wide dictators, but dictators on an
Internet-wide scale.
Should the holder of the DNS keys be a dictator over all the mail sent
from his domain? You say, "Yes!" I say, "Hell no!" You appear to
suggest that such control is the natural state of affairs. I demur and
say that such levels of control must be explicitly created at some cost
and effort and shouldn't ever be the defaults.
Do you understand that artificially inflating the problem, and
engaging in fear-mongering are unhelpful?
Certainly. Happily I haven't done that, tho I can see how your
misreadings of my messages would give that impression.
I don't consider either an acceptable address. You do. We differ.
I consider them acceptable for me, and the domains I administer. It's
your concern if you don't consider them acceptable for you, and your
domains.
Quite. There are issues of social responsibility here. While we each
run our own little private fiefdoms in regard to our mail systems, the
exchange of mail in general across the 'net requires a basis in common
consensus. If that consensus is defined in terms of RMX deployment,
then that is a cost and requirement that neither you or I have choice
over. In essence it is a dictate that I, and you, and every other
domain on the 'net MUST run centralised control over the behaviour of
all nodes in our domains.
No thanks.
What I find astonishing about your beliefs is that you don't find that
behaviour acceptable for *me*, either.
Hardly. Its utterly acceptable for you. What I'm campaigning against
is a progression that takes your individual choice, along with others,
and makes it a net-wide dictate. Some technologies are inherently
decentralised and autonomous. Some require, by definition, centralised
control and definition. We get to pick.
What the heck happened to my freedom to choose?
Nothing. It remains unsullied.
Or would you propose that you should be appointed an "Internet-wide
dicatator", because your attitude is benevolent, and you're doing it
"for our own good" ?
Hardly. I also don't want to be in the position of going to every other
domain out there and telling them, "You must elect your DNSmaster as
your mail dictator."
Be careful. Down that path lies a host of nightmares.
Aye, it sure does.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw(_at_)kanga(_dot_)nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg