ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] (no subject)

2003-07-01 17:21:29
from [Yakov Shafranovich] [Permanent Link] 
At 04:00 PM 7/1/2003 +0000, Mark McCarron wrote:

[..]
Thanks for your comments. My response are in the body of the message below. This post relates to the 'GIEIS' system viewable here at: 
[..]


From: "Danny Angus" <danny(_at_)apache(_dot_)org>
To: "Mark McCarron" 
<markmccarron_itt(_at_)hotmail(_dot_)com>,<asrg(_at_)ietf(_dot_)org>
Subject: RE: [Asrg] (no subject)
Date: Tue, 1 Jul 2003 14:33:57 +0100

Mark McCarron wrote:

>  SMTP is a dying
> protocol, imagine what it would be like in 10 years?

Erm .. I don't think that is quite correct, surely?
I know that IM is growing in popularity and I wouldn't be surprised if SMTP was loosing "market share" but to describe what must be one of, if not the, most widely used internet protocols as dying is preposterous.
Perhaps you could back up your claim with evidence, I'd be happy to eat humble pie if you're right. 

Mark's Response:
SMTP is a dying protocol. It was never designed to handle the current flow of email on the Internet nor provide the security for it. As long as SMTP exists, spam, virus', worms and trojans will only grow on the Internet to an unbelievable level. Every resolution has been attempted and failed. Let me make this crystal clear for everyone, SMTP cannot EVER be secured. We are rapidly coming to the point were email would be withdrawn completely. This is not some idle threat, but a proposal seriously being considered. Anyone who knows the technical side of SMTP, will tell you quite clearly that the protocol itself is to blame. Spam accounts for 30% of all traffic on the Internet now, what percentage would it be in 10 years? 
[..]
It has been mentioned many times that the problem is not just SMTP - its all of Internet. The Internet including all of its protocols cannot be secured since all of the underlying protocols were developed as an open system. Getting rid of SMTP alone, will not solve the problem of underlying openness. 


[..]


> The system we tested it on was a private network, also, it wasn't
> using the
> full aspects of the 'GIEIS' design.  It was just a feasibility
> test and it
> responded well, in fact, 100%.
100% of what? did you try to break it, did you try to fool it, what happens to mail if you launch a DOS attack on the token server? 

Mark's Response:
Dos (denial of service) does not work on every machine. Proper security measures eliminate this threat. Dry run 'GIEIS' for yourself, its unbreakable.
"Security by obscurity" does not work - until the system is deployed in the wild, no one can calim that its secure. 

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] A Little Background on 'GIEIS' And A Few Surprises, Yakov Shafranovich
Next by Date:  [Asrg] 'GIEIS' - More Comments, Mark McCarron
Previous by Thread:  RE: *Suspected Spam *RE: [Asrg] (no subject), Danny Angus
Next by Thread:  [Asrg] (no subject), Patrick Galvin
Indexes:  [Date] [Thread] [Top] [All Lists]