On July 11, 2003 at 18:26 research(_at_)solidmatrix(_dot_)com (Yakov
Shafranovich) wrote:
At 05:44 PM 7/11/2003 -0400, Barry Shein wrote:
Well, there ya go, the NY Times is technologically ahead of ASRG in
recognizing what the real source of the spam problem is.
Barry, leaving the sarcasm aside, there are problems with looking at the
spam problem from this angle. There are specific problems with dealing with
the security issue which I mentioned in a prior post:
1. It is easier to deal with the problem on the edge of the network than at
Many very smart people have been trying to "deal" with the problem on
the edge of the network for several years now, but the spam problem
grows worse and worse.
I think the approach you champion above all others is rapidly becoming
akin to "phlogiston" or "epicycle" theories (early scientific theories
intuitively compelling and also championed to the exclusion of others
which later were proven fallacious at the core.)
I think you would do better to simply show your favored approach to
have merit rather than constantly try to beat back others' approach to
the problem.
There's a fine line between trying to maintain order and simply
dragging a group into a non-stop meta-discussion revolving around
ones' own pet theories.
the core. "Fixing" the core can take decades. In the short and medium term
Fixing the edge has already proved fruitless in nearly a decade of
trying.
Given the proven fruitlessness of one approach vs the possibility of
frustration with another approach (whose underpinnings have now
increasingly been shown to have merit) which is preferable?
Well, let a thousand flowers bloom. I personally have no agenda to see
your favored attack on the problem marginalized.
Unfortunately I don't believe that feeling is reciprocal.
we would be looking at "edge" solutions. In the long term perhaps a "core"
solution might work but would require a very long time to implement.
Since your approach has thus far produced nothing measurable why is the
(hypothesized) difficulty of a different approach, in your mind, such
a negative?
I think we've already discussed that issue; that an approach might
take years for ubiquitous deployment does not equate the likelihood of
successful results (i.e., significant reduction of spam, that's why
we're here, right?) from early, less pervasive deployment.
Put another way, you assert that ubiquity would be difficult, but you
haven't established why ubiquity is a reasonable pre-condition for
success.
Besides, nearly every approach has this difficulty, it's an easy
criticism to make.
2. This is something that must be dealt on the infrastructure level of the
Internet - it is a general issue of security akin to other things that
zombies are used for (DDOS, hosting porn sites, worms, etc.). These are
issues that must be looked at as an Internet-wide problem not limited to
spam. Once again, this problem stems from the fact that the Internet as a
network inherently trusts its users and servers. Unless you will convert
the Net into a closed system where every single server and user must have
authorization, it will not solve the problem.
This is a particular hypothesis about the problem, and dare I say one
driven by a particular agenda.
One might hope that the purpose of a RESEARCH group is to pursue
promising possibilities, perhaps even more than one, rather than have
bridges burned by one individual's off-the-cuff speculations.
If this is a general "security" problem, than we cannot hope to solve the
"spam" specifics without solving the general security problem. Thus, it
might require a new group to be focused specifically on security issues of
the Net. We are dealing with spam only.
I would also like to make another suggestion. It seems that you and Eric
Brunner in particular have been advocating this approach. Why don't you two
get together and write up a document outlining the spam problem from this
point of view, and providing an evaluation checklist for solutions (also
see section 3.2 of the "Technical Considerations" document
(http://www.ietf.org/internet-drafts/draft-crocker-spam-techconsider-02.txt)).
This can provide a concrete framework and a checklist for the group to
consider various proposals falling under this angle of things such as
replacing SMTP, detecting hijacked computers, DRIP, etc.
Another suggestion which I mentioned before would be setting up an "Email
Standards Project" akin to the "Web Standards Project". Get a group of
people together and setup a site that will list recommended configurations
for popular MTAs and MUAs that can protect user' computers from being
hijacked and reduce spam. Things like shutting off open relaying, disabling
ActiveX and JavaScript inside mail clients, perhaps disabling HTML email on
send, etc. can be documented. User education is very important and
something that can be very useful in the long run.
I have a better idea.
Why doesn't Yakov form the Topics-Approved-By-Yakov research group and
then you won't have to spend so much time batting away at competing
approaches?
You can perfect that by being the only one in that group! Consider the
possibility for unfettered consensus!
I think when someone expends as much energy as you do trying to
silence others' approaches something is awry.
Particularly when the competing theory is rising so quickly as this
New York Times article, which seems to have set you off on your
latest, lengthy meta-missive, demonstrates.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg