Dave Crocker <dcrocker(_at_)brandenburg(_dot_)com> wrote:
AD> When I roam cross-country,
how about cross-world?
I fail to see how the net changes when I roam inter-country, as
opposed to intra-country. The authentication & other network
protocols I use are the same. In many cases, I use the services of
the same global company.
The only things which change are local implementations.
how about with a laptop, using pop/smtp, rather than web user interface
to your home email application?
how about when connected to a remote network, such as a clients?
Or from a hotel, using your laptop?
Any problems with those activities come ONLY from poor or inadequate
local implementations.
The problem with requiring prior consent to the delivery of email is not
about users logging in to their email service. Is about senders
"logging in" to recipients, before they can send mail to them.
Which is a situation I've never proposed or supported.
I have repeatedly said that it's the problem of the local network to
verify its users, and to ensure that their behaviour satisfies the
local AUP (i.e. consent). It's the problem of the local network to
coordinate AUP/consent for any roaming user with that users home
domain. It's the problem of the local network to make that consent
available to the rest of the net, so that they can use it, if they so
desire.
The end result is that the "recipient" of an email has to do minimal
work, in order to verify consent. The recipient can easily gain
enough information about the identity of the sender, in order to make
informed decisions as to whether or not to accept the message.
In contrast, your position paradoxically requires the very thing you
appear to oppose. NOT enforcing local consent, and NOT exposing that
consent to the network, means that the recipient MUST perform ALL of
the work of authenticating the sender, by applying content filters,
white lists, key signing, challenge-response, etc. i.e. The sender
must effectively "log in" to the recipient, and satisfy expensive
authentication methods.
This result is what boggles my mind about the position of "roaming
users MUST be able to send messages from anywhere, claiming to be
anyone." It's an a priori requirement that the recipient must perform
all of the work to establish consent, and the sender must perform no
work. So the sender does whateever the heck he wants, and the
recipient is forced to deal with it. Where's the "consent framework
for communication"?
The fact is that current issues related to roaming & consent are
largely issues of implementation. The information exists and can be
used.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg