ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] AOL vs the Internet -- Are they opting out? (fwd)

2003-07-27 08:44:46
from [Dave Crocker] [Permanent Link] 
Alan,

AD>   I fail to see how the net changes when I roam inter-country, as
AD> opposed to intra-country.  The authentication & other network
AD> protocols I use are the same.  In many cases, I use the services of
AD> the same global company.

In many cases, one can not. This changes the issues for authentication
and inter-administration authorization.  Different access services
employ different rules.  Sometimes the rules collide.


AD>   The only things which change are local implementations.

how about with a laptop, using pop/smtp, rather than web user interface
to your home email application?
how about when connected to a remote network, such as a clients?
Or from a hotel, using your laptop?


AD>   Any problems with those activities come ONLY from poor or inadequate
AD> local implementations.

That is a facile, but not very useful response.  First it contains no
substantiation of such a dismissal, and second it ignores the realities
that users experience.


AD>   In contrast, your position paradoxically requires the very thing you
AD> appear to oppose.  NOT enforcing local consent, and NOT exposing that
AD> consent to the network, means that the recipient MUST perform ALL of
AD> the work of authenticating the sender, by applying content filters,
AD> white lists, key signing, challenge-response, etc.

My "position" is to pay attention to the vagaries and needs of the real-world,
rather than assume that we can operate things simplistically.

That sort of "position" tends to work far better for getting viable
services that people will actually agree to.


AD>  i.e. The sender
AD> must effectively "log in" to the recipient, and satisfy expensive
AD> authentication methods.

AD>   This result is what boggles my mind about the position of "roaming
AD> users MUST be able to send messages from anywhere, claiming to be
AD> anyone."

The error of this sort of consent model is that it requires global
enforcement of network access identification and that it be used to
substantiate author identity. This a) ignores a variety of valid ISP
business models that do not permit that correlation, b) ignores the fact
that identification does not ensure legitimate behavior, and c)
identification does not ensure enforceability.


d/
--
 Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
 Brandenburg InternetWorking <http://www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] AOL vs the Internet -- Are they opting out?, Dave Crocker
Next by Date:  Re: [Asrg] AOL vs the Internet -- Are they opting out? (fwd), Alan DeKok
Previous by Thread:  Re: [Asrg] AOL vs the Internet -- Are they opting out? (fwd), Alan DeKok
Next by Thread:  Re: [Asrg] AOL vs the Internet -- Are they opting out? (fwd), Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]