ietf-asrg
[Top] [All Lists]

Re: [Asrg] AOL vs the Internet -- Are they opting out? (fwd)

2003-07-27 11:23:02
Dave Crocker <dcrocker(_at_)brandenburg(_dot_)com> wrote:
AD>   Any problems with those activities come ONLY from poor or inadequate
AD> local implementations.

That is a facile, but not very useful response.  First it contains no
substantiation of such a dismissal

  ... and as such, reminds me of previous messages in this thread.

  Still, it's not that difficult to figure out.  Someone has issues
roaming, but doesn't have issues when not roaming.  Is the problem the
Internet as a whole?  No, that hasn't changed.  Is it their local
machine?  No, that hasn't changed.  Is it their home ISP?  No, that
hasn't changed either.

  Ergo, it must be the only item in their use of the network which is
different: the ISP they're using while roaming.

, and second it ignores the realities that users experience.

  What realities?  I've already addressed the fact that ISP's have
broken implementations, and don't communicate or enforce consent.
These issues should be addressed.  Beyond that, I haven't seen you
bring up any additional "realities" that users experience.

My "position" is to pay attention to the vagaries and needs of the real-world,
rather than assume that we can operate things simplistically.

  You've proven that both of us can come up with facile and not useful
responses.  So?

The error of this sort of consent model is that it requires global
enforcement of network access identification and that it be used to
substantiate author identity.

  I'm confused as to whether that's a tautology or a non sequitor.

  "users roaming globally require global enforcement of identity".
Yes, so?  How else can they roam globally?  There's no requirement to
use SSN's or passport #'s as identifiers.  Instead, we currently have
near-random user names.

  People can have more than one identity.  Look in your wallet, I'll
bet you've got 3-4 pieces of plastic, each with a ~10 digit identity.

This a) ignores a variety of valid ISP business models that do not
permit that correlation,

  There are ISP business models which perform *no* authentication of
users on their network?  And which make no statement about their
consent to behaviours of those users?  Which do not make those users
accountable for any of their actions?

  The fight against such ISP's is mainly a legal one: criminal
indictments.  There's little the net can do to fight them, other than
simple disconnection.

b) ignores the fact that identification does not ensure legitimate
behavior, and c) identification does not ensure enforceability.

  Identification ensures accountability.  Accountability ensures that
recipients can choose to enforce consent for accountable senders.
Senders who are not accountable for their behaviour cannot, by
definition, establish a consent framework for communication with a
recipient.


  I think you hit the nail on the head, there.  Establishing mutual
consent is NOT about ensuring "legitimate" behaviour, and it's NOT
about enforcing that behaviour.  It's about the sender being able to
make statements about his behaviour, and the recipient being able to
choose to stop communicating with the sender when his actions don't
match his words.

  As an attempt to reach a common ground, I will state explicitely
that a network BCP SHOULD say that ISPs MUST permit their users to
exchange or enforce consent.  This means exchanging consent with home
domains for roaming users, not blocking port 25, or other stupid local
"filters" which don't help the spam problem, but which prevent normal
network communication.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg