ietf-asrg
[Top] [All Lists]

Re: [Asrg] 6. Proposals - RMX-like implementation via rDNS

2003-09-10 16:56:34
Brad Knowles wrote:
At 6:57 PM -0400 2003/09/10, waltdnes(_at_)waltdnes(_dot_)org wrote:

   "The 'net was designed for..."
   - a clientel consisting of white, male, middle-class military types
     and civilians doing reasearch for the military.  These people needed
     security clearance simply to get on the net, which is why smtp had
     no security designed in.  This clientel would have no incentive to
     spam; doing so would risk their security clearance.


The original ARPAnet was unclassified. Granted, getting access to ARPAnet was extremely difficult, and therefore things like inter/intra protocol security were not priorities. However, this has nothing to do with security clearance.


Please see the draft written by the IAB on this (http://www.iab.org/documents/drafts/draft-iab-e2e-futures-03.txt):

----snip--------
"3.1 Lack of Trust

Perhaps the single most important change from the Internet of 15 years go is the lack of trust between end nodes. Because the end users in the Internet of 15 years ago were few, and were largely dedicated to using the Internet as a tool for academic research and communicating research results (explict commercial use of the Internet was forbidden when it was run by the US government), trust between end users (and thus between the end nodes that they use) and between network operators and their users was simply not an issue in general. Today, the motivations of some individuals using the Internet are not always entirely ethical, and, even if they are, the assumption that end nodes will always co-operate to achieve some mutually beneficial action, as implied by the end to end principle, is not always accurate. In addition, the growth in users who are either not technologically sophisticated enough or simply uninterested in maintaining their own security has required network operators to become more proactive in deploying measures to prevent naive or uninterested users from inadvertently or intentionally generating security problems.
----snip--------

It is sufficient for our purposed to know that the Internet is insecure today as per above draft. The reasons for that do not matter unless they have direct relevance to our work.


       What it all comes down to is that the vast majority of emails sent
 direct-to-mx from residential/dynamic IP addresses is spam.  If you're
 going to accept smtp traffic from another ISP's dynamic IP addresses,
 you need some form of authentication.  This can be the POP-before-SMTP
 hack, or ssh-tunneling, or SSL, or whatever.


Some of us don't have effective alternatives for access. There is only one dominant carrier available, and while their service may just be sufficient to get our bits onto the 'net, they couldn't find their backside if they were stuck into a room with mirrors on all sides and the world's most powerful lighting. We wouldn't route our mail through their servers if our lives depended on it. They are Access Providers, no more.

Indeed, in some countries, the only access available is from providers who explicitly refuse to provide anything more than just bare access, requiring you to get all your service somewhere else.


I can definatly relate to that - my own provider is providing a bare-bones SMTP server which has been an open-relay at one point and is still blacklisted in some places.

Please keep in mind the technical considerations and requirements documents, especially the sections regarding not placing a large burden on users and backwards compatability. These are issues with all proposals, the question is whether the benefits outweigh the disadvantages. This is something that needs to be evaluate objectively for every proposal without going off-topic.

Yakov


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg