Re: [Asrg] 6. Proposals - RMX-like implementation via rDNS
2003-09-10 16:56:34
Brad Knowles wrote:
At 6:57 PM -0400 2003/09/10, waltdnes(_at_)waltdnes(_dot_)org wrote:
"The 'net was designed for..."
- a clientel consisting of white, male, middle-class military types
and civilians doing reasearch for the military. These people needed
security clearance simply to get on the net, which is why smtp had
no security designed in. This clientel would have no incentive to
spam; doing so would risk their security clearance.
The original ARPAnet was unclassified. Granted, getting access to
ARPAnet was extremely difficult, and therefore things like inter/intra
protocol security were not priorities. However, this has nothing to do
with security clearance.
Please see the draft written by the IAB on this
(http://www.iab.org/documents/drafts/draft-iab-e2e-futures-03.txt):
----snip--------
"3.1 Lack of Trust
Perhaps the single most important change from the Internet of 15 years
go is the lack of trust between end nodes. Because the end users in the
Internet of 15 years ago were few, and were largely dedicated to using
the Internet as a tool for academic research and communicating research
results (explict commercial use of the Internet was forbidden when it
was run by the US government), trust between end users (and thus between
the end nodes that they use) and between network operators and their
users was simply not an issue in general. Today, the motivations of some
individuals using the Internet are not always entirely ethical, and,
even if they are, the assumption that end nodes will always co-operate
to achieve some mutually beneficial action, as implied by the end to end
principle, is not always accurate. In addition, the growth in users who
are either not technologically sophisticated enough or simply
uninterested in maintaining their own security has required network
operators to become more proactive in deploying measures to prevent
naive or uninterested users from inadvertently or intentionally
generating security problems.
----snip--------
It is sufficient for our purposed to know that the Internet is insecure
today as per above draft. The reasons for that do not matter unless they
have direct relevance to our work.
What it all comes down to is that the vast majority of emails sent
direct-to-mx from residential/dynamic IP addresses is spam. If you're
going to accept smtp traffic from another ISP's dynamic IP addresses,
you need some form of authentication. This can be the POP-before-SMTP
hack, or ssh-tunneling, or SSL, or whatever.
Some of us don't have effective alternatives for access. There is
only one dominant carrier available, and while their service may just be
sufficient to get our bits onto the 'net, they couldn't find their
backside if they were stuck into a room with mirrors on all sides and
the world's most powerful lighting. We wouldn't route our mail through
their servers if our lives depended on it. They are Access Providers,
no more.
Indeed, in some countries, the only access available is from
providers who explicitly refuse to provide anything more than just bare
access, requiring you to get all your service somewhere else.
I can definatly relate to that - my own provider is providing a
bare-bones SMTP server which has been an open-relay at one point and is
still blacklisted in some places.
Please keep in mind the technical considerations and requirements
documents, especially the sections regarding not placing a large burden
on users and backwards compatability. These are issues with all
proposals, the question is whether the benefits outweigh the
disadvantages. This is something that needs to be evaluate objectively
for every proposal without going off-topic.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
|
|