ietf-mxcomp
[Top] [All Lists]

Re: Forging (was Re: Differences between CSV and Sender-ID )

2004-07-09 03:01:13

Alan,


AD>   a) ...  I said SOME are idiotic, not ALL.
AD>      It's rude to cherry-pick a complicated scenario, and make it
AD>      sound like I said those people were dumb.  I didn't.

In fact, you have been focussing entirely on the 'dumb' spammers,
whereas I have chosen to focus entirely on the smart ones.  You are
citing the dumb ones on the basis of making certain decisions for
global standards to be reasonable.

I am citing the smart ones because they will roll past any standard
that is not robust against them.


AD>   b) Don't mistake "script kiddies" for people with a clue, or for
AD>      spammers.

I wasn't.  That is why I'm citing the smart guys.  The ones with
multi-level control mechanisms and many thousands or millions of
compromised machines.


AD>   Computers have things called "scripts" or "programs"
AD>      which idiots can run to perform complicated tasks.  And idiots
AD>      can buy CPU time on "owned" machines from smart people, and use
AD>      that time to send spam.

I guess I am missing the point behind citing how dumb these guys are.


What does that fact do with respect to protocol standards decisions?


AD>   What I was originally discussing was ideas from this WG: domains
AD> hosting policy information about themselves in DNS.  RMX, SPF, CSV,
AD> and Sender-ID all fall into this category.  My comments that MARID
AD> could be construed as domains maintaining black/whitelists were
AD> intended to be taken in the context of this WG: domains maintain
AD> policy information about themselves, and that information may be used
AD> by others as input to blacklists/whitelists.

The terms whitelist and blacklist have significant and rather
consistent history.  I fail to see the benefit in redefining them for
this working group.  Besides being seriously confusing, the definition
is not written down in a working group document.


AD>   For the record, I believe I understand your opinion very well.  You
AD> think temporary measures aren't permanent solutions.

Tautologies can be humorous, but that isn't what I said.  I said that
temporary measures are highly inappropriate for global standardization.


AD>   Where I disagree with you is in the utility of the temporary
AD> measures.

And that is why I keep asking for examples of comparable efforts --
global standards that provide temporary measures against side-effects
rather than core aspects of a problem.  When has such an approach
worked?



d/
--
 Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
 Brandenburg InternetWorking <http://www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>


<Prev in Thread] Current Thread [Next in Thread>