Dave Crocker <dcrocker(_at_)brandenburg(_dot_)com> wrote:
When you referred to SMTP you said nothing about a "model", nevermind
a security model.
You mean this message, which you both read and responded to within
the last 24 hours:
http://www.imc.org/ietf-mxcomp/mail-archive/msg05265.html
The failure of SMTP to protect from forgery, malicious bounces,
etc. is a failure of the security model of SMTP.
My politest response is "You, sir, appear to be mistaken".
Again, it is difficult to understand how you consider either of the
above statements to be hyperbole,
I don't consider them hyperbole. You have, by your own standards
engaged in ad hominems towards me. Yet when I repeated those phrase
back to you, it's me that you labeled unprofessional. The word
"hyperbole" isn't applicable here. Another word starting with "hyp"
is.
on a par with calling a service that operated well for 25 years to
suddenly be "broken" or to be a "failure".
The phrase I've used is "SMTP fails to..", not "SMTP is a failure".
The difference is crucial.
The terms "fails to" and "broken" are well-known, and widely used
in the security industry. e.g. "With the advent of cheap computing
hardware, DES fails to provide adequate security for message traffic.
We suggest using AES". Or, "With the advent of recent attacks, MD5
has been broken, or very nearly so."
http://www.google.com/search?hl=en&lr=&q=md5+broken&btnG=Search
Which points to multiple links titled "MD5 broken". If the authors
of MD5 had responded to those attacks with "A system in wide use for
many years cannot be properly described as 'broken'.", they would have
been laughed off of the planet.
http://www.google.com/search?hl=en&lr=&q=%22DES+fails+to%22+cryptography&btnG=Search
Which points to an article containing the phrase "People understand
that DES fails to provide strong data confidentiality".
Maybe SMTP is magic, and normal security terminology is inapplicable
here. But I don't think that's true.
When you succinctly describe the proposed new model, you will
discover that it has essentially no base of experience in a large
scale.
The word you're looking for is "encompasses". As in "The new model
of general relativity encompasses the old model of Newtonian physics".
One goal behind creating a new model is to include all, or almost
all of the old model. This automatically gives the new model a
large-scale base of experience. Further, the reason for moving to a
new model is that there is a large base of experiences/data which are
known today, which aren't explained by the old model. The new model
can explain them, giving it an even larger base of experience than the
old model.
Science has worked this way for hundreds of years. These model
development methods have also been demonstrated to be applicable to
many engineering fields, but are apparently not applicable SMTP.
It's unfortunate that you do see neither the formal incorrectness of
the term "failed" nor the absence of substantive contributions about
the nature of the changed threat and security models.
I've already dealt with the first part of that phrase. As for the
second part, if my attempts to contribute to the field are so
blatantly absent or incompetent, there would be no need to put effort
into marginalizing me and my position. You could just sit back, and
wait for everyone to realize for themselves that I'm an idiot.
But the sheer effort put into marginalizing me exposes the reality
behind the concept that I have nothing to contribute.
The sore point is not the limitations of SMTP. The sore point is
sloppy, inaccurate hyperbole.
I may know less than you about SMTP, but I do know when I'm being
bushwacked. Your attempts to stop my use of industry standard terms
and practices are duly noted.
Alan DeKok.