On Thu, 2004-11-25 at 18:11 -0500, Alan DeKok wrote:
David Woodhouse <dwmw2(_at_)infradead(_dot_)org> wrote:
The nature of Alan and Hector's belief is such that it could only ever
really be disproven, and never proven -- even it if _is_ in fact true.
I'm not sure which of my beliefs you're talking about.
I'm talking about beliefs stated in the paragraph to which I was
replying, and which I quoted. In which Hector Santos used the words
"What Alan is suggesting, for which I strongly agree...".
But it seems you were talking of problems with mail in general while I
was concentrating solely on spoofing, which is a special case -- one of
the band-aids you mention. I apologise for misinterpreting you and
attributing to you a belief which is not yours.
The same logical point applies though -- you can only ever demonstrate
that it _can_ by fixed without wholesale changes, by doing so. You can't
demonstrate that it cannot.
But since no scheme to really _fix_ the generic problem without such
wholesale change exists, we're far more likely to give you the benefit
of the doubt when you say that such change is necessary. You're probably
right. It's not clear to what extent the change is needed, but you're
also right that it probably doesn't require throwing away SMTP and
starting again.
The existence of a solution which does not require the world to be
changed wholesale would disprove their theory that such change is
required.
Ah. You're not talking about any of my beliefs. Do not use my name
in the context of opinions I've never held.
I apologise again for my misstatement.
Are you saying you do _not_ believe that in order to fix the spoofing
problem we must make incompatible changes to the way SMTP works
universally? That you believe we can achieve it by only making changes
at the endpoint sites which want to take advantage of any new scheme?
That I would agree with.
There is a lot of merit in all of CSV, SES, BATV, DK, IIM and the
other solutions being discussed, and very little evidence that
wholesale changes to existing practice are required, such as the
changes which would be required by SPF or SenderID.
CSV, SES, BATV, etc. require *some* changes to SMTP. To address
Andrew's phrasing of the disagreement, I ask "How can you change
things without changing them?"
Perhaps I was overly ambiguous in an attempt to be succinct. Backward-
compatible change at _participating_ sites is fine. I'm speaking of a
need to 'upgrade the world wholesale' -- to force changes even at
uninterested and non-participating sites, because our new scheme relies
on assumptions about their behaviour weren't previously true. That would
be a very silly thing to do unless it's _really_ necessary.
Concepts like SRS and the proposed abuse of the 'Resent-From:' header
are the kind of thing I was referring to when I said 'change the world
wholesale'. Each would need to be deployed ubiquitously before the
scheme which requires them becomes truly viable.
The existence of CSV, SES, BATV, etc. is an admission that the SMTP
model did not previously contain the ideas put forth in those
proprosals. Therefore, whether people admit it or not, the SMTP model
*is* open for changes, and *is* being changed.
Backward-compatible change within the scope of the existing system, yes.
Changing the model in the same way that MIME changed the SMTP model. How
many times do you remember demanding that some site out there upgrade
their mailer dæmon because you have started sending, or want to receive,
MIME mail? How long did it take them to 'upgrade'?
The question now becomes: What changes are to be permitted, and who
is to be permitted to propose those changes?
Indeed -- and it's a very hard one to answer. What we _can_ say is that
changes which are limited to participating sites are a lot easier than
changes which must be implemented ubiquitously in order for the system
to work correctly. Hence we should eschew schemes which require
_ubiquitous_ change to current practice, in favour of schemes which can
be deployed incrementally at participating sites without losing
compatibility.
(That isn't to say that we should ignore a scheme which purports to
solve world hunger because it requires ubiquitous change, and we should
favour an alternative scheme which can solve just address spoofing
without such change. Obviously I'm talking about comparing schemes with
vaguely equivalent features.)
Compare SES/BATV with SPF, for example. Observe sourceforge.net (and
many other places) rejecting _faked_ MAIL FROM:<dwmw2(_at_)infradead(_dot_)org>
_WITHOUT_ having made any changes -- and when valid mail is forwarded to
a sf.net user from an account elsewhere, where the MTA in between hasn't
been changed either. Yes, it's a change to the model, but it doesn't
_require_ anyone else to adapt. That's the difference.
Likewise compare IIM with SenderID. Each purports to protect against
spoofing of the RFC2822 identities, but one was designed to work in the
real world today, and the other requires that the world adapt to fix it.
One answer is this: It's not 1984. No one is proposing that X.400
or any other protocol should replace SMTP.
Some actually are, but it's entirely unrealistic.
What DOES make sense is to understand WHY spam is a problem in SMTP.
This involves re-visiting the model, because the model of SMTP as
created 30 years ago manifestly did not include the concept that "spam
is a problem." We need to understand what's going on in the design
and deployment of SMTP which allows spam to be a problem.
In the short term, we can come up with endless band-aids. We can
play "whack-a-mole" with spammers. But unless we look at the system
as a whole, we won't have a solution for the whole system.
I agree with that. Hell, if we can have a practicable solution for the
whole system, I'll readily agree even to 'changing the world wholesale',
if that's actually required and realistic.
What I (and many others) object to is far-reaching changes which are
unnecessary; when we have alternative schemes which promise to achieve
the same goals, but without such change.
The most frustrating part of this discussion is that no matter how
many times I repeat my position, I still get accused of wanting to
replace SMTP with something completely different. I still get accused
of wanting to "change the world whole-sale". I still get told "we
can't change the model", even as the people saying that are changing
the model.
It does sound like I misinterpreted you in the same way, for which I
apologise. I'm not arguing with your actual position. To fix spoofing of
addresses is just a band-aid, as you said. But it's all that's on offer
right now. I'm saying we can do _that_ without fundamental changes.
--
dwmw2