ietf
[Top] [All Lists]

Re: Eliminating Virus Spam

2001-01-03 22:30:02

  Date: Wed, 03 Jan 2001 17:50:03 -0500 (EST)
  From: James M Galvin <galvin(_at_)acm(_dot_)org>

      I think it would be a mistake for the IETF to try to get into the
      business of protecting mailing list subscribers from virses.

  I'd sure like to understand your motivation for this point of view.
  Since it is, in fact, relatively straightforward to put virus scanning
  in front of message distribution I would think this is exactly what we
  want the IETF to do, or more precisely the IETF Secretariat to do for
  those elists they manage.  The only real work in such an activity is
  keeping up with the "virus updates".

Here are a few reasons that occur to me immediately: If the IETF
filters messages for their safety, the IETF becomes responsible for
damages caused by any messages that get through.  The IETF
Secretariate is a limited resource and it is better expended
supporting those with the knowledge and competence to contriubte to
the IETF mission of quality protocol specifications who can immunize
themselves from viruses in an Internet friendly way for the account(s)
they use for IETF mailing lists.  (And, given how many mailbox
services are available, I don't consider "But my organization uses X
broken mail software" to be a plausible excuse.)  Virus filtering is
almost entirely platform dependent, so such things shouldn't be on the
IETF discuss mailing list at all, and would require selection,
possible periodic replacement, and constant maintenance of proprietary
commercial software.  Etc.

However, stripping out or blocking mail by MIME type would probably be
a reasonable technique that would be about as effective and is
certainly platform independent...

From:  "Theodore Y. Ts'o" <tytso(_at_)MIT(_dot_)EDU>
Date:  Wed, 3 Jan 2001 18:46:36 -0500
Message-Id:  <200101032346(_dot_)SAA10322(_at_)tsx-prime(_dot_)MIT(_dot_)EDU>
In-reply-to:  James M Galvin's message of Wed, 03 Jan 2001 17:50:03 -0500
                (EST), 
<Pine(_dot_)BSF(_dot_)4(_dot_)21(_dot_)0101031745550(_dot_)2147-100000(_at_)two(_dot_)elistx(_dot_)com>

...

I agree that filtering multipart messages goes too far; they can be
useful.  However, I do believe it would be fair game --- especially for
the IETF mailing list, to filter multipart messages containing Microsoft
documents and executables.  There really is no excuse for sending any of
that nonsense onto the IETF mailing list, and that would nicely avoid
sending any viruses onto the IETF list without needing to run
platform-specific virus detection software, and requiring the
secretariat to keep such software up-to-date.  (For bonus points, it
would be nice to have filtering software to deal OutLook's annoying
habit of sending both HTML and ASCII TEXT messages for messages there
was absolutely no need to send to the HTML...)

I think MULTIPART should definitely be allowed.  MULTIPART/SIGNED
certainly shouldn't be discouraged.  I frequently want, for someone
active in the IETF, the type of information in vCard attachments,
though it often seems that those for whom I want such info don't use
such attachments.

But it seems to me relatively easy to come up with a set of allowed
MIME types, basicly those defined in IETF standards which are useful
in platform independent IETF discussion list messages, and only allow
mail that either isn't MIME or has only the allowed types.  In
particular, about the only APPLICATION subtypes that seem reasonable
are those related to signatures and keys/certificates and proprietary
subtypes under other top level MIME types should be blocked.

...
                                                      - Ted

Donald
===================================================================
 Donald E. Eastlake 3rd                    
dee3(_at_)torque(_dot_)pothole(_dot_)com
 155 Beaver Streeet                         
lde008(_at_)dma(_dot_)isg(_dot_)mot(_dot_)com
 Milford, MA 01757 USA     +1 508-634-2066(h)   +1 508-261-5434(w)




<Prev in Thread] Current Thread [Next in Thread>