From: John C Klensin <klensin(_at_)jck(_dot_)com>
...
Ok, would you support rejecting any submissions containing
non-text attachments?
Personally, I probably would, although I can see a case for a
few other forms. On the other hand, the one that would probably
end up on the list right after "text" is likely HTML or XML and
they are known to be dangerous.
HTML should not be dangerous, if you're not naive or an idiot, but then it
should be possible to say the same about simple word processing text.
See http://support.microsoft.com/support/kb/articles/Q288/2/66.ASP
In other words, the list should stop at "text"
...
I could easily live with length restrictions on non-text. But I
suspect that, if we go to length restrictions, we had best be
clear about what problem(s) we are trying to solve. ...
Is there any way to make progress, to not continue to go around which
formats should should be filtered and whether filtering is evil and
nasty?? Is it impossible to
1. reach consensus that some binary formats should be filtered,
2. help the IESG (or whomever) upgrade the machines (if they need and
want help) to a modern sendmail with easy support for such
filtering and fewer bugs,
3. help the IESG (ditto) install filters (ditto)
(I'd volunteer for any of that help if I didn't think others more qualified
would also volunteer at the first, slightest hint from the IESG.)
...
Well, first of all, wrt this issue, I'm just an IETF participant
like most others who read these lists and are impacted by them.
So my opinion isn't worth anything special. ...
That IETF officials are evidently forced to sign contracts promising to
always include such disclaimers to get their discharge papers is a
powerful reason to never become an IETF official. Besides, that you
have not managed to lose all of your influence makes that disclaimer
somewhat false.
inadvertent attacks. After that, we can quibble about which
things are "noise removal" and "protection against attacks" and
which things are "censorship". I tend to oppose the latter,
but my definition of the term is probably much narrower than
those for whom the idea of keeping anything off a list or out of
general circulation is a moral outrage.
It is unfortunate aspect of popular political correctness to be unable
to use the dictionary definition of censoring, "examining in order to
suppress or delete anything considered objectionable." That's clearly
what we're talking about in stopping the viruses, without any implications
of moral outrage. http://www.m-w.com/
...
censored. Every author should be respected enough to be
published or rejected, completely unedited.
Personally, I tend to agree -- on logical, moral, and technical
grounds and without needing to appeal to amateur lawyering or
copyright hair-splitting. Any given submission should either go
through or be diverted, not "improved" by any process not under
the author's control.
Besides being the moral and ethical high ground, that position
obviates indefinite delays while lots of code that do just the
right kinds and amounts improving are argued about, written,
deployed, and perhaps someday debugged.
Could we please move forward or discover that is impossible? Could
we somehow judge whether there is consensus for filtering at least
the viruses or that it is unlikely that consensus for filtering can
be reached? I think the consensus in favor is clear, not withstanding
the opposition of one or two. Of course my determination of the
consensus is in no way authoritative or even influential.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com