On Tue, 16 Mar 2004, Ed Gerck wrote:
To implement these solutions, we need an Internet design where we
recognize that the end points have become much less trusted than the
connection. This is the opposite of what the DARPA Internet assumed and
was designed for. So, some things gotta change.
I was going to say something before about this. In the original design,
only _some_ ports were to be more trusted, those below 1024. Back in the
mainframe day, the mainframe itself was clearly more trusted. But it was
still the case that users could open untrusted ports, so the entire
machine was not trusted, and all endpoints were not assumed to be trusted.
And contrary to belief, we had spam (or abuse) back before
commercialization, too. I remember starting a "network software engineer"
job in 1991 that included system administration at Kendall Square Research
(KSR). KSR was a supercomputer company, and employed some very smart
people. Never-the-less, in my first week, I got to meet one bright young
VLSI engineer who had a cron job running that sent an email every 5
minutes saying "you're a jerk" to someone he had gotten into a flamewar on
some usenet news group. (We had a uucp 9600baud leased line, and were
waiting on a 56K to Nearnet) That was a fun way to meet new people.
"Hi, I'm the new guy in Swee's group. By the way, that special cron job
you have going, Knock it off."
For example, saying that you're "god(_at_)heaven(_dot_)org" should not be so
easy to do when you're sending email, even though it should still
be easy to set "god(_at_)heaven(_dot_)org" as your address in your MUA.
The From: address is just dressing. It makes no difference what its actual
value is, nor that it can or can't receive email. As was pointed out,
many things only send email, and don't receive it. Those things will have
informative (or not) from addresses that are invalid for reception.
--Dean