From: Michael(_dot_)Dillon(_at_)btradianz(_dot_)com
[mailto:Michael(_dot_)Dillon(_at_)btradianz(_dot_)com]
Sent: Wednesday, November 22, 2006 7:41 AM
To: ietf(_at_)ietf(_dot_)org
Subject: Re: DNS Choices: Was: [ietf-dkim] Re: Last Call: 'DomainKeys
And since SMTP has been an utter and complete failure in
operations,
I find that to be a dubious point.
Anything used by close to a billion people can't be classed
a complete
failure.
The failure is not that it is ignored but that it is so
difficult to operate. Both the end users and the server
operators are unhappy with what they get from the email
system based around SMTP, POP, SUBMIT and IMAP.
But these failures have nothing to do with the DNS or the MX record. In fact
the MX record is one of the conspicuous successes of the mail system, it allows
a remarkable degree of fault tolerance and is the reason the system runs at all
at this stage.
The DNS is a conspicuous success. Most global naming schemes fail. X.500 is
dead, RealNames is dead and there are other schemes being perpetrated today
that will go the same way. DNS did not have to succeed and it suceeded despite
some unnecessary complications.
The problem with the mail system has nothing to do with the protocol
performance. The problems are caused by PEOPLE.
In particular the protocols do not anticipate what is necessary to deal with a
population of a billion users. That is a problem but not an operational
problem, the problem is architectural. But moving to a different directory
scheme (Hello John) or network architecture (Hello David) won't help unless the
new architecture takes account of the real issue - people.
Fortunately it is possible to retrofit infrastructure for dealing with people
into the legacy systems which turn out to be rather better than the councils of
despair would imply.
The early SMTP system held together because there was ACCOUNTABILITY. There
were few limits on what you could do but if you messed up there were
consequences.
The problem with SMTP is the lack of accountability in the billion user
Internet. The accountability mechanisms of the NSFNET did not scale.
And so now we have ad-hoc measures in place that attempt to sort out the 'good
email' from the 'bad email'. These don't work too well because computers don't
have the faintest idea what good or bad is and its pretty hard to teach them.
What we can achieve is to sort email according to whether the sender can be
held accountable for their actions or not. If someone sends me anonymous email
it is unfortunately going to go straight to the bit bucket. I receive 3000
emails every day of which 300 are legitimate. I do not read all my email from
people I know. I don't have time to read 2,700 advance fee frauds and ads for
viagra.
Knowing who sent an email with a high degree of confidence is the first step
towards knowing whether they can be held accountable.
SMTP does its intended job. DKIM adds a layer that is also foundational for
achieving accountability.
Accountability in this case probably means 'if you sent me mail in the past
which was authenticated and did not turn out to be spam I will accept this mail
on more favorable terms, if on the other hand people complained about the mail
you sent as spam then modulo the possibility that they might have lied this
next mail you sent is also going to the bit bucket'.
I know that there are people who really do not like the concept of being held
accountable (who does) but this is no different from what is going on today
only at the moment you are being held accountable for mail you did not send.
Accountability is not incompatible with anonymity either. The Internet does not
really provide true anonymity as many Internet criminals find to their cost.
The Internet actually provides multiple levels of pseudonymity, you have an
identity but one that cannot necessarily be correlated to your other identities.
It is certainly possible to have accountability with pseudonymity, the Slashdot
karma system is an existence proof.
It is even possible to have accountability with complete anonymity if you use
trustworthy hardware (OB Disclosure, patent is pending).
It has nothing to do with software and everything to do with
architecture. IM networks have less problems because all the
participants share a relationship with the IM service
providers. Nobody has yet tried to build an open-ended email
network based on a chain of trust between participants.
Instead we have the flat SMTP protocol open to all comers and
two client protocols that do NOT support sending an email message.
On the contrary, I get calls from a new VC-backed startup touting exactly that
type of scheme roughly every three months.
The proposal here is to lay the groundwork to allow the phased trasnsition of
the existing email system to allow networks of mutually trusted parties to
exchange email on an accountability basis. For example Yahoo and Gmail both
send vast quantities of email to each other. Both companies impose internal
velocity limits that are an effective block on spammers using their system to
originate mail. Both companies are willing to trust the effectiveness of the
other's controls. Both companies sign their email with DKIM.
So there is actually an existence proof (or will be when the companies filter
on DKIM data) for what you propose but using legacy SMTP and legacy DNS.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf