ietf
[Top] [All Lists]

Re: What I've been wondering about the DMARC problem

2014-04-15 06:37:50
Jimmy Wales is, perhaps partially unconsciously, referencing this with his
point on a "culture of free expression."

Note: I am not implying in making these observations that stewardship
should be by any particular country, or any number less than the totality
for that matter -- only that we rely on systems that we have claimed for
the people to create such a context, and the international arena (and the
various systems so far presented for "checks and balances" or even simply
handoff to privatized systems to multistakeholder-ish processes that must
not be government-led or inter-governmental) does not presently support
that.


Seth


Seth


On Tue, Apr 15, 2014 at 1:29 AM, Seth Johnson 
<seth(_dot_)p(_dot_)johnson(_at_)gmail(_dot_)com>wrote:

(one insert/correction inline)

On Tue, Apr 15, 2014 at 1:20 AM, Seth Johnson 
<seth(_dot_)p(_dot_)johnson(_at_)gmail(_dot_)com>wrote:

The framework internationally is different.  Within free countries,
there's a culture of expectations that certain things will be unacceptable,
or will be resisted by self-respecting citizens.  That culture is based in
a system that guards fundamental liberties, and people are able to rely on
it to do so, though for private firms the limits aren't so definitive as
they are for the government.

Internationally, the limits are no longer so definitive, and that's
because even though governments will sign onto instruments like the UDHR,
those rights are not actually fundamental, even if we call them that.
Fundamental rights have an undeniable priority within countries where they
have been claimed in the founding act.  On that foundation, judges are
always obliged to assess fundamental rights in light of the unarguable fact
that their priority over the government was part of the original creation
of the whole system.  There's no founding act in the international arena
that sets the priority of people over the governments of the world, so
rights are actually at the indulgence of governments, and governments can
always assert their state interests are so important that they warrant
impinging on fundamental liberties.

We just saw an example of this with the Snowden disclosures.  We've been
through a long period where we couldn't get our government to actually do
much for us, or conversely to not invade our liberties -- because the
claims that the government was snooping pervasively were kept marginal in
various ways.


<fixed>

 But once documentation moved those considerations out of the frame of
"conspiracy" or zealotry by activist organizations, we suddenly began
seeing the appeals work again: "that's not the kind of country we are, what
we set up for ourselves," we started saying again.

</fixed>

(eom)


And while it's still in a bit of denial, we are seeing a gradual grudging
retracting -- again, because the basis in fundamental liberties is
unarguably related to how we set the government up in the founding act(s).

This is for governments and the more definitive relationship between
fundamental liberties and the government; that is, that they are limits on
the government.  The judicial system treats fundamental rights violations
by the government in terms of "strict scrutiny," which means a governmental
act that impinges on fundamental liberties must serve a compelling state
interest, and even then, must be narrowly tailored.  For private parties,
it's more that the working system creates a culture of people who enjoy
this ability to live in a system where these limits on the government are
actually at play -- and that's a context that more easily supports
attitudes of resistance and pushback from people who see their dignity
invaded by private firms that do excessive things.

None of this exists internationally.  The best you can place some faint
hope in is that national/state interests will be "balanced" against rights
expressed in a treaty.  That's a totally different standard from strict
scrutiny.  And relying on even that is unrealistic, because governments
have the "epistemic priority" -- and so they often, quite freely, simply
claim their sovereignty and act according to what they claim is an
important state interest.  They simply have that wherewithal at the
international level.

All of which is preface to say that the result is that governments and
private parties (and corporations, who have concocted trans-state "rights"
through judges acting to fill in gaps in the law over the years) know the
rules don't apply the same way in the international arena.

In fact, given the transitions currently being attempted, whether with
the IANA functions or "Internet governance" more generally, Yahoo's DMARC
behavior may really be a sort of dry run, testing the ability to take
advantage of the moves to put concerns related to the operation of the
Internet into an international frame, which folks are pushing for without
really recognizing what's missing in that context, what they have sort of
unconsciously relied on and taken for granted within systems of checks and
balances that are rooted solidly at national levels.

The checks and balances don't work the same internationally, and that
circumstance can be exploited (and is, all the time, these days).

People might push back, but they don't really do so with the same sense
of fundamental recourse assured by a solidly rooted system.  And Yahoo
knows this.  And we're just shoring that up by saying we can just switch
multistakeholderism to the international arena.

(All of this is aside from other factors not generally acknowledged --
that there are actually inter-governmentally endorsed frames in place that
will have a bearing on IANA type functions or domain names (Names, Numbers,
Addresses and Identifiers/NNAI, in the ITU parlance), regardless of the
fact the IANA transition defines itself as non-governmentally-led or
inter-governmental.  Looking at this in that light, Yahoo may be forcing
the creation of a context in which it can start to exercise those
frameworks.)


Seth


On Tue, Apr 15, 2014 at 12:07 AM, Miles Fidelman <
mfidelman(_at_)meetinghouse(_dot_)net> wrote:

Important business users, with Yahoo accounts?  Is that a joke?

Just as a reference point:
- I just logged into my long-unused, and un-publicized yahoo email
account - and the only thing there is Spam
- the lion's share of mail that comes from yahoo, to my normal account,
is spam
- unfortunately, a good number of people on the email lists that I run
seem to have Yahoo mail accounts - and a good amount of the mail that comes
from those accounts is... you guessed it... spam - because yahoo email
accounts seem to be vulnerable to cracking and exploitation

So, just who is it that Yahoo is protecting here?


Abdussalam Baryun wrote:

The standard procedure in many companies is business scoped, so they
identify important business users and the business returns/damages. Most
important users are not IT experts, and use email for personal exchange.
Yahoo has signed an agreement with users to protect its information system,
so all seem to follow that, and all users are free to stop using services
or not.

AB

On Tuesday, April 15, 2014, Brian E Carpenter wrote:

    I thought that standard operating procedure in the IT industry
    was: if you roll something out and it causes serious breakage to
    some of your users, you roll it back as soon as possible.

    Why hasn't Yahoo rolled back its 'reject' policy by now?

    Regards
       Brian



--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra




<Prev in Thread] Current Thread [Next in Thread>