Re: Why are we here? What are our goals?



On Jan 30, 2004, at 8:02 AM, Bonatti, Chris wrote:


Okay, so long as we're throwing ideas out, it always seemed to me
that we should have a multicast-friendly transport option for
push-mode messaging.

I'm not sure I'd go multicast, but some kind of "transfer ofprocessing" isn't a bad idea, optionally.

I'm thinking in terms of some kind of architecture that allows foroptional enhancements that can be advertised by a receiving server, andif they exist, sending servers could take advantage of it. There'd be acore set of required features, a configurable set of standardextensions, and some kind of plug-in capability for specialty work andfuture new stuff. if that sounds a lot like configuring apache, it'spurely coincidental, but it's a good model.

One of those standard-but-optional modules could be a way to allow asite to accept "mail merged" e-mail. The Mailman group is discussingthe tradeoffs of personalization now; if you have a mailing list thatyou want to individualize for each user, now, you have to send oneemail for each user, losing any batching capability. So if a sitewanted to, they could enable a module that allows a MLM to send atemplate and a set of updates in a single packet, and "explode" it intoindividual emails on the other side. Since you're making a resourcetradeoff here (CPU for network, he says, oversimplifying it forsimplicity's sake), it should be up to the receiving site whether toaccept that tradeoff or not.

I also like the notion of anonymity as a SECURITY service.

I argued against this earlier, but if you look at the "plug in" setupabove, I wouldn't argue against it being an optional service, butwhat's the fallback if a receiving site refused to accept anonymousmail?

I really think privacy/anonymity is better served at a higher level, bya service that lives on a trusted host and acts as a trustedgo-between. Trying to implement that in the transport layer on a globalbasis isn't feasible; instead, create a way for a few trustable sourcesto be validated as go-between that sites can choose to accept or not,similar to the current remailers.

I am very wary of anyone thinking they can build a distributed systemof trusts in an environment where those we know we can't trust are fullpartners in the network and have full access to the data in it. I seethat as similar to sending a copy of my house key to everyone in thecountry, and then thinking I'd somehow know whether they're friend orfoe when they open the door. I just don't think that's feasible.Instead, I prefer to leave the door locked, hand keys only to those Itrust, and ask the rest to use the doorbell.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Why are we here? What are our goals?, (continued) Re: Why are we here? What are our goals?, Paul Smith Re: Why are we here? What are our goals?, Hector Santos Re: Why are we here? What are our goals?, Arnt Gulbrandsen Re: Why are we here? What are our goals?, Martin Duerst Re: Why are we here? What are our goals?, Paul Crowley Re: Why are we here? What are our goals?, ipeter(_at_)bigpond(_dot_)net(_dot_)au RE: Why are we here? What are our goals?, Steve Gardell RE: Why are we here? What are our goals?, Paul Lambert Re: Why are we here? What are our goals?, Eric A. Hall Re: Why are we here? What are our goals?, Bonatti, Chris Re: Why are we here? What are our goals?, Chuq Von Rospach <=