Re: objections, again
Todd Vierling <tv@pobox.com> Mon, 04 August 1997 04:36 UTC
Received: from cnri by ietf.org id aa24131; 4 Aug 97 0:36 EDT
Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by cnri.reston.va.us (8.8.5/8.7.3) with ESMTPid AAA07947; Mon, 4 Aug 1997 00:34:44 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.5/8.7.3) id UAA16784 for ietf-822-bks; Sun, 3 Aug 1997 20:58:58 -0700 (PDT)
Received: from mailhub.iag.net (www2.iag.net [204.27.210.7]) by mail.proper.com (8.8.5/8.7.3) with ESMTP id UAA16780 for <ietf-822@imc.org>; Sun, 3 Aug 1997 20:58:54 -0700 (PDT)
Received: from duh.org (root@like.duh.org [207.30.92.21]) by mailhub.iag.net (8.8.6/8.8.6) with ESMTP id BAA01468; Mon, 4 Aug 1997 01:12:25 -0400 (EDT)
Received: from localhost ([[UNIX: localhost]]) by duh.org (8.8.6/8.8.6) with SMTP id AAA00649; Mon, 4 Aug 1997 00:02:43 -0400 (EDT)
X-Authentication-Warning: like.duh.org: tv owned process doing -bs
Date: Mon, 04 Aug 1997 00:02:42 -0400
From: Todd Vierling <tv@pobox.com>
X-Sender: tv@like.duh.org
To: Chris Newman <Chris.Newman@innosoft.com>
cc: ietf-822@imc.org
Subject: Re: objections, again
In-Reply-To: <Pine.SOL.3.95.970803113840.12748B-100000@eleanor.innosoft.com>
Message-ID: <Pine.NEB.3.96.970803231328.29983E-100000@like.duh.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ietf-822@imc.org
Precedence: bulk
On Sun, 3 Aug 1997, Chris Newman wrote: : > * Chris's delivered-to-owner default violates RFC 2119, section 6. : : The keywords are used to get interoperation between MUAs, final delivery : agents and mailing list servers with respect to subaddresses as : transmitted on the wire. Thus the proposal is entirely within IETF domain : and your complaint has no merit. Then let me clarify his point a little. Under RFC 2119, section 6, Imperatives of the type defined in this memo must be used with care and sparingly. In particular, they MUST only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm (e.g., limiting retransmisssions) For example, they must not be used to try to impose a particular method on implementors where the method is not required for interoperability. I run a mail server that accepts mail for duh.org. YOU HAVE NO AUTHORITY to control how mail is handled once it enters my system, or the validity or equality of addresses before the @. THAT IS MY MTA'S CHOICE, not yours. B Not even a 'VRFY' or 'EXPN' SMTP command gives any kind of assurance on deliverability or identity of addressing. Only an actual attempt at mail delivery does. I don't use qmail. I'm using your run-of-the-mill Sendmail 8.8.7. I do use subaddressing on a minor basis. My mail transfer agent has sole authority about addressing mail in the @duh.org domain. I do interoperate quite well with every single SMTP compliant MTA out there, thankyouverymuch. SMTP says nothing about subaddressing, and the interoperability requirement above is already satisfied. You just don't have a ground to walk on by forcing us to standardize addresses before the @ sign. As long as we don't use a well-known metacharacter defined by RFC, we can put just about anything before the @ sign and expect it to remain untouched and unique. Defining a new metacharacter is not only sloppy at this point, but it should also only affect routing of mail *outside* the destination host/domain (see the use of % and !). In short, subaddresses DO NOT EXIST unless my MTA says they do (and only within the local delivery ability of my MTA). Outside my domain, you have no authority to tell me how to deliver mail addressed to the @duh.org domain. Anything to the contrary simply makes no sense. : > * Chris's MLM requirement creates a new security problem when a+b is : > subscribed to a mailing list and a+c is a different user. : : No. In that rare case, a subaddress-aware MLM would allow email with : addresses from "a" to manage "a+b" and "a+c"'s subscription. But this is : not a real security issue as anyone can generate email from "a", "a+b" or : "a+c" regardless. RFC 2015 provides real security. Therefore this cliam : has no merit. RFC 2015 provides real security via PGP et. al., sure. So how does validation of a sender's identity, based on e-mail addressing, have any _usability_ whatsoever? Therefore the _restriction_ of delivery/identity to a "primary user" has no merit. : Perhaps if you forwarded a user's statement to that effect we'd be more : inclined to listen and address the specifics of that complaint. I'm not a casual user (I have contributed source code and patchwork to several *BSD variants and Sendmail itself) but I don't write the core "stuff"; I primarily just use it all. So this was my statement. Oh, one off-hand note: I cannot recall which, but there is a MTA out there that separates first and last names of a person with a +. This package is not widely used, but it _is_ used by a couple Fortune 500s, and you'd probably infuriate many more unknowing users of that package and others by imposing some sort of authentication and identity mechanism on them that ruffles existing e-mail addresses. ===== == Todd Vierling (Personal tv@pobox.com; Alternate tv@duh.org) == I'm glad you like the Internet, Bobby. Now go eat your Frosted Flakes.
- objections, again D. J. Bernstein
- Re: objections, again Chris Newman
- Re: objections, again D. J. Bernstein
- Re: objections, again Todd Vierling
- Re: objections, again Ned Freed
- Re: objections, again Chris Newman
- Re: objections, again Chris Newman
- Re: objections, again D. J. Bernstein