Re: [Asrg] 0. General

[Markus Stumpf <maex-lists-spam-ietf-asrg@Space.Net>]

On Tue, Oct 21, 2003 at 02:40:41PM -0400, Denny Figuerres wrote:
> Well I am thinking of a few things... I just got a reply that mentioned
> "RMX" which sounds close to what I am thinking.

    http://www.ietf.org/internet-drafts/draft-danisch-dns-rr-smtp-02.txt
    http://www.ietf.org/internet-drafts/draft-fecyk-dsprotocol-04.txt
    http://www.ietf.org/internet-drafts/draft-brand-drip-01.txt
    http://www.irtf.org/asrg/draft-vixie-repudiating-mail-from.txt
    http://spf.pobox.com/draft-mengwong-spf-01.txt 
    http://nospam.couchpotato.net/

Choose one. They all break all sorts of existing Internet mail structure
like oversized DNS packets or totally breaking forwards.

> And if you are a customer of an ISP other other service operator then
> you should be using their SMTP server to reach other SMTP servers.

And that does help what?
I have cleaned out the mailqueue of one of our mailservers on Satuerday
of > 4000 messages that still stuck after 2 hours response time and
where injected via a hacked Win2000 server at a customers authentifying
via SMTP AUTH.

> (yes that's a relay, but a closed relay supervised by the ISP -- the
> network operator keeping the chain of accountablity in tact)

Accountability for what?
They did not do it and being to fscking braindead to maintain a computer
connected to the Internet is not a criminal act that will get you your
head chopped off. It's a "unlucky thing" that happens to everyone. So no
judge will prosecute you for that.
The customer pays the traffic and if we're really lucky he'll pay the 1.5
hours techsupport. If we have bad luck he'll terminate contract because
I shut him off for the weekend and we presume to have him pay for
something e did not do.

> And if you want to run a server you shuld not have a fit over having to
> tell your ISP and agree that you will be accountable for any damges you
> cause.

You have two major problems:
could/should and internationalization.
The Internet is a commercial net for quite some time and the "grey guys"
make their money with the fact that they are less restrictive than the
"white guys". As long as there are enough "grey guys" you can't get rid
of the easily because maybe some big companies are their customers.
So strongly being a "good guy" mainly brings bankruptcy these days, as
you lose customers. So this could/should is something we are all aware
but nobody can enforce it.
This is true even more as the Internet is a worldwide net and lots of
countries have lots of different legislation.

> In many ways I'd take the SSL model, I will exchange trusted data only
> with a partner I can verify as "reputable".

Please define how the transition period will work.
Please define who to enforce the SSL model.

> If done right the PC user would get a call from the local ISP telling
> them to fix the computer ASAP and take it off the net.

Big deal. Our bandwidth/port scan monitors show this already and we call
the customers. How long can you have some support personnel on phone
to help a luser that can just find the PowerOn button and has no ideas
of antivirus and that pays 10 USD/month. How much of them (support and
lusers) can you afford?

I was idealistic 20 years ago, and even 5 years ago, but it looks like
reality has me in its claws now ...

	\Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg