Re: Requesting comments on draft-cheney-safe-02.txt
Hector Santos <hsantos@santronics.com> Sun, 02 August 2009 15:13 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n72FDc7l009670 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 2 Aug 2009 08:13:38 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n72FDcTd009669; Sun, 2 Aug 2009 08:13:38 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from winserver.com (mail.winserver.com [208.247.131.9]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n72FDae8009659 for <ietf-smtp@imc.org>; Sun, 2 Aug 2009 08:13:36 -0700 (MST) (envelope-from hsantos@santronics.com)
Received: by winserver.com (Wildcat! SMTP Router v6.3.452.7) for ietf-smtp@imc.org; Sun, 02 Aug 2009 11:13:42 -0400
Received: from hdev1 ([99.3.147.93]) by winserver.com (Wildcat! SMTP v6.3.452.9) with ESMTP id 2474378390; Sun, 02 Aug 2009 11:13:41 -0400
Message-ID: <4A75AD10.6090406@santronics.com>
Date: Sun, 02 Aug 2009 11:13:20 -0400
From: Hector Santos <hsantos@santronics.com>
Organization: Santronics Software, Inc.
User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
MIME-Version: 1.0
To: "Cheney, Edward A SSG RES USAR USARC" <austin.cheney@us.army.mil>
CC: "J.D. Falk" <jdfalk-lists@cybernothing.org>, ietf-smtp@imc.org
Subject: Re: Requesting comments on draft-cheney-safe-02.txt
References: <f6fecbd18af7.4a721c99@us.army.mil> <4A720D35.1000306@cybernothing.org> <f6e091e580a6.4a7258af@us.army.mil> <4A726C53.4070607@santronics.com> <f77e91c9cada.4a732fd9@us.army.mil> <4A7451DD.3050006@santronics.com> <f714fa08d142.4a74a849@us.army.mil>
In-Reply-To: <f714fa08d142.4a74a849@us.army.mil>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
Cheney, Edward A SSG RES USAR USARC wrote: >> At the end of the day, either you allow the site to run as it was >> designed if you want to be part of it, or just ignore it if you are >> concern about its cross domain behavior. > > Demeaning the user is not a technology solution. > Unfortunately, ethical engineering considerations are no longer taught to these "kids," too expensive, it hurts the brain! and is prohibitive these days. The modus operandi is to DO IT first, and see where the chips fall. Any corrections would be an after thought. Of course, by then it may be too late. Triage and Pareto's Principles apply. Since this in the SMTP forum, FaceBook, for example, is one of the entities that believes all MAIL is own by them and can be used to extracting information about both parties. So does Google and yahoo, but FaceBook has raised and highlighted the issue of recent by questioning any the idea of user email privacy. This is an issue that was a TABOO for nearly three decades by many who understand why it is an ethical issue. Regardless of what you and I think, its being leverage. Anyway, my engineering assessment regarding SAFE: I think your intent is good, but I don't see how SMTP will help. You are extracting one good part of it (AUTH/TLS) but the rest of it is bad. Even then, IMV, even if it is considered that an alternative should be considered, it would be a major revamp and thus SHOULD open the door to a newer more efficient protocol. One where the state machine would be much simpler. Maybe something like SIP or XMPP or SOAP. Both Microsoft and Adobe have newer client-side plug-ins that now offer signed certificate authentication/authorization methods with their client-side "far calls." So I don't think your draft will replace this part since it duplicates this resolution. For AJAX, the SAFE consideration would produce scalability and performance issues. I envision many timeout design issues. DOM interactions is already an expensive operation. SAFE would had a significant overhead to it. SAFE restricting DOM events would be a major show stopper. Probably the single thing that would stop people from further consideration (include me, and I'm sure others). The direction is MORE client side plug-ins, NOT LESS. Flash, SilverLight, APEX, Google Apps, Firefox Plug-ins are prime examples. Here is our strategy which is a overview of the popular methods and how we intend to integrate it with our existing client side communications framework: http://www.winserver.com/public/vimg.wct?src=wcrpcnet7.png There are quite a few client/server communication wirings. I don't see how we can use SMTP in the wiring here. The REST method seems to be winning. Not the most optimal, less secured, but the easiest and it offers WEB 1.0 compatibility aspects, for example, it allows older web sites to offer "web services" per se. Here is how I think you may get some interest: Introduce SAFE as a new PROXY or protocol that would be more of a plug and play solution. Make it a black box so that the interface (I/O prototype) points are the same. The SAFE-BASE protocol only describes the I/O interface and leave the actual blackbox to SAFE plug-in developers. If you can work that out, then the internal mechanism (SAFE plug-ins) would be left open for wide development. One implementator can use a SAFE SMTP plug-in and another can invent another SAFE plug-in. This would allow for example, a SAFE FireFox Plug-in for DOM to be written. -- Hector Santos, CTO http://www.santronics.com
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Peter J. Holzer
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Alessandro Vesely
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… J.D. Falk
- Requesting comments on draft-cheney-safe-02.txt Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Steve Atkins
- Re: Requesting comments on draft-cheney-safe-02.t… Dave CROCKER
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John C Klensin
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John R Levine
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Willie Gillespie
- Re: [AKO Warning - Message fails DKIM verificatio… John Levine
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… J.D. Falk
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John C Klensin
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Robert A. Rosenberg
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Willie Gillespie
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Peter J. Holzer
- Re: Requesting comments on draft-cheney-safe-02.t… Steve Atkins
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… SM