Re: Requesting comments on draft-cheney-safe-02.txt
Hector Santos <hsantos@santronics.com> Sat, 08 August 2009 15:49 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n78FnNJ0058425 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 8 Aug 2009 08:49:23 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n78FnNec058424; Sat, 8 Aug 2009 08:49:23 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from winserver.com (mail.catinthebox.net [208.247.131.9]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n78FnFn7058406 for <ietf-smtp@imc.org>; Sat, 8 Aug 2009 08:49:22 -0700 (MST) (envelope-from hsantos@santronics.com)
Received: by winserver.com (Wildcat! SMTP Router v6.3.452.7) for ietf-smtp@imc.org; Sat, 08 Aug 2009 11:48:47 -0400
Received: from hdev1 ([99.3.147.93]) by winserver.com (Wildcat! SMTP v6.3.452.9) with ESMTP id 2994883203; Sat, 08 Aug 2009 11:48:46 -0400
Message-ID: <4A7D9E48.4010201@santronics.com>
Date: Sat, 08 Aug 2009 11:48:24 -0400
From: Hector Santos <hsantos@santronics.com>
Organization: Santronics Software, Inc.
User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
MIME-Version: 1.0
To: "Cheney, Edward A SSG RES USAR USARC" <austin.cheney@us.army.mil>
CC: Rich Kulawiec <rsk@gsp.org>, ietf-smtp@imc.org
Subject: Re: Requesting comments on draft-cheney-safe-02.txt
References: <f6fecbd18af7.4a721c99@us.army.mil> <4A720D35.1000306@cybernothing.org> <f6e091e580a6.4a7258af@us.army.mil> <20090807100147.GA16131@gsp.org> <f73e99651b6bb.4a7d3869@us.army.mil>
In-Reply-To: <f73e99651b6bb.4a7d3869@us.army.mil>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
Cheney, Edward A SSG RES USAR USARC wrote: > Rich, > > Users can only be protected from themselves through adherance to > policies, procedures, and relevant training. That is leadership > solution and not a technology solution. Protecting user from themselves > does not solve exploitable weaknesses in technology. In these cases you > have to simply fix the technology to disallow exploitation. If this > were not so software companies would not spend millions of dollars to > continually patch their products if administrators and management could > so easily retrain their users. But what about market forces? One of your concerns is embedded software backend communications, i.e. cross domain xtalk unbeknowst to the users with embedded plugins like the following: - Flash - Quicktime - Real Player - Silverlight - Windows Media Player (WMP) All of these players (including Apple, Google, AT&T, ComCast and so on) have a major strategy to add MORE background communications in their designs to "network" users and also build their BI for added value services (direct marketing, social networking). AJAX is been relaxed for cross domain requests as well as IE already allows with user authorization. I know of only of WMP and Flash having domain whitelist for cross domains xtalk. That is one of the big features in Flash 9. I understand what you mean. Do you realize we have a 15 year old that is among the decision makers in how FireFox and Javascript is evolving? He is also the author of jQuery. Its scary to see this guy in action exhibiting lack of social ethical engineering understanding at times. I tried to provide some insight about all this - beware of what you wanting to do. But its really too late. What I have trouble seeing is how SMTP will help. But you have two parts: - Some authorization protocol using SMTP (i think), that is coupled with, - Prohibition of existing Interactive methods, i.e. DOM events. I don't see how the two is related or why DOM events can no longer be used. You are not going to stop DOM events, or even get people to consider not using it. So if that is a major part of SAFE, you already have a major road block in getting people interested in SAFE. Never mind the technical issues related to a SMTP callback system especially one that will be based on HTTP huge redundancy in HTTP requests. -- Sincerely Hector Santos http://www.santronics.com
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Peter J. Holzer
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Alessandro Vesely
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… J.D. Falk
- Requesting comments on draft-cheney-safe-02.txt Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Steve Atkins
- Re: Requesting comments on draft-cheney-safe-02.t… Dave CROCKER
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John C Klensin
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John R Levine
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Willie Gillespie
- Re: [AKO Warning - Message fails DKIM verificatio… John Levine
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… J.D. Falk
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John C Klensin
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Robert A. Rosenberg
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Willie Gillespie
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Peter J. Holzer
- Re: Requesting comments on draft-cheney-safe-02.t… Steve Atkins
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… SM