Re: Requesting comments on draft-cheney-safe-02.txt
"Cheney, Edward A SSG RES USAR USARC" <austin.cheney@us.army.mil> Sun, 02 August 2009 17:29 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n72HTMTS015438 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 2 Aug 2009 10:29:22 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n72HTMsV015437; Sun, 2 Aug 2009 10:29:22 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from mxoutps1.us.army.mil (mxoutps1.us.army.mil [143.69.250.38]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n72HTKXc015428 for <ietf-smtp@imc.org>; Sun, 2 Aug 2009 10:29:21 -0700 (MST) (envelope-from austin.cheney@us.army.mil)
DomainKey-Signature: s=ako; d=us.army.mil; c=nofws; q=dns; h=From:X-AKO:X-IronPort-AV:Received:Received:To:Cc: Message-ID:Date:X-Mailer:MIME-Version:Content-Language: Subject:X-Accept-Language:Priority:In-Reply-To:References: Content-Type:Content-Disposition: Content-Transfer-Encoding; b=pE6+yruffnoO+knk9tk0igBHst78NupSMcOtTvHnnGHdlNkw4NkD1jeU 462PuJZ04k4K+QcKWMWEhaf0nngotg==;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=us.army.mil; i=austin.cheney@us.army.mil; q=dns/txt; s=akodkim; t=1249234161; x=1280770161; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Cheney,=20Edward=20A=20SSG=20RES=20USAR=20USARC "=20<austin.cheney@us.army.mil>|Subject:=20Re:=20Requesti ng=20comments=20on=20draft-cheney-safe-02.txt|Date:=20Sun ,=2002=20Aug=202009=2021:29:16=20+0400|Message-ID:=20<f75 9f0031775f.4a76052c@us.army.mil>|To:=20Hector=20Santos=20 <hsantos@santronics.com>|Cc:=20"J.D.=20Falk"=20<jdfalk-li sts@cybernothing.org>,ietf-smtp@imc.org|MIME-Version:=201 .0|Content-Transfer-Encoding:=207bit|In-Reply-To:=20<4A75 AD10.6090406@santronics.com>|References:=20<f6fecbd18af7. 4a721c99@us.army.mil>=0D=0A=20<4A720D35.1000306@cybernoth ing.org>=0D=0A=20<f6e091e580a6.4a7258af@us.army.mil>=20<4 A726C53.4070607@santronics.com>=0D=0A=20<f77e91c9cada.4a7 32fd9@us.army.mil>=20<4A7451DD.3050006@santronics.com>=0D =0A=20<f714fa08d142.4a74a849@us.army.mil>=20<4A75AD10.609 0406@santronics.com>; bh=Yyp6zzcuju1KJNANSIUqnXWgXRTEOtqaxy5YUioMl+E=; b=Ltl+FiXldlu9jlQq1+m+Jta7UsZZD6W4/k5QTJ9h4c3iCd9+KqDF+Joq pVUFiZ149/Eu61fagsrRUV1fyFsrNxwkatmQFl6l6Qj1hNQYbuhZ1tqyg CrX99riBUJ6W4ptkIdpT7R4pqZa8QJULis7SrSqlJmn1KXKDVATiqlrnV Q=;
From: "Cheney, Edward A SSG RES USAR USARC" <austin.cheney@us.army.mil>
X-AKO: 97048893:10.224.29.21:02 Aug 2009 17:29:20 +0000:$Webmail:None
X-IronPort-AV: E=Sophos;i="4.43,309,1246838400"; d="scan'208";a="97048893"
Received: from lb2pip21.int.ps1.us.army.mil (HELO us.army.mil) ([10.224.29.21]) by mxoutps1.us.army.mil with ESMTP; 02 Aug 2009 17:29:20 +0000
Received: from [10.101.32.171] (Forwarded-For: 214.13.1.69, [10.101.32.171]) by mail15.int.ps1.us.army.mil (mshttpd); Sun, 02 Aug 2009 21:29:16 +0400
To: Hector Santos <hsantos@santronics.com>
Cc: "J.D. Falk" <jdfalk-lists@cybernothing.org>, ietf-smtp@imc.org
Message-ID: <f759f0031775f.4a76052c@us.army.mil>
Date: Sun, 02 Aug 2009 21:29:16 +0400
X-Mailer: Sun Java(tm) System Messenger Express 6.3-6.03 (built Mar 14 2008; 32bit)
MIME-Version: 1.0
Content-Language: en
Subject: Re: Requesting comments on draft-cheney-safe-02.txt
X-Accept-Language: en
In-Reply-To: <4A75AD10.6090406@santronics.com>
References: <f6fecbd18af7.4a721c99@us.army.mil> <4A720D35.1000306@cybernothing.org> <f6e091e580a6.4a7258af@us.army.mil> <4A726C53.4070607@santronics.com> <f77e91c9cada.4a732fd9@us.army.mil> <4A7451DD.3050006@santronics.com> <f714fa08d142.4a74a849@us.army.mil> <4A75AD10.6090406@santronics.com>
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
Hector, > Since this in the SMTP forum, FaceBook, for example, is one of the > entities that believes all MAIL is own by them and can be used to > extracting information about both parties. So does Google and yahoo, > but FaceBook has raised and highlighted the issue of recent by > questioning any the idea of user email privacy. In my understanding the privacy of email is simultaneously and equally owned by all named parties in the transaction. This means Facebook and Google can do with the email whatever they want so long as that data is never transfered to a third party without the express consent of all named users. This is basically a subscription oriented business model where a user voluntarily becomes party to a service and the vendor of that collects data upon the user in an attempt to make the service more fulfilling. Netflix is an example of this exact model outside of email. > Even then, IMV, even if it is considered that an alternative should be > considered, it would be a major revamp and thus SHOULD open the door > to a newer more efficient protocol. One where the state machine would > be much simpler. Maybe something like SIP or XMPP or SOAP. Is this to say that SMTP is outdated and should be replaced by something more open for scalability and performance? If so, are you suggesting a more modern protocol replace SMTP or provide assistance to SMTP? > Both Microsoft and Adobe have newer client-side plug-ins that now > offer signed certificate authentication/authorization methods with > their client-side "far calls." So I don't think your draft will > replace this part since it duplicates this resolution. I do not claim to have produced anything new with regard to certificates or digital signatures. If a more efficient model for independent identity validation does exist I will definately incorporate that in. > For AJAX, the SAFE consideration would produce scalability and > performance issues. I envision many timeout design issues. SAFE will introduce scalability problems for email, because it would open email to considerably higher bandwidth consumption. That consumption would likely come at a cost from equal or greater reduction in bandwidth from the web. On a slow connection may web pages timeout, because many sites take broadband connections for granted. This is not the fault of any technology, but poor development. This is not a technology problem for the web and I don't see such poor development decisions equivocating to technology failure of extending email. > SAFE restricting DOM events would be a major show stopper. Probably > the single thing that would stop people from further consideration. I completely agree, but still will not budge. Allowing event execution is a slippery slope that will only bring the security failures of the web to email. This is a security solution at a usability cost. There are only three possible choices to consider: 1) Concede the usability limitations of SAFE are acceptable to procede. 2) Propose a separate competing solution that is equally limited. 3) Do nothing and watch the result, which is technology failure. What is more important to you: executing events or securing your data? > The direction is MORE client side plug-ins, NOT LESS. Flash, > SilverLight, APEX, Google Apps, Firefox Plug-ins are prime examples. I agree with that as well. The security flaws associated with code executed by those plugins is owned by the author of those proprietary plugins. That typically results in fast and reliable patching at the cost of the plugin's owner. > There are quite a few client/server communication wirings. I don't see > how we can use SMTP in the wiring here. The document you provided looks like an elaborate dynamic AJAX environment where a server-side application is independently accessing the data store that the AJAX framework is either writing to or reading from. The SAFE model is perfectly capable of replicating this functionality. SAFE is essentially an inverted form of AJAX itself, while traditional AJAX may occur on the server. By traditional AJAX at the mail server I mean that data can be dynamically written by an application to a data store for use at a later time or use by a different machine in the same domain. There is no reason that the XMLHttpRequest object cannot be used at the email server, except that it cannot be used in accordance with SMTP. I have already thought of this, but chose not to include it in the SAFE concept. First of all this is a processing elaboration not necessary for transmission description. Secondly, there are likely many different ways to do this correctly that are dependent upon various unique conditions. > Introduce SAFE as a new PROXY or protocol that would be more of a plug > and play solution. I see SAFE as operating as an extension to prior existing SMTP service implementations and not really a replacement. The only additional requirements of the mail server directly are support of the XMLSmtpPush object and to respond only to the specific client. The mail server could even pass script processing to another machine as the scripting sandbox so long as it is the server that sends the responces. Thanks, Austin
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Peter J. Holzer
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Alessandro Vesely
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… J.D. Falk
- Requesting comments on draft-cheney-safe-02.txt Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Steve Atkins
- Re: Requesting comments on draft-cheney-safe-02.t… Dave CROCKER
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John C Klensin
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John R Levine
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Willie Gillespie
- Re: [AKO Warning - Message fails DKIM verificatio… John Levine
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… J.D. Falk
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John C Klensin
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Robert A. Rosenberg
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Willie Gillespie
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Peter J. Holzer
- Re: Requesting comments on draft-cheney-safe-02.t… Steve Atkins
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… SM