Re: Requesting comments on draft-cheney-safe-02.txt
"Cheney, Edward A SSG RES USAR USARC" <austin.cheney@us.army.mil> Sun, 02 August 2009 16:30 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n72GUCuu012587 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 2 Aug 2009 09:30:12 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n72GUCH4012586; Sun, 2 Aug 2009 09:30:12 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from mxoutps1.us.army.mil (mxoutps1.us.army.mil [143.69.250.38]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n72GU4KB012579 for <ietf-smtp@imc.org>; Sun, 2 Aug 2009 09:30:10 -0700 (MST) (envelope-from austin.cheney@us.army.mil)
DomainKey-Signature: s=ako; d=us.army.mil; c=nofws; q=dns; h=From:X-AKO:X-IronPort-AV:Received:Received:To:Cc: Message-ID:Date:X-Mailer:MIME-Version:Content-Language: Subject:X-Accept-Language:Priority:In-Reply-To:References: Content-Type:Content-Disposition: Content-Transfer-Encoding; b=aDuraIJ5ET9CAcznJoRKPz5iaURB+bZPP6HIS92Lttv9cb7kqQGEw08g ZzNfGgDJFAW0lkLTLv1dEw/qsPbg2g==;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=us.army.mil; i=austin.cheney@us.army.mil; q=dns/txt; s=akodkim; t=1249230611; x=1280766611; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Cheney,=20Edward=20A=20SSG=20RES=20USAR=20USARC "=20<austin.cheney@us.army.mil>|Subject:=20Re:=20Requesti ng=20comments=20on=20draft-cheney-safe-02.txt|Date:=20Sun ,=2002=20Aug=202009=2020:30:02=20+0400|Message-ID:=20<f6e 4e72610b66.4a75f74a@us.army.mil>|To:=20"Peter=20J.=20Holz er"=20<hjp-ietf-smtp@hjp.at>|Cc:=20ietf-smtp@imc.org |MIME-Version:=201.0|Content-Transfer-Encoding:=207bit |In-Reply-To:=20<20090801223942.GA30082@hjp.at> |References:=20<f6fecbd18af7.4a721c99@us.army.mil>=0D=0A =20<4A720D35.1000306@cybernothing.org>=0D=0A=20<f6e091e58 0a6.4a7258af@us.army.mil>=20<20090731211500.GA18426@hjp.a t>=0D=0A=20<f71b8961c81e.4a741167@us.army.mil>=20<2009080 1223942.GA30082@hjp.at>; bh=RMVV+HSqC/AupeH3fUoSpdrVYutdt3MOLUqiXZGjilg=; b=D+meClNockmgNXfF7tDO4NOdX+oAKefT9OiY3HwoLQwBN0NJCJm+YQll Ffe/NeriuKys3VcdUdc2VA3Z/VS/8XHspyf1KFnIsF/+Ipi6yq20s7udG AqoO1F1QMlDplsAtIUpgh3R/AYGDWZUqjPKyK/9rXhxpMMNKZGxWj/PnR E=;
From: "Cheney, Edward A SSG RES USAR USARC" <austin.cheney@us.army.mil>
X-AKO: 97945545:10.224.29.21:02 Aug 2009 16:30:02 +0000:$Webmail:None
X-IronPort-AV: E=Sophos;i="4.43,309,1246838400"; d="scan'208";a="97945545"
Received: from lb2pip21.int.ps1.us.army.mil (HELO us.army.mil) ([10.224.29.21]) by mxoutps1.us.army.mil with ESMTP; 02 Aug 2009 16:30:02 +0000
Received: from [10.101.32.171] (Forwarded-For: 214.13.1.69, [10.101.32.171]) by mail15.int.ps1.us.army.mil (mshttpd); Sun, 02 Aug 2009 20:30:02 +0400
To: "Peter J. Holzer" <hjp-ietf-smtp@hjp.at>
Cc: ietf-smtp@imc.org
Message-ID: <f6e4e72610b66.4a75f74a@us.army.mil>
Date: Sun, 02 Aug 2009 20:30:02 +0400
X-Mailer: Sun Java(tm) System Messenger Express 6.3-6.03 (built Mar 14 2008; 32bit)
MIME-Version: 1.0
Content-Language: en
Subject: Re: Requesting comments on draft-cheney-safe-02.txt
X-Accept-Language: en
In-Reply-To: <20090801223942.GA30082@hjp.at>
References: <f6fecbd18af7.4a721c99@us.army.mil> <4A720D35.1000306@cybernothing.org> <f6e091e580a6.4a7258af@us.army.mil> <20090731211500.GA18426@hjp.at> <f71b8961c81e.4a741167@us.army.mil> <20090801223942.GA30082@hjp.at>
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
Peter, >> The problem only exists in the realm of HTTP due to where code >> actually executes for interaction. HTTP is certainly not part of the >> problem, but it also cannot be a part of the solution due to the >> simplicity of its design. > > What aspect of SMTP makes is superior to HTTP in this regard? On the HTTP side interactive code MUST execute at the user-agent in order to be interactive. This is so because in HTTP resources are sent to a user-agent for execution. In SMTP the server is not a terminal point in a transmission. In SMTP processing upon a communication can occur prior to that communication reaching its intended destintation and that processing may include a response. This feature is not possible in HTTP since the server is always the destination. >> The user-agent cannot even control if the code executes automatically >> upon rendering of the page except to completely disable execution of >> all client-side code. > > The last sentence is wrong (some browsers do implement ways to > restrict client-side codes by different criteria), and in any case > that doesn't seem to have anything to do with the protocol used to > fetch the (executable) contents: Neither HTTP nor SMTP care about the > contents, they just transport a header and a blob of data. The only standard for limiting client-side execution is in preventing execution or data access to a domain different than the resource that requested it. Such a limitation does not prevent client-side code from execution, but merely limits the result of that execution where the limitation is of concern. So that in mind, my statement is still technically accurate. All client-side code will execute upon load of a page or in accorance with an event unless execution of all client-side code is disabled from the user-agent. >>> What is gained by adding intermediate systems? >> Intermediate systems offer a point of execution for code > > You are contradicting yourself: > >> 2) The server that owns the code is the exact point of execution for >> that code. > > So the code is not executed on one of the intermediate systems but on > the server which hosts the code. The intermediate systems just pass > through messages. If the server that hosts the code is an intermediate system then I have not contradicted myself. This is suggestion made in the internet draft. SMTP servers are intermediate systems between the originating user-agent and the destination address. >> Technically speaking HTTP is also unidirectional. HTTP typically >> operates with a GET request > > The POST request is also well-known and frequently used. Yes, but that is not the point. Even with a GET request data can be supplied back to the server by appending data to the query string of the URI. In that case and with POST instructions are being sent to the server in expectation that a resource request is designated so that the server may respond. The actual protocol is behaving in a unidirectional manner even if additional software supplied on the server can process this additional data to add a perception of bidirectionality. The protocol itself does not care what data is supplied through such a glorified GET or POST. The protocol only cares about what resource to send in response to a request. The additional help supplied to the protocol from server-side software certainly adds the perception of bidirectional data processing but that is not a feature of the protocol. As a result HTTP is definately unidirection and SMTP is bidirectional. SMTP has an expectation of bidirectional data transfer in that error messages generated from the server may be sent to the originating address and destination address simultaneously. SMTP can be multidirectional provided this same simulation occurs where multiple domains are immediately involved, such as a server sending the error message to the originating address, destination address, and maintenance address on a different domain. Such multidirectional transmission is not inherent to the proper function of the protocol, and the SAFE model only requires bidirectional transmission. > If you don't allow user-triggered events to be processed, what is the > advantage compared to traditional server-side scripting? on the web the server is the destination of the transmission. Once data is sent to the server its use is terminated unless it is resent to the client. In the SAFE model data can be interpreted prior to reaching the destination more similar to client-side form validation using the onsubmit event. > As somebody else already asked: What would be a typical use case for > your protocol? The biggest difference between email and the web is that email is inherently private and the web is inherently public. The laws in The United States reflect that observation. The first example that comes to mind is ecommerce with a shopping cart, form validation, suggested upselling, and personalized content and preferences. Since email is inherently private the user has a higher expectation of confidentiality and the vender has greater freedom to use data supplied by that user so long as the data is not transfered to a third-party without express consent of both the user and the vendor. Shopping is not a public venture, and so it has no reason to exist on the web except that conventions do not yet exist for allowing shopping on a private medium, such as email. A second example is in consideration for adverting as a business on WWW. Web sites that are entirely dependent upon traffic in order to generate advertising revenue are operating under a failing business model. Advertising costs have been steadily increasing while revenue returned from those ads has been decreasing almost proportionally. Web sites that offer a targeted product or that feature a targeted audience are not experiencing these declines. For several years it has been believed the only solution to this decline is targeted advertising. Directly targeting users' interests and surfing habits in an attempt to supply relevant advertising has been ruled a privacy violation on the web in US federal court. In email, however, such targeting is perfectly legal so long as the data collected is not transfered to a third party. That is an important consideration for adaptive business models even before consideration for advertising. If business solutions can be leveraged to use privately supplied data to increase revenue such solutions would displace reliance upon advertising as a primary consideration for revenue generation. Thanks, Austin
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Peter J. Holzer
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Alessandro Vesely
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… J.D. Falk
- Requesting comments on draft-cheney-safe-02.txt Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Steve Atkins
- Re: Requesting comments on draft-cheney-safe-02.t… Dave CROCKER
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John C Klensin
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John R Levine
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Willie Gillespie
- Re: [AKO Warning - Message fails DKIM verificatio… John Levine
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: [AKO Warning - Message fails DKIM verificatio… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… J.D. Falk
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… John C Klensin
- Re: Requesting comments on draft-cheney-safe-02.t… Rich Kulawiec
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Robert A. Rosenberg
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Willie Gillespie
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Peter J. Holzer
- Re: Requesting comments on draft-cheney-safe-02.t… Steve Atkins
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Cheney, Edward A SSG RES USAR USARC
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… Hector Santos
- Re: Requesting comments on draft-cheney-safe-02.t… SM