Post #101,393
5/12/03 6:49:48 AM
|
Re: No, it's not.
As stated before, the problems are all interrelated. Basically, a lot of kooky academics at MIT and Bell Labs, working on a high school science project as part of the effort to survive being nuked into data-muteness, accidentally laid the infrastructure for all modern business and communications.
We need to go back to the beginning and fix the mistake that is UNIX networking. There is no reason for anything that is not a gateway to have an IP address. Better, modern protocols could support saner messaging practices.
-drl
|
Post #101,395
5/12/03 7:04:44 AM
|
Right. That's enough blather.
Enumerate the problems with SMTP, or shut the fuck up. I suspect you don't know what you're talking about. Please put you out of my misery.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #101,397
5/12/03 7:35:22 AM
|
Re: Right. That's enough blather.
The problem with ALL of it is obvious - it was not designed with security and authentication in mind, particularly mail - it was developed by academics who always start with the assumption that the world is a perfect, incorruptible sphere inhabited by morally perfect immortals: [link|http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc0822.html|http://www.cis.ohio-.../rfc/rfc0822.html] \n4.7.3. ENCRYPTED\n\n Sometimes, data encryption is used to increase the\n privacy of message contents. If the body of a message has\n been encrypted, to keep its contents private, the "Encrypted"\n field can be used to note the fact and to indicate the nature\n of the encryption. The first <word> parameter indicates the\n software used to encrypt the body, and the second, optional\n <word> is intended to aid the recipient in selecting the\n proper decryption key. This code word may be viewed as an\n index to a table of keys held by the recipient.\n\n Note: Unfortunately, headers must contain envelope, as well\n as contents, information. Consequently, it is neces-\n sary that they remain unencrypted, so that mail tran-\n sport services may access them. Since names,\n addresses, and "Subject" field contents may contain\n sensitive information, this requirement limits total\n message privacy.\n\n You'll notice that in this RFC is not one instance of the word "security". Security is ALWAYS an afterthought in the UNIX world. The only security that is properly implemented is file-level. Since in UNIX "everything is a file", the genii who created this morass assumed this immutable law of nature would protect them, I assume. Next time we re-invent the Internet, we need to let the Klingons do the design work, rather than the Organians. -drl
|
Post #101,400
5/12/03 7:46:49 AM
|
Wave, wave, wave.
Which part of the words "Simple" and "Transport" didn't you understand in "SMTP"?
Encryption is better done at the network session layer, or within the contents of the messages themselves; actually having the Simple Mail Transport Protocol do encryption means that it'd be no longer Simple, about Mail, or even a Transport protocol.
SMTP does exactly what it says on the tin. You are free to produce answers to problems you perceive with it, but so far all you've done is whine.
Here's the deal.
File a bug or fuck off.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #101,443
5/12/03 10:55:07 AM
|
YHBT, HAND
[link|http://www.freeswan.org/|FreeSWAN], [link|http://www.tldp.org/HOWTO/VPN-HOWTO/|VPN]. \r\n\r\n Move along, nothing to see here. These are not the droids you are looking for. --\r\n
Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]\r\n
[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]\r\n
What part of "gestalt" don't you understand?\r\n
[link|http://twiki.iwethey.org/twiki/bin/view/Main/|TWikIWETHEY] -- an experiment in collective intelligence. Stupidity. Whatever.\r\n
\r\n
Keep software free. Oppose the CBDTPA. Kill S.2048 dead.\r\n[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html]\r\n
|
Post #101,448
5/12/03 11:57:20 AM
|
Re: YHBT, HAND
That's not a solution.
A solution would be - control over the connection itself, not simply what goes over it. Because email is so vital now, it should have its OWN protocol (call it TCP/MTP and base it on TLS) that operates between servers (or transfer agents). You move the handling of mail down to transport layer. Authorization to deliver mail would be controlled node-to-node. As it is, the mail simply arrives and then you sort it out. The idea is to prevent bad mail from ever arriving by controlling the connection.
You guys are making asses of yourselves. Stop memorizing things and start thinking.
And I love Peter lecturing ME, after all I've been through, when he doesn't even understand NetBT.
Here's the issue in a nutshell - in the past, efforts were directed simply to *making* a reliable connection because the infrastructure was pitiful. We are entitled to move beyond the '70s and '80s by now and take the reliable connection for granted, and extend its capabilities.
-drl
|
Post #101,450
5/12/03 12:05:02 PM
|
NetBT?
NetBIOS over TCP/IP? Like, what's to understand? It's just one protocol tunnelled over another.
It's YOU, Ross, who keeps waffing on about it, when it's been pointed out to you that the problem in hand (I'm thinking of Another Scott's mysterious Windows 98 networking problem) is a TCP/IP one, but you keep rattling on about WINS servers and other irrelevant shite.
I understand NetBT. I understand WINS, and its relationship with a Windows DNS server. Which is more, it seems, than can be said for you, who knows fuck all about a great many things.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #101,458
5/12/03 1:02:45 PM
|
This is what really irks me about you
You can't even see when you are flat wrong.
AS doens't have time to bother with it - but on 98, there is NO SUCH THING as TCP/IP without NetBIOS in the context of a Windows network. A LAN Manager network can't work without NetBIOS in some form, either as a separate protocol (NetBEUI) or as NBT - by the way it's not tunneling, because NetBIOS is session layer, and is "carried" by TCP like FTP, DNS, etc. - more wrongness. So on earlier Windows networks (before 2k), there is *no such thing* as a "TCP/IP only" problem, unless you have a packet-level application that uses the TCP/IP stack directly (or something like a pure FTP application..). This has nothing to do with a WINS *server*, as I mentioned - it has to do with name resolution into IP addresses. All the WINS server does is centralize the resolution issues. You can have a LAN Manager network with LMHOSTS files for the NetBIOS side and hosts files for the TCP/IP side. A WINS server negotiates directly with DNS and so you can lose both files on the LM hosts.
When did you get so fucking grandiose? Since you started driving?
-drl
|
Post #101,468
5/12/03 1:33:28 PM
|
Rubbish.
Of course you can have TCP/IP networking without NetBIOS on a Windows 98 network.
You just won't get any Windows NetBIOS services.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #101,492
5/12/03 3:52:17 PM
|
AHHHHHHH! MAKE HIM STOP!!!
-drl
|
Post #101,519
5/12/03 5:38:30 PM
|
Interesting brief read
[link|http://www.interex.org/pubcontent/enterprise/mar00/14ntwin.html|Link]
"My purchase of a Hummer was inspired by our 1991 Gulf War victory. After this war, I'm buying an aircraft carrier."
(The Onion)
|
Post #101,453
5/12/03 12:17:04 PM
|
Re: YHBT, HAND
A solution would be - control over the connection itself \r\n\r\n You mean...like...FreeSWAN? Or VPN? \r\n\r\n Is there anyone intelligent here who fails to understand the concept of modularizing networking in ways that allow security to be added on an as-needed basis to existing protocols? \r\n\r\n *plonk* --\r\n
Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]\r\n
[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]\r\n
What part of "gestalt" don't you understand?\r\n
[link|http://twiki.iwethey.org/twiki/bin/view/Main/|TWikIWETHEY] -- an experiment in collective intelligence. Stupidity. Whatever.\r\n
\r\n
Keep software free. Oppose the CBDTPA. Kill S.2048 dead.\r\n[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html]\r\n
|
Post #101,459
5/12/03 1:03:00 PM
|
Well, I'm semi-intelligent and I still don't understand
how even this would help the Spam issue for any period of time. This thread has been fairly hard to follow, but I think I could try and summarize by pointing out that there are technical issues and political issues.
On it's most basic level, I don't agree with Ross that the delivery mechanism is the culprit. If we use physical mail instead of email his position is analogous to blaming the mailman/postal service for delivering junk mail. In fact, the only way that we can keep marketers from targeting (marking) us is to make it unprofitable for them to do so, by either charging for email or by not buying any of the wares they peddle that way.
In other words, even if a message is encrypted, it could be encrypted spam. It could be from a trusted server (non-blacklisted)(spoofed or not) and it could be in a host.allow table, blah, blah, blah. So, regardless of the mechanism, it doesn't address the problem. Which is what you guys are telling Ross.
In the meantime, we have a full time guy creating spam assasin rules and maintaining black lists and reporting (futile) abuses...
I'm affraid that the only way to kill the spam menace is through legislation. I'm even willing to see a per email surcharge, if implemented reasonably. For example, in Indiana they have a "no call" list and hefty fines for anyone who spams your phone. Since this went into effect, I haven't gotten more than four or five unsolicited phone calls in the past two years.
Just a few thoughts,
Screamer
Living is easy with eyes closed
misunderstanding all you see,
it's getting hard to be someone but it all works out
it doesn't matter much to me
J. Lennon - Strawberry Fields Forever
|
Post #101,461
5/12/03 1:07:16 PM
|
Re: YHBT, HAND
You just don't get it. Why don't you run a few real networks before running your mouth? I'm talking about a NEW PROTOCOL that deals only with mail, NOT a fucking TCP/IP kludge. All VPNs do is virtually extend subnets - they don't change anything about the way mail is delivered.
-drl
|
Post #101,469
5/12/03 1:34:01 PM
|
Nobody gets it, Ross...
...because you haven't actually said anything.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #101,412
5/12/03 8:42:32 AM
|
You're doing a Bryce.
... which is unfortunate that I have come out and tell you because it's not Bryce I'm intending to put off side at the moment.
When you're ready to learn about the differences between the problems with SMTP and the problems with TCP/IP then I'll resume talking to you.
Wade.
Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed
| |
Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please
| -- "Anything but Ordinary" by Avril Lavigne. |
|
Post #101,561
5/12/03 8:29:34 PM
|
IPX/Appletalk/Lantastic/Vines whatever
back in the day it was lets get off this shit and onto tcp. tcpip is not the problem, the problem is the application layer at the wetware level. You could write a ntier application that uses SMTP as a transport BIND application. So some people use it for spam, others dont. Changing the protocol doesnt help unless you use a verifiable tagged source of mail. Want to give up anonyminity? I dont. If needed I want to go into the weevils.
thanx,
bill
will work for cash and other incentives [link|http://home.tampabay.rr.com/boxley/resume/Resume.html|skill set]
questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
Carpe Dieu
|
Post #101,567
5/12/03 8:52:33 PM
|
What might do the job . . .
. . is to issue security certificates for legitimate volume emailers. No cert - the ISP cuts off at the 200th consecutive message. Any ISP that doesn't get with the program gets black holed by the rest. Any cert holder that abuses gets a 6-month suspension.
Spammers will, of course, try to hijack certs, but the hassle of negotiating out of that 6-month suspension should be incentive for cert holders to guard them well.
Anonymity is preserved for everyone else, because you only need to prove who you are to get a bulk mail cert. For the few cases where bulk needs anonymity (political, probably), it could be negotiated with a specialist ISP in a neutral country.
[link|http://www.aaxnet.com|AAx]
|
