Re: privacy is a feature (Re: [Asrg] desirable characteristics of source tracking)

[Hadmut Danisch <hadmut@danisch.de>]

On Thu, Mar 06, 2003 at 08:46:06AM -0500, Keith Moore wrote:

> 
> In US law (and let's do keep in mind that US law isn't axiomatically a valid
> template for what should happen) there's a difference between what a speaker
> is legally allowed to say without penalty, and what a speaker can be prevented
> from saying (prior restraint). 
>

Basically the same as over here.





> - Email is one of the oldest network applications, and authentication was not
> availble (and probably not feasible) when the protocols were designed.  Nor
> was it necessary at the time - the network was small enough (both in number of
> users and number of machines) that it was relatively easy to track down
> miscreants. 

No. When e-mail was introduced in the early days, it was based on
UUCP. Every incoming mail had an automatically generated return path 
(comparable to today's Received: header lines), but each single node
had to authenticate against each next node in the path. But walking
back that recorded path, you had a full authentication path back to
the origin of the message (except for flaws of password authentication
and the weakness of the nodes themselfes).

When e-mail was moved from UUCP to TCP/SMTP, that kind of
authentication got lost. That's what we suffer from.

All those folks who talk about design goals, common usage of e-mail,
e-mail must be open for everyone, anomous mailing completely ignore
the fact, that e-mail wasn't as open as today in the early
days. That's just a tale. Maybe people should inform a little bit
before claiming design goals.

There was a degeneration in authenticity, and today's people believe
this to be the normal case.






> - By explicit design, and for good and valid reasons, domain names have
> nothing to do with IP addresses.  IP addresses are tied to network locations. 


You missed the point. We are not talking about domain names, we are
talking about e-mail addresses, e-mail delivery, SMTP. And this has
very much to do with both domain names and IP addresses. So in context 
of e-mail delivery, it seems reasonable to introduce a link.









> - By explicit design, and for good and valid reasons, mail originators are
> allowed to assert that they are sending a message "From" someone
> else.


No. There haven't been "good and valid reasons". It's simply that they
haven't been aware of the security problem around 1980, and that they
couldn't do and need any better at that time. They never had any good
reason to drop the authenticity the had with UUCP. There has never
been an intention to allow arbitrary sender address spoofing.





> Some of the burden inevitiably resides with the recipient.  Spam is in the eye
> of the beholder, it is different things to different people.  It is dangerous
> for others to presume, in the absence of some instruction from the recipient,
> that the recipient doesn't want to see a particular message. 


Sure. Bank robbery is also in the eye of the beholder. We shouldn't
generally allow methods against bank robbery. Who knows whether the
bank might like it or not? Just let it be the banks business how to
deal with it...


Hadmut

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg