Re: [Asrg] RE:ASGR 8a Use of certificates

[william@elan.net]

<rant>
Vernon is always critisizing (and not only on this maillist). In my review 
of March discussions (I'v at over 1,200 messages which is 50%...) he 
critisized anything and everything - some of his points are quite correct 
and he always tries to find as many bad points about every proposal as 
possible - this comes quite handy when I'm looking what to put in 
"Objections" section which I'm creating for every proposal. Hopefully if 
I'm done by the end of the week you'll see what I mean (I may not have 
enough time as I'm leaving for ARIN conference at the end of the week and 
have lots of other work keep my net up while I'm gone - and this ASRG 
review already took more then 20 hours... - if not I'll finish while at ARIN). 

However I do believe that while critisicism is in places usefull, a more 
constructive approach would be a lot better especially when someone wants 
to make good contribution to this group. And overall for March while it 
may seem that we have not achieved that much there were offered LOT AND 
LOT of ideas on the list, its really amazing how much an area we were able 
to cover. Anybode who have listened to the list should have picked up 
something (lot more then just something!) usefull over the month.

Still it was amazing finding Vernon critique on absolutly every thread...
</rant>

On Wed, 2 Apr 2003, Tom Thomson wrote:

> Vernon wrote:
> 
> >It's discouraging that people are still saying that authentication
> >would fix spam years after common MUAs (e.g. Netscape) can send and
> >check signatures and/or keys and SMTP-AUTH, SUBMIT, and SMTP-TLS are
> >universally available.
> 
> What I find discouraging is the conytinual dismissal of possible 
> solutions based on little of no apparent logic (and usually by
> people who have an alternative solution to push).
> 
> SMTP-AUTH is specifically desgigned for a closed trusted environment 
> (read the RFC - the words it uses are "within a trusted enclave") so 
> it's not at all surprising that it hasn't been deployed to solve a 
> problem in a wide-open uncontrolled environment. Do SUBMIT or 
> SMTP-TLS have relevance to our issue any more than SMTP-AUTH does?  I
> think not!
> 
> Although some MUAs have signature/checking capabilities, rather a lot 
> have no such capability.  Do any of the webmail systems have such 
> capability?  Even where an MUA has the capability, is it usable by 
> the average user?  Plainly and simply, the signature and checking 
> capabilities of current MUAs are not designed to address our issue.
> 
> So the arguments quoted above are completely irrelevant to the 
> solution they were used to attack.
> 
> Let's try to be constructive about the various proposals made, 
> instead of destructive.  
> 
> Tom Thomson
> 
> Post Script:   I suspect vernon will be very unhappy if the group 
> ends up supporting approaches other than one particular one;  but 
> I'm not going to decry that particular one because it wasn't 
> invented here, and I just wish he would show other members of this 
> list that same courtesy. We are going to need to apply lots of 
> partial solutions and not reject anything that is useful just 
> because it will not solve more than 90% of the problem on day one.
> 
> 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg