Re: namedroppers mismanagement, continued
> ..., the worst error you can make is to refuse to forward valuable > input to working groups. ... speaking as one whose namedroppers articles have never been lost or rejected, and as someone who remembers how much spam was broadcast through namedroppers before randy began moderating it, my only complaint is that randy's method sometimes introduces latency. some discussions are improved by high latency, others are hurt by it. if we're going to have latency i'd like it to only occur in discussions that will be improved by it. if discrimination of that kind is not possible, then i'd prefer no human-induced moderation latency. a simple "fully verified opt-in" mailing system, as supported in free tools like mailman and (modern) majordomo, do fine at keeping spam out. > ... and furthermore you've known about this problem for years and > stubbornly insisted that you had a right to impose your arbitrary > constraints on working group operation, in violation of established rules > and policies. i'm not an ietf process expert. isn't moderating the list randy's perogative as WG chair? -- Paul Vixie
Re: namedroppers mismanagement, continued
> so my personal method is to let the user act on their own behalf > and to respond to explicit written requests. that way, the worst > error i can make is cut and paste, and even that has gotten me in > trouble on occasion. no, the worst error you can make is to refuse to forward valuable input to working groups. and furthermore you've known about this problem for years and stubbornly insisted that you had a right to impose your arbitrary constraints on working group operation, in violation of established rules and policies. Keith
Re: namedroppers mismanagement, continued
At 04:48 PM 2002-11-26, Randy Bush wrote: >> Assuming this provides a means for the user can make an explicit >> request to opt-in to a list of "known email addresses", great >> (DJB should opt-in). > >i think about 472 people have said that already. I took recent statements on this list as indicating that namedroppers used the senders address to determine what might be spam but didn't have a separate list of "known email addresses" which mail from is assumed to be non-spam. Thanks for clarifying that such a separate list does exist for namedroppers and that the user simply needs to explicitly request addition to it for his messages to be considered non-spam. Kurt
Re: namedroppers mismanagement, continued
> Assuming this provides a means for the user can make an explicit > request to opt-in to a list of "known email addresses", great > (DJB should opt-in). i think about 472 people have said that already. i guess that this is a great leap forward for ietf progress in forming internet technology. randy
Re: namedroppers mismanagement, continued
At 03:42 PM 2002-11-26, Randy Bush wrote: >so my personal method is to let the user act on their own behalf >and to respond to explicit written requests. Assuming this provides a means for the user can make an explicit request to opt-in to a list of "known email addresses", great (DJB should opt-in). If not, why have you chosen not to implement guideline 5 in http://www.ietf.org/IESG/STATEMENTS/mail-submit-policy.txt? It seems to me that following this guideline would significant reduce the number of administrative errors and hopefully allow the community to re-focus on technical issues. Kurt
Re: namedroppers mismanagement, continued
> Pre-approved lists continues to allow IETF'ers to post to IETF > lists without having to be subscribed or suffer through the > error-prone, distribution delay inducing, and list admin's time > consuming processes some list admins have forced upon us. like what i call "do-gooder software", when you guess correctly, no one ever says thanks. but guess wrongly once, and you get screamed at forever. so my personal method is to let the user act on their own behalf and to respond to explicit written requests. that way, the worst error i can make is cut and paste, and even that has gotten me in trouble on occasion. but ymmv, and that's what makes the world go 'round. randy
Re: namedroppers mismanagement, continued
At 01:43 PM 2002-11-26, Fred Baker wrote: >At 11:57 AM 11/26/2002 -0800, Kurt D. Zeilenga wrote: >>Anyways, if the admin really considers it impolite (I don't), then >>maybe that admin should send the user an opt-in (or opt-out) notice >>before (or after) adding the user to the pre-approved list of >>posters. > >How does that differ from what was requested? Pre-approved lists continues to allow IETF'ers to post to IETF lists without having to be subscribed or suffer through the error-prone, distribution delay inducing, and list admin's time consuming processes some list admins have forced upon us. Kurt
Re: namedroppers mismanagement, continued
At 11:57 AM 11/26/2002 -0800, Kurt D. Zeilenga wrote: Anyways, if the admin really considers it impolite (I don't), then maybe that admin should send the user an opt-in (or opt-out) notice before (or after) adding the user to the pre-approved list of posters. How does that differ from what was requested? >Is it so hard to do? echo '[EMAIL PROTECTED]' >> namedroppers.allowed-posters is not hard at all. Neither is echo subscribe '[EMAIL PROTECTED]' | mail namedroppers-request ops.ietf.org
RE: namedroppers mismanagement, continued
Keith, I almost agree with you... Except here is the problem... The [EMAIL PROTECTED] mailing list has 17 request(s) waiting for your consideration at: https://www1.ietf.org/mailman/admindb/ipoverib I'll go ahead and remove the 17 messages trying to sell sex, toner cartridges, stuff in char sets I don't even know what they are... No I don't want random people sending stuff to a low volume list ( a couple messages a week is normal ) so I think asking people to subscribe is a low overhead task... You don't even have to receive the mail traffic. It is also not in the communities interest to slog through 100's of spams to find a usefull nugget of truth either. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Keith Moore Sent: Tuesday, November 26, 2002 6:41 AM To: Eliot Lear Cc: D. J. Bernstein; [EMAIL PROTECTED] Subject: Re: namedroppers mismanagement, continued > Join the list already. How hard is that for a so-called mail guru? there are valid reasons to post to a list when you're not subscribed, or from a different address from the one you use for your subscription. and it's not in the community's interest to ignore useful input.
Re: namedroppers mismanagement, continued
David Frascone writes: > Why not simply subscribe and resend? How does that help namedroppers recover all the lost messages from _other_ people? Bush has _sent_ 115 legitimate namedroppers messages from non-subscribers in the last three months; how many has he _lost_? > I'm sure I mistakenly reject many of them. Do you _silently discard_ them? If the sender isn't monitoring the list, how will he ever know that his message didn't go through? If he _is_ monitoring the list, how long is he supposed to wait before complaining? Bush imposed his mailing-list control methods without IESG approval, in violation of RFC 2418, section 3.2. He has been caught engaging in content-based censorship several times: http://cr.yp.to/djbdns/namedroppers.html What's stopping him from selectively delaying or discarding messages that he doesn't like? How can we tell whether these were actually ``mistakes''? Manual reviews are completely inappropriate for a standardization forum. They allow uncontrolled abuse, even when they aren't exacerbated by a lack of notification to the sender. ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science, University of Illinois at Chicago
Re: namedroppers mismanagement, continued
At 11:10 AM 2002-11-26, Fred Baker wrote: >At 07:39 AM 11/26/2002 -0800, Kurt D. Zeilenga wrote: >>The list admin should add the unsubscribed address to the >>list of "known email addresses". See item 5 in: >> http://www.ietf.org/IESG/STATEMENTS/mail-submit-policy.txt > >that's one of the list admin's options. But it turns out that many list admins >consider adding a name to a list unbidden is impolite, and choose to not do this >either, because they consider it error-prone and potentially insecure. I think it could be easily argued that manual approval process is far more error-prone than automated approval process and comes with the most of the same security and "use" issues you discuss. Anyways, if the admin really considers it impolite (I don't), then maybe that admin should send the user an opt-in (or opt-out) notice before (or after) adding the user to the pre-approved list of posters. (Note: for the subscribers list, the policy should be opt-in). This is easily automated (most list management software supports such). >Is it so hard to do? echo '[EMAIL PROTECTED]' >> namedroppers.allowed-posters is not hard at all. Kurt
Re: namedroppers mismanagement, continued
At 07:39 AM 11/26/2002 -0800, Kurt D. Zeilenga wrote: The list admin should add the unsubscribed address to the list of "known email addresses". See item 5 in: http://www.ietf.org/IESG/STATEMENTS/mail-submit-policy.txt that's one of the list admin's options. But it turns out that many list admins consider adding a name to a list unbidden is impolite, and choose to not do this either, because they consider it error-prone and potentially insecure. Simply adding the address doesn't check that it is an address someone can send mail *to*, which is something someone replying to the list expects, and it doesn't allow people to reliably trim the CC line - I can usually remove email addresses from the CC line other than the alias itself, and simply reply to the list, but in this case that would cut the person out of the discussion. If there is a clear definition of a member (for example, a member of the IAB), "known addresses" is a useful work-around, but for a list participant, adding his email to the list is pretty much de rigeur. The list moderator asked him to add his email address to the list, and indicated that as a result of doing so his mail would be unmoderated. Is it so hard to do?
Re: namedroppers mismanagement, continued
From: "Kurt D. Zeilenga" <[EMAIL PROTECTED]> Date: Tue, 26 Nov 2002 07:39:49 -0800 [...] No. The list admin should add the unsubscribed address to the list of "known email addresses". See item 5 in: http://www.ietf.org/IESG/STATEMENTS/mail-submit-policy.txt It's getting more and more to the point that we should just centralize all of the mailing lists. (Thus also centralizing archives and making it harder for things to just get lost.) I remember trying to post a comment to the tls-wg mailing list and getting a bounce with no useful information about how to actual send my message without subscribing. So I replied to the bounce, hoping to get a person who could help me in some way. It bounced. I gave up, which was unfortunate since I was trying to correct a misunderstanding about how many application protocols actual use TLS. Larry
Re: namedroppers mismanagement, continued
djb> I've sent twelve messages to the namedroppers mailing list this djb> month. Did I miss the announcement where the namedroppers mailing list was on the IETF standards track? -- Paul
Re: namedroppers mismanagement, continued
At 04:26 AM 2002-11-26, Eliot Lear wrote: >Were you one of those kids who had trouble following directions? Randy has given you >a pretty plain solution that even my mother could follow (and my mother barely knows >how to find the "on" button of a computer). Join the list already. How hard is that >for a so-called mail guru? No. The list admin should add the unsubscribed address to the list of "known email addresses". See item 5 in: http://www.ietf.org/IESG/STATEMENTS/mail-submit-policy.txt Kurt
Re: namedroppers mismanagement, continued
> Join the list already. How hard is that for a so-called mail guru? there are valid reasons to post to a list when you're not subscribed, or from a different address from the one you use for your subscription. and it's not in the community's interest to ignore useful input.
Re: namedroppers mismanagement, continued
> I've sent twelve messages to the namedroppers mailing list this month. > Five of them have been silently discarded by the namedroppers censor, > Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous > incidents.) in my experience, if you send mail to the list administrator and say "please add [EMAIL PROTECTED] as an address that is allowed to post to this list", the problem goes away - for that list. and no, I don't think that one should have to "say the secret magic words" to make the right thing happen.but it does seem to work in practice. Keith
Re: namedroppers mismanagement, continued
Bernstein - I'm not surprised this is happening. I've experimented with your dns daemon and it is by far superior to the existing bind implimentations. So I'm frankly not very surprised Bush don't like your posts. But I will admit the behaviour is juvenile. But again this should not surprise us. But to end this on a positive note - let me make clear I admire your work. regards joe baptista On 26 Nov 2002, D. J. Bernstein wrote: > I've sent twelve messages to the namedroppers mailing list this month. > Five of them have been silently discarded by the namedroppers censor, > Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous > incidents.) > > Bush says that the only relevant feature of my messages is that they're > sent from an address that isn't subscribed to namedroppers. Okay, boys > and girls, let's look at some statistics: > >* 5/12 of my messages have been silently discarded; > >* according to Bush, this has nothing to do with me or the content, > so we estimate that about 5/12 of all non-subscriber messages have > been silently discarded; > >* in the past three months, there have been about 100 legitimate > messages from other people who Bush labelled as non-subscribers; > >* so we estimate that, in the last three months, Bush has silently > discarded about 71 legitimate messages from other people. That's a > rate of hundreds per year. > > Bush doesn't say ``Your message didn't go through.'' Bush doesn't say > ``Reply to this bounce to confirm your original message.'' He simply > throws the message away. > > This is supposed to be the mailing list for an open IETF working group. > It's outrageous that valid messages are being silently discarded---even > if the number is not as large as hundreds per year. > > ---D. J. Bernstein, Associate Professor, Department of Mathematics, > Statistics, and Computer Science, University of Illinois at Chicago > > P.S. Out of my twelve messages, the five that were silently discarded > are exactly the five that I would pick if I were a censor trying to bias > the DNSEXT decisions in favor of the BIND company. Coincidence, right? > > P.P.S. Bush's mailing-list software doesn't cryptographically confirm > unsubscription requests. I kept my subscription address private until > Bush revealed it a few days ago. I'm working on obtaining a subscription > through an address that Bush doesn't know is connected to me. >
Re: namedroppers mismanagement, continued
Why not simply subscribe and resend? As a maintainer of several lists, I can confirm what a royal pain it is to deal with people posting from non-subscribed addresses. I usually get 1-2 a week as I'm sorting through the 10-15 SPAMs a day. I'm sure I mistakenly reject many of them. Just my $.02 worth, -Dave On Tuesday, 26 Nov 2002, D. J. Bernstein wrote: > I've sent twelve messages to the namedroppers mailing list this month. > Five of them have been silently discarded by the namedroppers censor, > Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous > incidents.) > > Bush says that the only relevant feature of my messages is that they're > sent from an address that isn't subscribed to namedroppers. Okay, boys > and girls, let's look at some statistics: > >* 5/12 of my messages have been silently discarded; > >* according to Bush, this has nothing to do with me or the content, > so we estimate that about 5/12 of all non-subscriber messages have > been silently discarded; > >* in the past three months, there have been about 100 legitimate > messages from other people who Bush labelled as non-subscribers; > >* so we estimate that, in the last three months, Bush has silently > discarded about 71 legitimate messages from other people. That's a > rate of hundreds per year. > > Bush doesn't say ``Your message didn't go through.'' Bush doesn't say > ``Reply to this bounce to confirm your original message.'' He simply > throws the message away. > > This is supposed to be the mailing list for an open IETF working group. > It's outrageous that valid messages are being silently discarded---even > if the number is not as large as hundreds per year. > > ---D. J. Bernstein, Associate Professor, Department of Mathematics, > Statistics, and Computer Science, University of Illinois at Chicago > > P.S. Out of my twelve messages, the five that were silently discarded > are exactly the five that I would pick if I were a censor trying to bias > the DNSEXT decisions in favor of the BIND company. Coincidence, right? > > P.P.S. Bush's mailing-list software doesn't cryptographically confirm > unsubscription requests. I kept my subscription address private until > Bush revealed it a few days ago. I'm working on obtaining a subscription > through an address that Bush doesn't know is connected to me. > -- David Frascone My karma ran over my dogma
Re: namedroppers mismanagement, continued
Dan, Were you one of those kids who had trouble following directions? Randy has given you a pretty plain solution that even my mother could follow (and my mother barely knows how to find the "on" button of a computer). Join the list already. How hard is that for a so-called mail guru? Eliot
Slides from the plenary
Some of you may have gathered that some people thought the IESG plenary this time was interesting Since there will be some time before the minutes appear, I thought I'd send out the following: The slides from the plenary (except for Bruce's talk) are available for now from http://www.alvestrand.no/ietf/ietf55/ The Jabbered notes from the plenary are at http://www.jabber.com/chatbot/logs/conference.ietf.jabber.com/plenary/2002- 11-21.html The mailing list set up to discuss the problem statement further is [EMAIL PROTECTED] use [EMAIL PROTECTED] to subscribe. I intend to move the list to the secretariat eventually, but membership and archives will be moved with it, and aliases kept, so starting discussion on that list should not be a problem. Harald
namedroppers mismanagement, continued
I've sent twelve messages to the namedroppers mailing list this month. Five of them have been silently discarded by the namedroppers censor, Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous incidents.) Bush says that the only relevant feature of my messages is that they're sent from an address that isn't subscribed to namedroppers. Okay, boys and girls, let's look at some statistics: * 5/12 of my messages have been silently discarded; * according to Bush, this has nothing to do with me or the content, so we estimate that about 5/12 of all non-subscriber messages have been silently discarded; * in the past three months, there have been about 100 legitimate messages from other people who Bush labelled as non-subscribers; * so we estimate that, in the last three months, Bush has silently discarded about 71 legitimate messages from other people. That's a rate of hundreds per year. Bush doesn't say ``Your message didn't go through.'' Bush doesn't say ``Reply to this bounce to confirm your original message.'' He simply throws the message away. This is supposed to be the mailing list for an open IETF working group. It's outrageous that valid messages are being silently discarded---even if the number is not as large as hundreds per year. ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science, University of Illinois at Chicago P.S. Out of my twelve messages, the five that were silently discarded are exactly the five that I would pick if I were a censor trying to bias the DNSEXT decisions in favor of the BIND company. Coincidence, right? P.P.S. Bush's mailing-list software doesn't cryptographically confirm unsubscription requests. I kept my subscription address private until Bush revealed it a few days ago. I'm working on obtaining a subscription through an address that Bush doesn't know is connected to me.
RE: Root Server DDoS Attack: What The Media Did Not Tell You
Good Morning Joe, everyone > -Original Message- > From: Joe Baptista [mailto:[EMAIL PROTECTED]] > Sent: 25 November 2002 18:50 > To: Joe Touch > Cc: Paul Vixie; [EMAIL PROTECTED] > Subject: Re: Root Server DDoS Attack: What The Media Did Not Tell You > I always support my allegations. Proof of Hi-jacking GO HERE > the email: > http://www.law.miami.edu/~froomkin/articles/icann-notes.htm#F175 > the event: > http://www.law.miami.edu/~froomkin/articles/icann-body.htm#B175 > regards > Joe Baptista Having taken the time to read this document in it's entirety I don't actually see your name mentioned. So please forgive my ignorance of Internet history and please explain to us mortals not involved in running the Internet, where your involvement was. Many thanks Sean Jones
