RE: NATs as firewalls
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] I still believe that the time is right for an IETF WG to define SOHO gateway requirements for IPv6 networks because IPv4 wind-down will cause more people to take a serious look at how and why to deploy IPv6. One single good idea in a SOHO gateway document could be enough to tip the scales and make a business case for IPv6 services. You might be surprised to find how many network and IT managers think we already ran out of IPv4 addresses years ago, and how many more never thought about it at all. IT at most any non-technology company is still not seen as a revenue generating division and I doubt very little short of losing internet connectivity will be motivator enough to start thinking about the switch to IPv6. To me the problem with using running out of IPv4 addresses as a motivator is that what does that really mean? Is the internet going to stop working? Would anyone notice if not for the media? Why should an established company care if their upstart competitor now has to wait 3 years to get an internet presence? How is it going to break what people have that's currently working - that's what most people don't know. And being the selfish species that we are, that's why most people don't care. I think the thing that would help IPv6 the most would be the setting of a hard date when no new IPv4 addresses would be issued. This would make it real for everyone and ignite the IPv6/IPv4 gateway market (I think). Not to mention we'd never have to have another debate over when IPv4 was going to run out which might be benefit enough in itself ;) nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: NATs as firewalls
From: David Morris [mailto:[EMAIL PROTECTED] On Fri, 9 Mar 2007, Nick Staff wrote: I think the thing that would help IPv6 the most would be the setting of a hard date when no new IPv4 addresses would be issued. This would make it real for everyone and ignite the IPv6/IPv4 gateway market (I think). Not to mention we'd never have to have another debate over when IPv4 was going to run out which might be benefit enough in itself ;) What a lawsuit mess that would be ... artificial limits would never work. I think the US FCC Digital Broadcast Deadline is a good example - though more drastic than I was suggesting. I think artificial limits are inevitable unless the intention is to support IPv4 until there's no one left in the world who wants to use it (and even that is an artificial limit). I also don't understand what is gained by a sliding doomsday other than procrastination, avoidance, and a neutered stimulus. I mean if IPv4 addresses are going to run out wouldn't it be better to know exactly when? In my opinion you make it real if you give it a date but until then it's like saying smoking may cause cancer. If any smoker knew for a fact that the next drag on a cigarette would give them cancer they'd never smoke again. If a network manager knew that in 7 years all new address space would be IPv6 it would become a consideration from that point forward. In my opinion. Nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Stupid NAT tricks and how to stop them.
Anthony G. Atkielski wrote: ATT used to charge for any telephone color other than black, even though the cost of producing a telephone was the same no matter what color it was. ATT also used to charge for additional private IP addresses. I remember one company had a bussiness package with them and was also leasing a router that came locked down and configured to use 192.168.0.0/27 on the LAN. When this company wanted more IP's internally ATT wanted to charge them more to "upgrade" them to a 192.168.0.0/24 John- I agree that no IPv6 solution involvingcustomers giving up the (percieved?) freedom of NAT for a construct that has them suckling from their ISP's tit again is really going to go over well. One small note also aboutthe ISP supplied modem - at least in my experience in Los Angeles -the basic modems I've seen act solely as a pass-through (they have no configuration menus -etc). I know today modem/home networking in a box devices are being pushed (because the ISP's charge extra for it), but the basic end user is getting no bells and whistles -(at least with SBC, Verizon, and Comcast). FWIW-(which isn't much), IMO people like NAT because it lets them do what they want without paying more or getting permission. Cause I think thats really all they want from any solution. nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: IESG Response to JFC Morfin's appeal regarding suspension of posting privileges to the ietf-languages mailing list
I don't think there was one member of this list who needed to read this IESG announcement to know what they would decide. I don't think that speaks much for the integrity of the decision. nick -- Original message -- From: IESG Secretary [EMAIL PROTECTED] The IESG has received a request (see http://www.ietf.org/IESG/APPEALS/morfin-appeal-ietf-languages-list.txt) from JFC Morfin to overturn the suspension of his posting privileges to the ietf-languages mailing list. Since this appeal is similar in one critical aspect to a previous appeal overturned by the IAB for the lack of IESG explanation, this appeal will describe in more detail the process by which the IESG reached its conclusion. The IETF's procedures are aimed at a fundamental goal of making the standards process work, but they will never cover every possible circumstance. Where there is no enumerated procedure, the traditional practice of the IETF and the reasonable application of good sense is expected for managing situations. If that were not permitted, the IETF would grind to a halt in process discussions. There is no enumerated procedure at this point for managing non-WG mailing lists. That may change in the future, but until it does list managers must be guided by traditional IETF practice and by their responsibility to manage the lists in the interest of the IETF's fundamental goals. In this instance, Harald Alvestrand set out a process by which he would manage the ietf-languages list. He did so publicly, in advance of the application of that process, and by pointing to a documented process which had achieved IETF consensus as a model. The IESG believes that this was a reasonable way to achieve the goals of following the traditional practice of the IETF and judging what actions would be considered reasonable by the community. After reviewing the list traffic leading up to this suspension, the IESG upholds the suspension of J-F. C. Morfin from the IETF languages list, as we concur with the judgement of its list manager. To clarify two additional points raised by this appeal, the IESG confirms that the list [EMAIL PROTECTED] and the [EMAIL PROTECTED] are equivalent, as one is simply a redirect of the other. This mailing list practice does not affect the role the list plays in the IETF. We also confirm that the IETF language reviewer remains Michael Everson. ___ IETF-Announce mailing list IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
how do we feel about it
I'm pretty sure I understand the intense stupidity of what I'm about to suggest (and I'm sorry toanyone made angry bymy stupidity), but what if there were noprescribed response for successfulPR-Actions. What ifpart of the rough consencus process included the appropriate action to be taken. The IESG would still make the decision but they'd be able to judge the climate and their decision would (should) be similar in severity. I understand this might seem to be asking for a free for all but, well I don't know. nick (PS - If this is what Sam was suggesting in his previous post I'm sorry, I wasn't sure). ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
draft-hartmans-mailinglist-experiment
I thinkSams proposed experiment is a very good idea. I do have some thoughts, butmy support doesn't hinge on theirincorporation and I'm in favor of the draft either way. In my opinionthese should be experiments of process rather than penalty. I feel like since the severity of a ban legnth is subjective and since different cases will warrant different legnths we might do better (i.e. have less things to disagree on) ifallexperiments assumedthe sameban legnth.I was also thnking that if everyone agreed this was a process experiment then I'd like to suggest that all experiments be mock in the sense that the decisions are not actually carried out. Ithink doing it that way wouldgive us greater freedom to experiment. Also Ifigure anyone banned by an experimental process is going to make a lot of noise in the appeals process and we might start to annoy our counterparts who have to hear them? These are just my thoughts and I'm not tied to any of them so you risk no argument by disagreeing. nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: draft-hartmans-mailinglist-experiment
I guess to me I feel like all experiments will lead to banned and the effectiveness of the solution is going to be how smoothly it gets there and how much it disrupts the normal course of things. I could be misunderstanding the whole thing but I feel like productivity will be affected most by the process? -- Original message -- From: Sam Hartman [EMAIL PROTECTED] So, if we don't actually carry out the ban, how do we see whether the ban is successful in meeting the experimental goal of improving productivity? ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: how to declare consensus when someone ignores consensus
-- Original message -- From: [EMAIL PROTECTED] (Noel Chiappa) Ah, I suspect that Elwyn was gently pulling your leg about your inability to spell "capital" (i.e. the death penalty) - "capitol" means "location of the government" Ahh haaadamn word...it'll pay for that...;) Now imagine if you looked up the word Capital in the dictionary and it read like this: Capital - Although not exhaustive,examples of the meaning of the word Capital include: Wealth in the form of money or property; Human resources considered in terms of their contributions to an economy; a city that is the center of a specific activity or industry; etc. Maybe some of our inaction comes from having policies thatare a little too open-ended.I don't like beinglocked into rulesbut maybe there are cases where we can't be so open ended (RISC vs. CISC?). Maybe if we made our operational policies specific and all-inclusive we wouldn't have to reinterpret them every time we went to use them. Then again maybe we want reinterpretation. Nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: how to declare consensus when someone ignores consensus
-- Original message -- From: Elwyn Davies [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Can you imagine if during every murder trial they had a debate on the humanity of capitol punishment?As a non-US citizen, I am a little hazy about some details of the US legal system. Do I assume that this punishment requires the malefactor to sit through a set period of congressional filibusters? I look forwards to a Supreme Court ruling outlawing it as a cruel and unusual punishment. yeah I couldnt agree more. Capitol punishment is barbaric and cruel and the action of vindictive people. Odd though that you assumed I was saying that the use of capitol punishment needed to be defended instead of that the prevention of it needed to be ensured. Either way capitol punishment wa! s an analogy and whatever country you hail from I'm sure my point applies the same. My point, if you are interested, was that if the penalty for a crime had to be redecided during every trial then trials would take forever and choke an already bottlenecked system. If you can see the parralel to our current situation where once again we debate the breadth and extent of PR-Action policy while we're in the middle of trying to apply it. It's half-assed and juvenile and disorderly to the point of embarrasment. The mature voices are few and far between so we're left with a childish melee that would lose us the respect of any grown-up professional who saw it. It's become a romper room and it's an embarrasment. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: IETF Last Call under RFC 3683 concerning JFC (Jefsey) Morfin
-- Original message -- From: Eliot Lear [EMAIL PROTECTED] Marshall, I do not support approval of this PR-action. Because.?? Eliot- I don't mean any offense by this but the "Because" is the whole problem of these PR-Actions. Somehow "rough concensus" has turned into "the IESG is the jury and the IETF members have to make convincing arguments one way or the other". The IESG need not be convinved of anything and the "because" is not anyone's bussiness but yours (and is quite frankly off topic unless you start a WG called "why I don't think so-and-so should play here anymore"). I mean really, has anyone ever had their opinion changed because of something someone said during these PR-Actions? Because if you have you certainly didn't share that with the rest of us (making your change of heart null unless you mailed it to the IESG). Motion. Vote. NO CROSS TALK. Decide. Moveon. Or just admit merely controlling who gets to speak isn't satisfying enough, you must also convince everyone you are right For that's the only reason for these absurdities as I'm sure you already know. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: how to declare consensus when someone ignores consensus
-- Original message -- From: John Loughney [EMAIL PROTECTED] I am growing tired of this meta-discussion, but I just needed to add my 2 cents, then I'll be quiet I cannot say if this is what Jefsey is doing, as I am not active in any of the WGs in question.John- Can you imagine if during every murder trial they had a debate onthe humanity of capitol punishment? This in my opinion becomes a meta-discussion because people who have nothing to say about Jefsey post their general feelings on pr-actions. While I respect everyone's comments and agree each time we go through the process we learn how to better it, this is not the time or the place to discuss it. Please, if you don't have an opinion specifically related to Jefsey then stay out of the Jefsey discussion. ---BeginMessage--- ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ---End Message--- ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: FW: IETF Last Call under RFC 3683 concerning JFC (Jefsey) Mor fin
[EMAIL PROTECTED] I take a look at the IETF email after four months and it's still the same discussion as when I left! Hell - talk about the ends not justifying the means (oh yes I know this is very very important to the fate of all productivity, I'm sure the yeild will be tremendous). How 'bout this - if a PR-Action or any "rough concensus" styleban can't be decided inone week then quite obviusly the person is not making a sufficient nuiscance of themselves and the matter should be dropped. On technical matters heated debate and convincing arguments are valuable but in a PR matter it's not. What, are you going to convince someone that indeed they really were bothered by someones posts? "Gee thanks Bob, I didn't know just how much that guy wasupsetting me and hindering my productivity." This isn't regression therapy and no one should be convincing people of their opinions or perceptions. Make the motion, hear concensus, no cross-talk allowed, make the decision, move on. Oh and don't let the interior decorators influence the architects - if the policies and penalties aren't clear at the time of the motion then the motion is governed by whatever is clear and you can amend the policies seperately for the next time. You can't however dynamically change them and have them go into effect retroactively (or dynamically clarify them or however you'd describe this merger of congress and the courtroom). Nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [Pr-plan] Re: George Green takes over internet Re: 5W Intelligence Service Report
Joe Baptista wrote: does not look like that one was rejected. any advise Jeroen? thanks joe baptista Most every country requires that patent applications be filed before an invention is ever used publicly or put on sale. Additionally in the US, if an invention is described in a printed publication anywhere in the world the inventor has one year from that date to apply for a patent. Foreign patent holders are granted no special consideration or exemption under US patent laws in regards to the above requirement. nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: On PR-actions, signatures and debate
Toleration of disagreement has almost nothing to do with it. Instead, it's more a matter of signal to noise ratio on a limited bandwidth channel. If you fill up a list with ignorant drivel, people who don't have time to deal with drivel will go away, leaving the list to those who produce the drivel. That's the problem. I've seen it happen many times. -- Kent Crispin [EMAIL PROTECTED] I really, really don't want to get into another one of these, but let's be clear - no matter what you say, no matter how long you say it for, and no matter who agrees with you, Anthony is right and you are not. Let me clarify - I absolutely am not commenting on the whole signal to noise ratio thing. I am not at all trying to tell anyone what a reasonable amount of noise is for them to handle. What I'm saying is, if this were Lord of The Flies some of you would be the one who kills Piggy. nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: On PR-actions, signatures and debate
Technologists with a penchant for the meta-discussion may stay. gja So I guess you'll be staying then since you have quite the penchant for contributing to these things which you claim to hate so much. Though it's obvious you enjoy the protection of a closed community, that does not change the fact that you just contributed in a conversation whose contributors you attacked. I understand you thought YOUR contrbution WAS SPECIAL and that the problem is those of us who disagree with you, but I thought as a non technologist you'd realize that electricity needs resistance which means it's equally your drivel (if I may use one of your teams words) that continues this. I has hoped the lord of the flies analogy would have been sufficient, however I've spent more than enough time trying to teach you that 3 + 5 Jello (to quote Chris Rock) so say what you want and beat up who you'd like and do it your way, luckily I know you'll encounter a person like you on most every newsgroup and bulletin board there is so you can always see how you also built the worst part of the internet that everyone hates. Though being part of the source old timer I'm sure it will all seem rather tame to you. nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Anyone not in favor of a PR-Action against Jefsey Morfin
Melinda Shore wrote... Messages like I'm for this or I'm against this seem to be taking the form of a vote, when it seems to me that what's probably more appropriate would be an attempt at persuasion. Melinda I'm against PR-Actions for anything that can pass a Turing test nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: a new DNS root for the world?
Should _every_ Internet user (let count one billion) receive a personal copy of the root file every month, the decrease of root related traffic on the Internet would be by 90%. That the root server system works well, does not implies that the root servers system concept is still the best solution. We now have 1.5 billions (most of the Internet users and many more) who will access the NewStar root file. jfc The last time I had a reason keep a copy of the root file locally was back around 1999 and I think .com alone weighed in at over 3 gigs (I think that was uncompressed, but I've been hit in the head a lot in the last six years so I don't quite remember). I know you weren't serious, but at it's uncompressed size in 1999 it would be bandwidth cost efficient to send the root file to someone only if they were to perform approximately 6.3 million queries per version of root file (which would of course become outdated during transfer). Now lets say it's only a one time transfer and after that only updates are sent. Well forgetting the bandwidth generated by the updates, if a person performed 200 queries a night it would take them about 86 years to reach the 6.3 million needed to make the initial transfer cost effective. I'm sorry, one should never answer angry and I'm well...okay I just think it's stupid to do away with the root and I think dns delegation has exquisite scalability and near absolute empowerment to the people. Any possibility that the Internet might not be able to support DNS resolver traffic because of a root server bottleneck is beyond my concept of reality. If it truly is a bottleneck then maybe we need to seek the advise of some adult webmasters and ask them how they manage to serve multiple terabytes of porn a day without breaking a sweat or bringing down their ISP. Considering that when two technical people have a discussion you end up with 3 opinions that neither one agrees with I feel somewhat better not letting everyone play in the root. In fact I'm all for fairness but I'm not about to agree to tearing down a genius system just so foreign nationalists can have their ego satisfied by sticking their finger in the pot (Jefsey the foreign nationalist comment IS NOT directed at you at all - it's directed at the politicians and delegates who live life like it's a game of push and pushback). My apologies for the rant, I'm sure I'll regret it when someone who knows more than me replies explaining why I'm wrong. nick. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Ooops (NOTHING TECHNICAL, JUST A CORRECTION)
Sorry for the noise, but before I blush through any more corrections (that many have been kind enough to do offlist), let me say I for some reason didn't realize Jefsey was refring to the root hints and for some reason assumed he was suggesting everyone recieve a copy of the tld zones hosted by the root servers. Ooops. nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Anyone not in favor of a PR-Action against Jefsey Morfin
Anyone who wants to cast their vote against the Jefsey Morfin PR-Action Petition may now do so here: http://jefseymorfin-ietf-pr.endpointsystems.com/default.asp This is NOT an official IETF ballot and is essentially a counter petition so that both sides can be fairly represented. This counter petition was done with the full knowledge and support of Harald Alvestrand, so there should be no reason for this to turn into an argument. Best, Nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Anyone not in favor of a PR-Action against Jefsey Morfin
Sure. I made a choice to limit participation to anyone who was subscribed to the IETF list before I sent my email (basically anyone who's been on this list for more than a day shouldn't have a problem). Also I meant to say this on my original post so there's no misunderstanding - just because I put this page up it doesn't mean I'm signing it (I'm signing neither) nick -Original Message- From: Randy.Dunlap [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 05, 2005 8:15 PM To: [EMAIL PROTECTED] Cc: ietf@ietf.org; [EMAIL PROTECTED]; iesg@ietf.org Subject: Re: Anyone not in favor of a PR-Action against Jefsey Morfin On Wed, 5 Oct 2005 19:44:11 -0700 Nick Staff wrote: Anyone who wants to cast their vote against the Jefsey Morfin PR-Action Petition may now do so here: http://jefseymorfin-ietf-pr.endpointsystems.com/default.asp This is NOT an official IETF ballot and is essentially a counter petition so that both sides can be fairly represented. This counter petition was done with the full knowledge and support of Harald Alvestrand, so there should be no reason for this to turn into an argument. Just for clarification, can you tell me who qualifies as Any IETF member ? Thanks, --- ~Randy You can't do anything without having to do something else first. -- Belefant's Law ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Petition to the IESG for a PR-action against Jefsey Morfinposted
Dean Anderson wrote... Nick tells Brian how he feels about that: (Nick is plainly offended) http://www1.ietf.org/mail-archive/web/ietf/current/msg35993.html Nick is just trying to make peace. He didn't deserve that. What's more sickening is that Carpenter still apparently doesn't think he did anything offensive to Nick. Dean, thanks for supporting me on this. I appreciate your logic and your posts and your knack for seeing past the B.S. and getting to the issue. In that last post I made to Brian I was livid and didn't pull any punches. I laid it our exactly as I saw it and assumed I'd be notified by bot of my unsubscription. Not only was I never unsubscribed but when I volunteered a month later for the scribe position Brian was supportive. I will always have a great deal of respect for him for this as that shows a kind of character that most people don't have (my words don't do it justice). Sorry for posting this to the list , I thought it was only fair to Brian. nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: delegating (portions of) ietf list disciplinary process
From: Theodore Ts'o [mailto:[EMAIL PROTECTED] On Thu, Sep 29, 2005 at 06:00:18PM -0700, Nick Staff wrote: 2) Unless discussion of the decisions of the netiquette committee, during the committee is considering a request, and after the committee has rendered a decision, is ruled out of scope, it's not going to help the very long discussions such as this one which plague the IETF list. In the worst case, we can assume that the mailing list abuser will immediately appeal any decision of the netiquette committee, which means that after inventing this entire mechanism, it may not have any effect other than prolonging the agony. I know personally, if I feel a process is fair, then even if I hate the decision I can accept it and move on. That's another reason why I think it should be an unmanipulated membership. That may be true for you, OK. But that's irrelevant. What about someone who is mentally disturbed, or someone who is determined to make a nuisance of himself? How long could someone who is genuinely determined to carry out a DOS attack on the IETF should be allowed to do so? I am not necessarily making any claims about anybody in parparticular, although I do have some private opinions on this matter. The question is should we design a process which is open to abuse in this manner? It seems like designing a protocol with a known security hole and assuming that all of the participants won't violate societal norms an exploit said security hole. If this is considered irresponsible when designing a protocol, should it be considered irresponsible when designing organizational policies? - Ted Absolutely I agree Ted. I was just trying to express how it would effect me as that's the only position I can (sometimes) speak authoritatively on. Ultimately I don't see what you're suggesting that has any addition controls - whether it's a committee or a single person the same appeal process can be used and the same controls put in place. If you are referring to one of the committee members being wacko I think I provided sufficient control for that (as nothing requires unanimous vote and voting can be forced by majority). If it's a nut job list participant then I guess I could call some old friends in South Central Los Angeles to chop off their fingers but then there's always speech recognition...I guess my question to you is please tell me exactly what your concern is (if you want to do this off-list so we don't annoy everyone that's cool with me) and I promise I will address them and try to work with you to find an agreeable solution. Best, Nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: delegating (portions of) ietf list disciplinary process
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 2. An IETF netiquette committee, to offload list banning procedures from the IESG. I don't think so. I prefer that this responsibility stay with a few individuals, so that it is taken very seriously -- not only by them but by everyone. A committee would lead to dilution of responsibility as well as endless discussion on every dispute. Good point. As much as I believe the IETF should not give veto authority to any single individual, this is one case where it is probably better. My sense is that, without exception, IETF participants involved in deciding process objections has taken their role extremely seriously. It's difficult to believe that this would be any different. In addition, any abuse by the ombudsperson will be very quickly reported and corrected. d/ -- Dave Crocker Dave- Of course it's a matter of opinion, so it's not like I'm trying to tell you I'm right and you're wrong, but think about every high court in the United states and many in Europe - none of them are 1 person but rather a group. There are reasons for this, most important of which is no one is right all the time - no one no matter how wisened sees every situation clearly from all angles - not to mention most everyone has their hot issues and areas of predjudice or misunderstanding. Having a group of seven or nine helps neutralize individual errors. I'd feel much safer being judged by tcp than udp. nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: delegating (portions of) ietf list disciplinary process
From: Theodore Ts'o [mailto:[EMAIL PROTECTED] Ted- Sorry for taking so long to respond - I wanted to give some thought to your questions before replying (comments in-line) On Tue, Sep 27, 2005 at 06:47:36PM -0700, Nick Staff wrote: 2. An IETF netiquette committee, to offload list banning procedures from the IESG. I'm a big fan of the netiquette committee. I'd like to suggest that volunteers be allowed to throw their names into the hat and that members be selected blindly from that pool. This would of course avoid any stacking or favoritism, but we would need a qualifier that prevented interlopers from submitting their name. Though I hate to suggest it as it would exclude me from selection, having attended an IETF meeting in the last x years could possibly be a good filter. Maybe. I see two potential problems: 1) Serving on this committee is going to be no fun at all. Getting qualified people to sign up for what will only be seen as a sh*t job is going to be difficult. I figure if Brian was able to get multiple volunteers for the IESG scribe position (of which I was one), then this should be a cakewalk ;) And how do you exclude certain known (repeat) troublemakers from throwing their hat into the ring? Or maybe you don't, but then if they get selected, they would then have the opportunity to practice their own unique form of DOS on the netiquette committee? Here are some general design points I've been thinking about to help prevent the DOS you speak of as well as some other pitfalls: 1. 7 or 9 member committee 2. Members selected blindly from pool of volunteers *Let's not forget that no matter who you are, there is someone out there who thinks you're a troublemaker, that you're dumb, mean, etc. This is why it's open to all volunteers, to prevent the tainting of the committee and the stacking towards one point of view.* 3. Majority can close discussion and force vote 3a. Unanimous minority can stay vote for max of 2 days 4. Verdicts are made up of 2 separate votes 4a. In the first vote, the committee members vote whether to sustain or refute the petitioners claim. 4b. In the second vote (which immediately follows the first) the members vote on the punishment. One of the choices MUST always be to issue a warning. The other choices will vary depending on the petition. 4bb. Anyone who is issued 3 warnings in less that a years time, on subsequent punishment votes there MUST NOT be the choice to issue a warning. This will be for a period of 1 year beginning on the day their third warning was issued. 4c. Note that when a petition is sustained the committee votes on a PUNISHMENT FOR THE ACCUSED, and when a petition is refuted the committee votes on a PUNISHMENT FOR THE ACCUSER. This should help curtail frivolity. 5. Any sentence suspending someone's posting rights due to abusive/off-topic posts is required to pass with no greater than 1 dissenter. This is to enforce the idea that if there can be sensible disagreement about whether a post's off-topic, then it's too subjective for such a serious punishment. 5a. When 2 voting choices differ only on length of time, then their votes may be added together to reach the needed majority - however in those cases the shorter of the two sentences MUST be imposed. For example if 6 members vote for a 1 year ban and 2 vote for 30 days (with 1 voting for a warning) then even though there is not sufficient majority for a ban, the six votes and the two votes can be added together which means the ban will pass - however it can only be a 30 day ban and can never be the greater of the two. 6. In all cases the dissenting minority is allowed to publish their dissention along-side the majority verdict (in fact, one MUST NOT ever be stored, displayed, or considered without the other. 2) Unless discussion of the decisions of the netiquette committee, during the committee is considering a request, and after the committee has rendered a decision, is ruled out of scope, it's not going to help the very long discussions such as this one which plague the IETF list. In the worst case, we can assume that the mailing list abuser will immediately appeal any decision of the netiquette committee, which means that after inventing this entire mechanism, it may not have any effect other than prolonging the agony. I know personally, if I feel a process is fair, then even if I hate the decision I can accept it and move on. That's another reason why I think it should be an unmanipulated membership. I also think the dissenting opinion will help here. Sometimes just hearing someone agree with you is enough to calm the whole situation down and give someone a sense of justice or understanding - even if the majority verdict is against them. thanks, Nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [EMAIL PROTECTED]: Mismanagement of the DNSOP list]
Bert, David asked the IESG to consider a PR-action (posting rights action) against Dean. Posting rights actions are governed by RFC 3683. I agree that 3683 is used to apply drastic measures, but unfortunately those are the measures the AD saw as appropriate for Dean's supposed infractions. Even the RFC refers to applicable cases as serious situations, but again it was the AD who thought it fair to levy the harshest sentence at our disposal against Dean. It's judgment calls like that which make everything circumspect to me. nick -Original Message- From: Wijnen, Bert (Bert) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 2:01 AM To: Steven M. Bellovin; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; 'IESG'; ietf@ietf.org Subject: RE: [EMAIL PROTECTED]: Mismanagement of the DNSOP list] Steve writes: Actually, 3683 specifically requires community discussion of motions to block someone's posting rights. It is, in so many words, done by a Last Call. Steve, I thought that RFC3683 is intended to apply drastic measures (see intro, page 4). RFC2418 allows a WG chair and the ADs to also take measures if someone is disrupting WG progress (sect 3.2). I certainly hope that we do not have to have the equivalent of an IETF Last Call everytime that a WG chair or AD finds that an individual is disrupting normal WG process. Bert ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [EMAIL PROTECTED]: Mismanagement of the DNSOP list]
Wijnen, Bert (Bert) [EMAIL PROTECTED] wrote: I certainly hope that we do not have to have the equivalent of an IETF Last Call everytime that a WG chair or AD finds that an individual is disrupting normal WG process. RFC 3683 (BCP 83) is concise enough to quote the applicable part in its entirety: ] ]A PR-action identifies one or more individuals, citing messages ] posted by those individuals to an IETF mailing list, that appear to ] be abusive of the consensus-driven process. If approved by the IESG, ] then: ] ] o those identified on the PR-action have their posting rights to ] that IETF mailing list removed; and, ] ] o maintainers of any IETF mailing list may, at their discretion, ] also remove posting rights to that IETF mailing list. ] ] Once taken, this action remains in force until explicitly nullified ] and SHOULD remain in force for at least one year. ] ] One year after the PR-action is approved, a new PR-action MAY be ] introduced which restores the posting rights for that individual. ] The IESG SHOULD consider the frequency of nullifying requests when ] evaluating a new PR-action. If the posting rights are restored the ] individual is responsible for contacting the owners of the mailing ] lists to have them restored. ] ] Regardless of whether the PR-action revokes or restores posting ] rights, the IESG follows the same algorithm as with its other ] actions: ] ] 1. it is introduced by an IESG Area Director (AD), who, prior to ] doing so, may choose to inform the interested parties; ] ] 2. it is published as an IESG last call on the IETF general ] discussion list; ] ] 3. it is discussed by the community; ] ] 4. it is discussed by the IESG; and, finally, ] ] 5. using the usual consensus-based process, it is decided upon by ] the IESG. ] ] Of course, as with all IESG actions, the appeals process outlined in ] [4] may be invoked to contest a PR-action approved by the IESG. ] ] Working groups SHOULD ensure that their associated mailing list is ] manageable. For example, some may try to circumvent the revocation ] of their posting rights by changing email addresses; accordingly it ] should be possible to restrict the new email address. A PR-action under BC 83 is intended to be permanent. I certainly hope we _do_ have an IETF Last Call every time a WGC feels the need to _permanently_ revoke posting rights. RFC2418 allows a WG chair and the ADs to also take measures if someone is disrupting WG progress (sect 3.2). ] ] As with face-to-face sessions occasionally one or more individuals ] may engage in behavior on a mailing list which disrupts the WG's ] progress. In these cases the Chair should attempt to discourage the ] behavior by communication directly with the offending individual ] rather than on the open mailing list. If the behavior persists then ] the Chair must involve the Area Director in the issue. As a last ] resort and after explicit warnings, the Area Director, with the ] approval of the IESG, may request that the mailing list maintainer ] block the ability of the offending individual to post to the mailing ] list. This looks similar, but it does not require the one-year minimum, nor does it require a LastCall. Furthermore, this _has_been_done_ for Dean Anderson on dnsops. From the IESG minutes of 13 May 2004: ] ] 7.2 Approval to block participant on a WG list (Bert Wijnen) ] ] This management issue was discussed. The IESG agrees that Bert ] Wijnen may block posting rights for Dean Anderson on the dnsops ] mailing list if he refuses to stay on topic as per the list rules. which raises the question, Why are we even discussing this? -- John Leslie [EMAIL PROTECTED] John- Could you please specify the RFC that details the procedure for when an AD requests that the IESG remove someone's posting privileges from the IETF list (the RFC other 3683 of course). If there isn't one then I'd have to ask that you refrain from making wildly unsupported claims as they are disruptive to the process. Thanks, Nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [EMAIL PROTECTED]: Mismanagement of the DNSOP list]
C.M. - One of us has horribly missed the point of John's email (I'm not inferring it's you). Whichever one of us it is, the good news is I think we actually agree with each other =) The passage you quoted was indeed quoted by John but the way I read his post was that he was quoting it to show how this situation did not actually apply. That's why I asked him to provide relevant text from another rfc other than 3683 since if he was saying that wasn't relevant I wanted to know what was. I support my interpretation by quoting what John said immediately after the description: This looks similar, but it does not require the one-year minimum, nor does it require a LastCall. Basically CM I agree with you wholeheartedly that the passage does apply and that this situation should be governed by 3683. nick On Tue, 27 Sep 2005, Nick Staff wrote: John- Could you please specify the RFC that details the procedure for when an AD requests that the IESG remove someone's posting privileges from the IETF list (the RFC other 3683 of course). If there isn't one then I'd have to ask that you refrain from making wildly unsupported claims as they are disruptive to the process. Thanks, Nick Apparently you missed this in John's message (which you quoted in its entirety, with garbled formatting): RFC2418 allows a WG chair and the ADs to also take measures if someone is disrupting WG progress (sect 3.2). ] ] As with face-to-face sessions occasionally one or more individuals ] may engage in behavior on a mailing list which disrupts the WG's ] progress. In these cases the Chair should attempt to discourage the ] behavior by communication directly with the offending individual ] rather than on the open mailing list. If the behavior persists then ] the Chair must involve the Area Director in the issue. As a last ] resort and after explicit warnings, the Area Director, with the ] approval of the IESG, may request that the mailing list maintainer ] block the ability of the offending individual to post to the mailing ] list. Look on the second paragraph on Page 13. //cmh ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: delegating (portions of) ietf list disciplinary process
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On I'm interested to know whether people would see arguments for either or both of 1. An IETF Ombudsman (or Ombudscommittee), to act as a dispute mediator. 2. An IETF netiquette committee, to offload list banning procedures from the IESG. Brian Ahh, you beat me to the punch ;) I'm a big fan of the netiquette committee. I'd like to suggest that volunteers be allowed to throw their names into the hat and that members be selected blindly from that pool. This would of course avoid any stacking or favoritism, but we would need a qualifier that prevented interlopers from submitting their name. Though I hate to suggest it as it would exclude me from selection, having attended an IETF meeting in the last x years could possibly be a good filter. I'm probably getting ahead of things but I was also thinking some controls could be implemented to discourage frivolous accusations. I realize that someone who repeatedly accuses falsely won't be taken seriously, but sometimes the goal is disruption and uncertainty which unfortunately these accusations are almost guaranteed to provide. Anyway I think it's a great idea Brian. nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [EMAIL PROTECTED]: Mismanagement of the DNSOP list]
From: Brian E Carpenter [mailto:[EMAIL PROTECTED] Nicholas Staff wrote: - Forwarded message from Dean Anderson [EMAIL PROTECTED] - FYI: I am being threatened for posting operationally relevant criticism of mis-operation of the F DNS Root server on the DNSOP list. -- -- Forwarded message -- Date: Fri, 23 Sep 2005 15:55:20 -0700 From: David Kessens [EMAIL PROTECTED] To: Dean Anderson [EMAIL PROTECTED] Cc: David Meyer [EMAIL PROTECTED], Rob Austein [EMAIL PROTECTED], Bert Wijnen [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: [dnsop] An attack that DNSSEC would have defended against...] Dean, To avoid any misunderstandings: My message is an official warning to you that I will propose to the IESG to remove your posting privileges if I see one more abusive mail from you. Thanks, David Kessens --- Since I have been informed that this actually is the forum for this discussion according to RFC 3683 I will ask for a clarification from David on this whole thing. David, the way it reads to me is you warned Dean you would go to the IESG if he continued what you felt were abusive posts. Dean in turn informed the IESG of your warning because he felt it was unwarranted and being used by you as a tool to silence someone who had a differing technical opinion. You then used his complaint to the IESG as an instance of another abusive post and requested to have his privileges removed. Is that basically correct? If so are you telling me that I have to be afraid of ever voicing a complaint or problem to the IESG because an AD can use that as a reason for retribution? This to me transcends Dean and whether or not his posts are abusive - I'd like to know (maybe someone else has the answer) if I can be penalized for lodging a complaint with the IESG. No, but on the other hand WGs, the IESG and the IETF as a whole are fully entitled to defend themselves against denial of service attacks. If someone persistently sends off-topic mail over a long period, or mail making acccusations that are clearly outside the IETF's scope, or simply repetitions of the same point over and over, that is in effect a DoS and that is why we have RFC 3683. And to be very clear, if two parties are at odds outside the IETF, that must stay outside the IETF. Inside the IETF (i.e. on our mailing lists and at our meetings) there is no place for external disputes. WG Chairs, the Area Directors, and the IESG do have authority here. Brian Brian, I'm not trying to be a pain in the ass (though I don't doubt I've become one), but it's not that I don't agree with what you're saying - heck not only is it the IESG's right but I think it's their duty to defend themselves and the IETF from such attacks. What I can't wrap my head around is the logic that connects it to Dean. Here is the data that's giving me a problem: In the last six months approximately 65%-75% of email generated by or about Dean to this list have been in response to messages that complained about the relevancy of his comments. In fact roughly 20% of all mail this list has received either by or relating to Dean has been from this thread alone. If you remove those messages from the count then over the last six months Dean averages around one email every 4-6 days. (all figures are rough at-a-glance calculations as opposed to pen and paper). Without getting into the discussion of whether an email every 5 days is a DOS I would certainly like to state for the record that without question the pettiness has taken far more thought than the productivity, and so if Dean's posts are a DOS then the posts trying to protect us from them have been an atom bomb. thanks, nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [EMAIL PROTECTED]: Mismanagement of the DNSOP list]
In message [EMAIL PROTECTED], Dave Crocker writes: Without getting into the discussion of whether an email every 5 days is a DOS I would certainly like to state for the record that without question the pettiness has taken far more thought than the productivity, and so if Dean's posts are a DOS then the posts trying to protect us from them have been an atom bomb. That's the reason the process model delegates handling such problems to specific individuals, rather than having all of us, together, participate in the review and assessment. Actually, 3683 specifically requires community discussion of motions to block someone's posting rights. It is, in so many words, done by a Last Call. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb Thank you Steven - I was really beginning to think no one on this list cared as much about the truth as they did winning and it was really nice to find I was wrong. Dave, Noel - I know what you guys are saying and believe me, I really really would rather not be playing the role I'm playing. Truthfully though, I thought both of your comments were mean spirited and geared at making me feel bad rather than at trying to help fix the problem but I'm not going to respond to them any more than that because I'm not sure if those are things you really believe or if you were just saying them because you wanted to take a cheap shot to feel like you'd been better than someone. If you really feel your comments are worth discussing drop me a line off-list and I'll be happy to respond and explain why I think your position is unfair and why I think you're two of the bullies of this list and part of the root problem this thread is an example of (which is funny because I like both of you, but it's like that old line they're really nice when it's just us but when they get around their friends they just start acting different...). To everyone else (as well as Noel and Dave) I'm sorry for making such a big deal about this but the thing is our first cardinal principal is that anyone can make their voice heard on an issue, so to call someone's voice off-topic is to say their opinion is so egregiously irrelevant that it warrants the compromise of the first of only five principles this organization is founded on. There is much weight in that but unfortunately it has been so overused here as a debate tactic that I doubt people are even aware of what they're trivializing. I read the DNSOPS Charter and I read Dean Anderson's post. Does it seem to fixate a little unnaturally on the ISC? To me it does. Does Dean seem like a bit of a zealot? To me he does. Is his message about DNS and a possible operational hazard? It certainly read that way to me. Thanks for listening, Nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [EMAIL PROTECTED]: Mismanagement of the DNSOP list]
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] - Forwarded message from Dean Anderson [EMAIL PROTECTED] - FYI: I am being threatened for posting operationally relevant criticism of mis-operation of the F DNS Root server on the DNSOP list. -- -- Forwarded message -- Date: Fri, 23 Sep 2005 15:55:20 -0700 From: David Kessens [EMAIL PROTECTED] To: Dean Anderson [EMAIL PROTECTED] Cc: David Meyer [EMAIL PROTECTED], Rob Austein [EMAIL PROTECTED], Bert Wijnen [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: [dnsop] An attack that DNSSEC would have defended against...] Dean, To avoid any misunderstandings: My message is an official warning to you that I will propose to the IESG to remove your posting privileges if I see one more abusive mail from you. Thanks, David Kessens --- Since I have been informed that this actually is the forum for this discussion according to RFC 3683 I will ask for a clarification from David on this whole thing. David, the way it reads to me is you warned Dean you would go to the IESG if he continued what you felt were abusive posts. Dean in turn informed the IESG of your warning because he felt it was unwarranted and being used by you as a tool to silence someone who had a differing technical opinion. You then used his complaint to the IESG as an instance of another abusive post and requested to have his privileges removed. Is that basically correct? If so are you telling me that I have to be afraid of ever voicing a complaint or problem to the IESG because an AD can use that as a reason for retribution? This to me transcends Dean and whether or not his posts are abusive - I'd like to know (maybe someone else has the answer) if I can be penalized for lodging a complaint with the IESG. Thanks, Nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf The way I see it - the answer is, under normal circumstances NO. However, in the history of the IETF there have been several cases where people go out of their way to send unwarranted complaints to various ADs/IESG/IAB with unwarranted claims. If you were to do this more than a few times... Well, lets just say crying wolf once isn't a foul - but after a couple more times the town won't come out to see if there is a wolf in the pasture. Does that mean that if an AD's proposal to remove someone's posting privileges fails to garner the required support that it was the AD who cried wolf? And if not how come? nick ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: I-D ACTION:draft-klensin-iana-reg-policy-00.txt
Comments inline... General AD hat on: I'm concerned that since rfc2434bis is in progress, any changes to RFC 2434 should be made in that draft, not by an additional document. Otherwise we will end up with a patchwork quilt of documents. So I'd encourage the authors of iana-reg-policy to figure out where their ideas would impact draft-narten-iana-considerations-rfc2434bis, and as the saying goes send text. General AD hat off: 1. I agree with those who've said that we can't reasonably make blanket retroactive changes to the intent of previous IANA Considerations based on or citing RFC 2434. We can clearly change the intent of future IANA Considerations (see previous comment from the AD :-). But if existing, published documents need to change (2780 to take an example) I think they have to be changed explicitly. 2. It's easy to say that if a namespace is too small, we should make it bigger. But, to take a recently contentious example, there's a *reason* the IPv6 option field is only 3+5 bits long. It wasn't an idle choice. It was to keep the IPv6 header as short as possible and as nicely aligned as possible, for the benefit of hardware designers and wirless networks in particular. There was also a *reason* the diffserv code point was limited to 6 bits - as above, plus the fact that the ECN folk really needed the other two bits. So clearly, these small fields need prudent stewardship. As a matter of fact, I can make an argument for prudent stewardship in seemingly much larger fields. 32 bits seemed like a lot in 1980, no doubt; 128 bits seemed like a lot in 1995. But see draft-narten-iana-rir-ipv6-considerations-00.txt for why even a 128 bit field needs prudent stewardship. And even the rather large domain name space turns out to need prudent stewardship, as Vint knows only too well. So however large the namespace gets, it needs prudent stewardship. I can't disagree that namespaces should be as large as reasonably possible on engineering grounds. But actually extending a deployed namespace is a massive undertaking. A good example is the BGP4 AS number space - we've known for years that it is filling up, but the deployment effort involved in expanding it has prevented any action. So even if we can theoretically expand the namespace, it needs prudent stewardship in practice. 3. Thus I come to the key question - how high should the bar be for assignments in clearly constrained namespaces? This month's poster child is IPv6 option numbers, but at an even more basic level, we should probably be more worried about port numbers, where we seem pretty close to running out of well-known numbers, and moving along nicely through the registered port numbers. Regarding port assignment - I know what I'm about to suggest is somewhat mickey-mouse (and could be interpreted as inviting self-assignment of ports), but maybe we could make a distinction between the port ranges used by system processes and the port ranges used by applications (by application I mean software that is not stand alone and must run on top of another system like an OS). My only thought behind this is that we could minimize critical conflicts because an application developer who was denied their port request would at least know not to self-assign a port from the system range because there would be no end user remediation of conflicts, whereas if they picked from the application range, at least they know there'd always be a workaround to conflicts in the vein of you can't run my app while you're running app x. Again this is not to encourage self-assignment, but to make it a little less problematic when it happens. This is pretty off the cuff so if it's utterly stupid please treat it like a brainstorming session and don't forever write me off as an idiot (if you haven't already). Thanks, Nick Staff I'm on the side of fairly rigorous review in these constrained spaces. With the experience of the Larry Roberts request, I actually think RFC 2780 is too lax - it would be better if IETF Review (in rfc2434bis terminology) was required for option numbers. Contrary to what I understand the present draft to mean, I think that for some very critical namespaces, such as IP header fields, that may have fundamental impact on packet flows, a technical review of the proposed usage of the parameter is *always* required before an assignment, regardless of scarcity. Clarity of definition is *not* enough to justify a registration; we also need to agree as a community that the proposed usage will not be a cause of collateral damage to the Internet. There's every reason that the same standard should apply to specifications developed outside the IETF exactly as to IETF documents. For the more critical namespaces covered by 2780, I am quite sure this applies. There can be other namespaces where it certainly doesn't. I
Re: Last Call: 'Email Submission Between Independent Networks' to BCP
I'm sure many will think this a stupid comment, but in the hopes that some don't I'll point out that the largest and arguably most efficient messaging system in the world is built upon open relay. Anyone can anonymously drop a letter in any mailbox in the US and while there's junk mail it's proportions are certainly nothing like spam. Why the difference? Well first I split spam into 2 categories: 1. legitimate advertisements for legitimate products (whether solicited or unsolicited).2. Fraudulent mail, scams, cons, etc. I think the email abusers almost entirely fall into the second category and that nobody would be complaining if spam primarily consisted of Bloomingdale's catalogues and coupon val-paks. So I think we are attacking things the wrong way. The methods we are using - whether blacklists or 'authorized email' is going to either prove fruitless or end up ruining the big picture, which for me is electronic communication for everyone, to everyone. Using electronic means, I don't see how we can ever prevent spam and still have open global communication among disparate systems. It would be a different story if one organization ran all email servers worldwide but that horrible thought aside there will always be holes and breaks in an authentication/authorization scheme unless people limit who they can communicate with, and even then there will be spam. There's also the returns we see on our efforts to consider. Think of the millions of man/woman hours spent trying to stop spam - so many hours it probably would have taken less to inspect every email by hand. And then when you think (if you believe as I do) that everything can be gotten around and that security holes are as infinite as the imagination, well then you know there will always be some kid with a script (which also includes any real spammer) who will be able to get around your defenses within a week of them being implemented. My last unconstructive comment is that simple systems scale lossless and complex systems grow in a complexity proportionate to their size. Funny enough, I think the postal inspector's department came about because of the amount of scams being sent via mail shortly after the civil war (such a glut that it was bringing the postal service to their knees). Yet the postal service remained open-relay - why? Maybe because they realized that they didn't need to 'trace' scam-mail because scams are trace-inclusive as the scammer must include a point of contact. Sure there's the occasional anonymous letter bomb but since their resources aren't spent blocking coupon mailers they are much more likely to catch the big stuff. I know there are 8 trillion problems with this idea but I think in general, email fraud needs to become like mail fraud and there needs to be a team of inspectors who follow up on such reports and arrest violators (I know the Internet is bigger than the US, so of course it's up to each country how to handle it). I'm sorry for the non-technical post but I think blacklists are disgusting (I don't care if they help or not) and I just think so much brilliance could be directed elsewhere. Thanks and best regards, Nick Staff [EMAIL PROTECTED]-- Original message --it's possible to have open relays that don't contribute to spam. but those relays need to employ some other means, e.g. rate limiting, to Rate limiting is a relatively recent technique. Though very useful it has... ummm, limited applicability. mostly because of blacklists. it was working fine for its intended purpose. One needs to be careful not to dismiss established techniques in favor of the latest fashionable one that is not as well fully understood. I don't know what you mean by "relatively recent", but I was doing it at least as early as April 1999 - that's the last mod date on my source files. RFC 2554 only dates from March 1999. For example, rate limiting is used to control a single source. It's quite useful when used at the destination. At a sufficiently well-run source network, it also can be pretty useful. It's also pretty useful for preventing a relay from being exploited by spammers. The problem is with zombies. They make mush of old-time models of spam, since they demonstrate that a very small data stream from a single source can be leveraged into a very, very large data stream, given enough sources. Rate limiting of this type (based on source IP address), if done properly, doesn't help or hurt zombies. The rates need to be set such that zombies can send directly to the recipients' MXes as easily, and more reliably, as they can send the same mail via the rate limiting SMTP servers. One can start imagining more complex rate-limiting models, but then we would be talking about research efforts. A BCP is not supposed to rely on research, especially when it hasn't been done. Maybe you should stick to talking about things that you know something about.
Re: Last Call: 'Email Submission Between Independent Networks' to BCP
No need to go against your nature just to make me feel comfortable Larry, post any which way you like as I'm capable of following the thread whichever way you do it. I understand your point about the prepaying but the reason I don't think that's the answer is that if money were the cause then there'd be at least some spill-over (companies that once in awhile shelled out the bucks or defrauded the post office using tampered stamp machines which some snail-mail advertising companies have done to the tune of $20 million). Since I've never been offered herbal viagra or a piece of Nigeria via the post office I have to assume there's yet another reason. Am I right, how could I know, that's why this is just food for thought if you will. --Best regards, Nick Staff [EMAIL PROTECTED] -- Original message -- Since you top posted, I will, against nature, respond in kind. The one "item" you missed from your analogy is that postal mail is "paid" for up front, by the person "posting" (anon or not) - eg the post-office gets paid _before_ your letter gets delivered. The problem with spam is that the receipient is "paying" the cost (cod with no chance to refuse delivery)... -- Larry Smith SysAd ECSIS.NET [EMAIL PROTECTED]On Thursday 16 June 2005 21:50, [EMAIL PROTECTED] wrote: I'm sure many will think this a stupid comment, but in the hopes that some don't I'll point out that the largest and arguably most efficient messaging system in the world is built upon open relay. Anyone can anonymously drop a letter in any mailbox in ! the US and while there's junk mail it's proportions are certainly nothing like spam. Why the difference? Well first I split spam into 2 categories: 1. legitimate advertisements for legitimate products (whether solicited or unsolicited). 2. Fraudulent mail, scams, cons, etc. I think the email abusers almost entirely fall into the second category and that nobody would be complaining if spam primarily consisted of Bloomingdale's catalogues and coupon val-paks. So I think we are attacking things the wrong way. The methods we are using - whether blacklists or 'authorized email' is going to either prove fruitless or end up ruining the big picture, which for me is electronic communication for everyone, to everyone. Using electronic means, I don't see how we can ever prevent spam and still have open global communicat! ion among disparate systems. It would be a different sto ry if one organization ran all email servers worldwide but that horrible thought aside there will always be holes and breaks in an authentication/authorization scheme unless people limit who they can communicate with, and even then there will be spam. There's also the returns we see on our efforts to consider. Think of the millions of man/woman hours spent trying to stop spam - so many hours it probably would have taken less to inspect every email by hand. And then when you think (if you believe as I do) that everything can be gotten around and that security holes are as infinite as the imagination, well then you know there will always be some kid with a script (which also includes any real spammer) who will be able to get around your defenses within a week of them being implemented. My last unconstructive comment is that s! imple systems scale lossless and complex systems grow in a complexity proportionate to their size. Funny enough, I think the postal inspector's department came about because of the amount of scams being sent via mail shortly after the civil war (such a glut that it was bringing the postal service to their knees). Yet the postal service remained open-relay - why? Maybe because they realized that they didn't need to 'trace' scam-mail because scams are trace-inclusive as the scammer must include a point of contact. Sure there's the occasional anonymous letter bomb but since their resources aren't spent blocking coupon mailers they are much more likely to catch the big stuff. I know there are 8 trillion problems with this idea but I think in general, email fraud needs to become like mail fraud and there needs to ! be a team of inspectors who follow up on such reports and arrest viola tors (I know the Internet is bigger than the US, so of course it's up to each country how to handle it). I'm sorry for the non-technical post but I think blacklists are disgusting (I don't care if they help or not) and I just think so much brilliance could be directed elsewhere. Thanks and best regards, Nick Staff [EMAIL PROTECTED] -- Original message -- it's possible to have open relays that don't contribute to spam. but those relays need to employ some other means, e.g. rate limiting, to Rate limiting is a relatively recent technique. Though very useful ithas... ummm, limited applicability. mostly because of bl