RE: Abstract of proposed Internet Draft for Best Current Practice (please comment)
DJR Date: Mon, 10 Mar 2003 22:17:56 +0700 DJR From: Dr. Jeffrey Race DJR Please read the details in the text. It is all spelt out DJR there. I'm glad someone has spelt out how we can find our way out of the spam maize. Hopefully the details are explained with sufficient granularity, and without a lot of chaff. I didn't get a PhD from any Ivy League school, let alone in spelling. Of course, I don't claim to have all the answers, either. If your proposal works, shall we send flours? Eddy -- Brotsman Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
RE: Abstract of proposed Internet Draft for Best Current Practice (please comment)
Well-managed...profitably. leaves out a lot of companies. Also is there a forthcoming section on criterium for demonstrating reformation by the sp and/or 'offending' user? The criterion is stated: no more complaints Implies that a simple j'accuse is enough to create a denial of service. I prefer the US to Napoleonic codes, where an accusation is insufficient to prove guilt. - James R. Cutler, EDS 800 Tower Drive, Troy, MI 48098 248-265-7514 [EMAIL PROTECTED] -Original Message- From: Peter Galbavy [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2003 9:06 AM To: Dr. Jeffrey Race Cc: [EMAIL PROTECTED] Subject: Re: Abstract of proposed Internet Draft for Best Current Practice (please comment) quote: Well-managed, ethical members of the internet industry already conduct their businesses, successfully and profitably, according to the principles specified in the Practice. The proposed Practice simply aims to raise the entire industry to the level of today's best players. I object to this wording; even without reading *any* other part of your document, I am already very cautious about it's contents simply because of the implication of your statement above. This is very much one of those political you're either with us or against us declarations. So - if you don't so it 'our way' then you must be unethical and badly-managed. At least. Peter
Re: Abstract of proposed Internet Draft for Best Current Practice(please comment)
On Fri, 7 Mar 2003, Dr. Jeffrey Race wrote: Whether it is implemented is not my business. I am the doctor diagnosing the illness and prescribing the scientifically validated cure, and warning the patient of the quack remedies on the market. My job is done now (almost, I just have to reformat and submit as I-D, maybe a few more hours). The problem is you're not defining a cure. You're defining rules for a quarantine. Quarantines work when you have a single, reliable, authoritative entity enforcing them...but when you allow people to decide if they want to respect the quarantine or not, it doesn't work. Unless there is some mechanism to enforce the respect of the quarantine you propose, beyond the supposed benefits of the quarantine, your proposal will not work. See, the benefits will never be universally accepted...most people would prefer a best-effort filtering solution that empowers the end-user to ultimately decide what they want to reject. Does that shift the cost to the receiving end? Yes. Is that better than preventing your customers from reaching large portions of the net? Most emphatically yes. If you look at it another way, why would an almost-tier 1 pay for transit? All it does is make them pay a price to be able to reach certain parts of the net. If losing money is such a motivator for stopping network abuse, your proposal would inherently link the price of filtering with the price of being able to reach all of the net. Therefore, if people are willing to pay for transit, under the logic of your proposal, they should be willing to pay for filtering. Until people are perfect, filtering out the bullshit they spew will always be a technical band-aid for a social problem. The key is to push the decision making to the end-user, not to a central authority. By way of background, I wrote a very famous book (War Comes to Long An) on a matter of transcendent national importance, in 1972.It also (by inference) prescribed some medicine. It got a lot of criticism at the time, but it is now the canonical analysis of that problem, used in universities and military/diplomatic training institutions worldwide. It took several years for this to happen. I know, from talks with friends in the White House, that MANY people are alive today who would be dead had I not spent three years of my life writing that book. Unfortunately, writing a well-respected book about a peasant revolt in South Vietnam doesn't bring any free credibility to this arena. If nothing else, you should realize the inherent flaws in attempting to enforce rules (perceived to be unjust) on people who do not wish it. I have spent three years developing this draft BCP. It is a cure, in fact the ONLY cure, for the spam menace. It will work. Whether people want to take the cure is up to you and your colleagues. I am just a drive-by spamming victim who got sick of the pointless debate and decided to analyse the problem based on what I know of technology and of human behavior (having studied both professionally; I am trained as a social scientist from a well-known institution in Cambridge Massachusetts but have spent most of my recent adult life in technology; I was in the Army signal corps before that). This is just a charitable effort on my part. I am not selling anything. I also studied at a well-known institution in Cambridge, although I was more interested in beers, bongs, and bitches (no disrespect intended to women, that was just the saying...people will do anything for an alliteration). Anyway, I respect the effort and the intent. What I'm trying to convey is that the total and willfull ignorance toward practicality is your fatal flaw. My apologies for the personal discussion which I would not ordinarily go into, but it is germane here so you all can understand I have no vested interest in pushing software or hardware. This effort is completely unrelated to my life work except in the sense that I am a spam victim. No, we're painfully aware that you're an academic. That's actually the problem. If you were a hardware or software vendor, you might be proposing a solution that people can purchase and implement. You're proposing a radical paradigmatic shift of the way the internet works. The last paradigmatic shift that was actually implemented, that I can think of, was CIDR. And CIDR was _desperately_ needed, and universally accepted as THE solution. There are lots of well-run networks that don't accept inbound spam and don't enable outgoing spam. Their customers are happy and they are making money. Correct. And those networks don't use your methods. Remember, it's a fine line. The network operators don't advocate abuse; Some do and gain lots of revenue from it. See the sad truth at www.camblab.com/nugget/spam_03.pdf Surely, as an acadmeic, you realize the fault in citing your own papers (that haven't been rigorously investigated and upheld by the community) to prop up your
RE: Abstract of proposed Internet Draft for Best Current Practice (please comment)
I actually see several problems with this: 1.) Near as I can tell, Emergent Structures are observed phenomena. They are not tools for social engineering. 2.) You suggest pushing this at appropriate bodies. Near as I know... there is no such animal. 3.) You say in the header that you're looking for comments. Based on what you write though you're not looking for comments. You're looking for contributors. You lead right off saying Interested parties are invited to provide comments to correct, elaborate, or perfect my proposal, abstracted below, which I plan to offer as an Internet Draft momentarily. Someone commenting would be free to disagree. All of your statements begin with the assumption that there can be no flaw in the basic premise. 4.) I agree with previous posters that the phrasing and structure come off as zealotry. 5.) Well-managed, ethical members of the internet industry already conduct their businesses, successfully and profitably, according to the principles specified in the Practice. The proposed Practice simply aims to raise the entire industry to the level of today's best players. Do you honestly mean to say that profitability is now a best common practice? Who are these best players? Near as I can tell.. the largest companies playing in this sector or none of these things. In fact I know of no company I'd say fit your definition of best players. I'm curious who you consider to be your model for best player. 6.) From what I know of enforcing our AUP, by many accounts the email address you're using is on a well known spam enabler (your words) and many would consider you a spam supporter for buying service from them. I don't agree, but that seems to be the perception in NANAE. 7.) In my opinion this line of reasoning is dangerous. I believe it is the slippery slope to the loss of freedom of speech and expression. There are many groups that already desire to censor and control the free exchange of ideas that the Internet makes possible. There are many more problems I see. I don't have the answer, but in my opinion this will serve only to alienate people who need to be involved in the discussion.
Re: Abstract of proposed Internet Draft for Best Current Practice (please comment)
McBurnett, Jim wrote: To be blunt: It seems that your opinion is: If a company wants to dump trash in my email account and they are able to find an ISP who is so blindly just taking a payment and cares less about what who they provide service to, so be it, I don't care. I did not even know that's what the proposal was about - I did say I objected to the whole having not even read it - simply because of the holier-than-thou wording of that specific paragraph. Well to that sir, I say this: In the United States capitalism is a way of life, but YOUR freedom's only extend to the point at which they impeach upon MY freedoms, at which point you and every SPAMMER out there IS WRONG. I have sent several letters as of recent to my congressional representatives with the points that a business cannot and should allow their services to be used to force feed me unsolicited email. And that any provider that does may be fined... Why do many - especially the uneducated and ignorant ones I suppose ? - assume that everyone lives under US jurisdiction ? I dislike SPAM, I have my own tools to fight SPAM and I have been doing it for quite some time thanks. When some meta-literate comes along telling me that their proposal is perfection and that anyone not believing their preaching is the enemy, I get annoyed. Live with it. Peter
Re: Abstract of proposed Internet Draft for Best Current Practice(please comment)
Some comments, after reading the draft: Under 2.1, Form of Practice, where you finally talk about what it is you're propsing: The withdrawal of IR (use of blocklists, cancellation of routing, withdrawal of IP addresses and domain names) may in its early months of adoption split the Internet into oceans of purity and islands of pollution. As withdrawal expands, polluters will be pushed into ever smaller and less connected domains, which grow ever more blocked. This cumulative process will end quickly, with residual polluted islands populated by those lacking a need to communicate with oceans of purity. That's the primary flaw. This will never get implemented due to the cavalier attitude towards collateral damage. Like you said, you need everybody to jump at the same time. Unfortunately, there is almost zero chance of that happening. Hell, I seriously doubt that IPv6 will ever replace IPv4 (at least until we truly run out of address space...which is looking less likely with time). To ostracize those who disagree by lableing them abuse-supporters is to diminish your chances even further. You'll end up with an island of purity in the middle of an ocean of pollution...and the cumulative process will end quickly when your customers come to your NOC with pitchforks and shotguns. In the end, we're here to serve the customer, not the other way around. Remember, it's a fine line. The network operators don't advocate abuse; the business end of cash-desperate networks are the driving force in this industry, not us. Andy Andy Dills 301-682-9972 Xecunet, LLCwww.xecu.net Dialup * Webhosting * E-Commerce * High-Speed Access
Re: Abstract of proposed Internet Draft for Best Current Practice (please comment)
Thank you Andy for making my points so clearly. See inline comments On Thu, 6 Mar 2003 12:30:11 -0500 (EST), Andy Dills wrote: Some comments, after reading the draft: Under 2.1, Form of Practice, where you finally talk about what it is you're propsing: The withdrawal of IR (use of blocklists, cancellation of routing, withdrawal of IP addresses and domain names) may in its early months of adoption split the Internet into oceans of purity and islands of pollution. As withdrawal expands, polluters will be pushed into ever smaller and less connected domains, which grow ever more blocked. This cumulative process will end quickly, with residual polluted islands populated by those lacking a need to communicate with oceans of purity. That's the primary flaw. This will never get implemented due to the cavalier attitude towards collateral damage. Whether it is implemented is not my business. I am the doctor diagnosing the illness and prescribing the scientifically validated cure, and warning the patient of the quack remedies on the market. My job is done now (almost, I just have to reformat and submit as I-D, maybe a few more hours). By way of background, I wrote a very famous book (War Comes to Long An) on a matter of transcendent national importance, in 1972.It also (by inference) prescribed some medicine. It got a lot of criticism at the time, but it is now the canonical analysis of that problem, used in universities and military/diplomatic training institutions worldwide. It took several years for this to happen. I know, from talks with friends in the White House, that MANY people are alive today who would be dead had I not spent three years of my life writing that book. I have spent three years developing this draft BCP. It is a cure, in fact the ONLY cure, for the spam menace. It will work. Whether people want to take the cure is up to you and your colleagues. I am just a drive-by spamming victim who got sick of the pointless debate and decided to analyse the problem based on what I know of technology and of human behavior (having studied both professionally; I am trained as a social scientist from a well-known institution in Cambridge Massachusetts but have spent most of my recent adult life in technology; I was in the Army signal corps before that). This is just a charitable effort on my part. I am not selling anything. My apologies for the personal discussion which I would not ordinarily go into, but it is germane here so you all can understand I have no vested interest in pushing software or hardware. This effort is completely unrelated to my life work except in the sense that I am a spam victim. Like you said, you need everybody to jump at the same time. Unfortunately, there is almost zero chance of that happening It's up to you people on this list, not me. This is the medicine; if you want to get well, take it. that IPv6 will ever replace IPv4 (at least until we truly run out of address space...which is looking less likely with time). To ostracize those who disagree by lableing them abuse-supporters is to diminish your chances even further. You'll end up with an island of purity in the middle of an ocean of pollution...and the cumulative process will end quickly when your customers come to your NOC with pitchforks and shotguns. In the end, we're here to serve the customer, not the other way around. There are lots of well-run networks that don't accept inbound spam and don't enable outgoing spam. Their customers are happy and they are making money. The firms bankrupt or circling the drain are the ones with dishonest managements who committed financial fraud and/or ramped their shares based on revenue streams from spammers, like .. whoops! I almost said it again, sorry, I got spanked last time for mentioning the industry's leading US spam-enabler. Remember, it's a fine line. The network operators don't advocate abuse; Some do and gain lots of revenue from it. See the sad truth at www.camblab.com/nugget/spam_03.pdf the business end of cash-desperate networks are the driving force in this industry, not us. You have elegantly stated the Environmental Polluter business model: internalize the revenue streams from the customers, and externalize the losses imposed by spam-enabling actions and negligence. GE used to work on that business model. They are no longer dumping effluents into the ground in Pittsfield Mass. This could happen to the Internet! (with your help--go for it!) Kind regards to all Jeffrey Race
Re: [Re: Abstract of proposed Internet Draft for Best Current Practice (please comment)]
Thank you Josh, please see inline comments which let me clarify points On Thu, 06 Mar 2003 13:17:35 -0500, Joshua Smith wrote: is there a forthcoming section on criterium for demonstrating reformation by the sp and/or 'offending' user? The criterion is stated: no more complaints the proposal does not take in to account the global differences in sp business models or ideals. are the same standards to be applied to developing countries, or will they have a less rigorous set of criteria, a la current environment policies? The Internet is worldwide so the same behavioral standard should apply, just as do the same technical standards. An RFC-compliant SMTP message is the same at every point on the compass if there were 1000 compromised nodes that took place in a ddos, would you accept the larger dos caused by blacklisting those networks/hosts? The only get blacklisted until they fix their spew. Could take a couple of hours. First step is RTFM which most don't. how long would the sp's be expected to shoulder the 'collateral damage' caused by the blacklisting (see first question)? They'd be expected to be blacklisted until they ceased being a danger to the internet, just as dangerous planes aren't allowed to take off until they pass the inspection checklist, and bad risks can't borrow money until they develop sound financial behavior. Same principle. suppose that the next day, 500 nodes took place in another ddos, the policy imposed dos becomes even larger. a skillful hacker could potentially cause a larger, and longer lasting dos. Sounds like a good reason to get going on the problem. legislating morality does not work (think of the 'drug war' in america). you cannot correct social ills with a purely technical solution. Well I don't understand the relevance of the above comment. I propose no legislation and indeed specifically state that legislation is useless and unnecessary. I also say this is not a technical solution. All technical solutions will fail, always, because the spammers are as smart as the anti- spammers but more motivated. This is a behavioral solution. It is the only one that will work. Everything else will fail. Jeffrey Race