On 2003.08.27, Mark Aufflick <[EMAIL PROTECTED]> wrote: > BUT: they are what we have, and random pockets of people arbitrarily > tightening configurations that break a significant number of email servers > without warning or explanation can only harm business productivity and the > reputation of the internet in the minds of business management.
True. However, the changes that these "random pockets of people" such as AOL are making isn't without warning or explanation. Discussion of these kinds of changes have been debated ad nauseum on many different mailing lists. True, it's bad that there aren't press releases to coincide with major mail system changes so that the "general public" knows they're about to be shut out, but ... well, that's life. Sometimes, you just have to deal with it. It's like me, being an East-coast'er where it's still legal to smoke cigarettes in public ... if I travel out to the West coast to California (where it's virtually illegal to smoke anywhere except inside your car or your own home) ... and I smoke a cigarette where I'd expect it to be legal because it's legal in my own home state (i.e., in my own mind) and I get harassed and ticketed (in my mind, unfairly, of course) ... whose fault is it? The government's, because it's not all signposted everywhere you turn that it's not legal to smoke (which would be unnecessary, if I'd been keeping up with the changes in the law) or my fault, for not following current events in the news or other public communication channels? > Given that we are in the crusty situation we are in with email (like, why > the heck isn't there a pervasive digital signature system yet - and no > global corporates are not going to install GnuPG on their machines any time > soon), what is needed is a very long term migration plan to a much better > email replacememnt. something like the IPv6 migration is a good model for > thoroughness and speed and transparency. There's no pervasive digital signature system because the whole "web of trust" model doesn't scale, I think. Centralized signatories -- think of the current SSL Certificate Authorities -- we all see where that went wrong. So, decentralized certification via web of trust will only mean it works if everyone participating has good intentions. If this were the case, then we wouldn't need digital signatures in the first place, so we're kind of hopelessly screwed here. As I said, I think if the change I suggested could make it through the RFC track, then some reference implementations could be developed, then a "public date" of some arbitrary day chosen for folks who want to implement the change to cut over their systems ... that'd be perfectly reasonable. Anyone who isn't aware of the change coming will get screwed: tough. Given enough advance notice, if they don't keep up with stuff, perhaps they shouldn't be in the "running and administrating" technology gig -- as I said, they should be ordinary end-users and insist their ISP provide these value-added services, so they don't have to be concerned with doing it and staying current. (It's these same people who can't be bothered to stay current who also tend not to patch their systems and stay vulnerable to exploits patched over 6 months ago. And we all know how annoying /those/ people's systems are when they get nailed by something like Nimda worm, etc.) -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
