Re: [idn] Re: 7 bits forever!
[EMAIL PROTECTED] writes: you could *NOT* trust that all the systems between here and there were 8-bit-clean there were a *LARGE* number of systems that broke badly if they were handed 8 bit data. Let's look at the facts. John Klensin claimed in an ietf-smtp message dated 26 Feb 91 08:40:04-EST that there were mail servers ``not robust against that particular form of misbehavior.'' Robert Ullmann publicly asked for proof of this claim. Klensin dodged the question. Similarly, Keith Moore claimed in a comp.mail.mime message, message ID [EMAIL PROTECTED], that ``core-dumping was a commonly observed failure mode in the early 1990s.'' I publicly asked for proof of this claim. Moore dodged the question. Mail servers discarding characters? Yes. Mail servers stripping the 8th bit? Yes. Mail servers crashing? Not a single shred of evidence. Similarly, expanding from mail to all protocols: Rick Wesson claimed in an IDN WG message dated Sun, 24 Dec 2000 16:44:39 -0800 that ``there is a lot of embedded systems out there that would crash-and-burn if they received a reply in utf8.'' I asked for proof: Can you please identify the systems, explain how they use domain names, and say what exactly you mean by ``crash-and-burn''? We need this information if we're going to accurately assess the cost of upgrading the world to support IDNs. Naturally, Wesson dodged the question. I will readily agree that there has been an unverified report of a UTF-8 crash of an obsolete version of the Netscape mailer under Solaris. If that report is accurate then those users will have to upgrade. BIND, which by default restricts it [ ... ] Why does it get restricted? [ bogus rationalization snipped ] The actual history, as I mentioned in another message, is as follows. People discovered several years ago that sendmail would blindly feed DNS PTR results to the shell, so attackers could take over the computer by putting some special characters, such as |, into PTR records. The BIND people panicked and disabled all non-letter-digit-hyphen characters at every spot they could think of in their DNS client library. This isn't an 8-bit issue; it does just as much damage to underscores. I totally agree on what DJ Bernstein said, I have been look for proofs everywhere to see how 8bit characters can crash-and-burn things, but wasnt sucessful in finding any proof. Core-dumping is the result of bad software design, and not from 8bit chars, if you claims that 8bit chars will crash certain software, why? because you haven't allocate enough memory for the variables that will be fed with 8bits, but I cannot find a variable type that represents 7bits and 8bits differently, char? short? maybe on some VERY VERY LEGACY system there maybe?! If attackers found ways of using 8bits to crash systems or gain control of systems, that is usual because hackers and attackers exploit security holes in softwares, and it should be considered as a security hole and not an IDN problem!! Moreover it should be the issues of FBI and the law enforcers and not the issues of using IDN as 8bit or not...; Let's take as an example the native language encoding of my name: From: Valdis Kl=?iso8859-4?Q?=BA?=tnieks [EMAIL PROTECTED] Wow. How do you pronounce that? ``Hi, I'm Valdis Klee-kwals-question- mark-iso-eighty-eight-fifty-nine-dash-four-question-mark-kyoo-question- mark-equals-bah-question-mark-equal-stun-ieks''? Have you considered changing your name? In all seriousness: Wouldn't you like to see a world where the same character encoding is used for the name and the address and the message body and so on, so that simple copying doesn't screw up the display? 100% agree why can't we use 8bits with new ESMTP commands and MIME header that retains the names as is!! David Leung Chief Technology Officer Neteka Inc. T: (416) 971-4302 http://w!.neteka.com
Re: [idn] Re: 7 bits forever!
if you can somehow figure out a way for anybody to type in a mailbox in any language on any keyboard, you can solve the i18n mailbox problem. Certainly backwards-compatible access methods should be defined for the mailbox names, just as they are necessary for the domain name. Why do we have to be able to type the mailbox in any language on any keyboard? For myself, I have two email address one chinese and one english, if I want to send email to the chinese I will use my chinese one that better represents my name, and if I send email to english only people I will use the english one... No one is required to initiate an email to a people using their i18n email address, just like if you don't speak Japanese why try to talk to the Japanese with Japanese?! i18n email address is only for people that their native language is not english to represents their name better in their own community!! Or else I think this IDN problem will eventually need everyone to go back to language schools to learn every language in teh world : until then, there's very marginal value in replacing SMTP. even then, it would probably be easier to upgrade SMTP than to replace it. I think that depends on the approach. If we are only allowed to think of ways to extend the current model into new territory while preserving 100% backwards compatibility, we can abort right now. If instead we try to build a new mail system that provides backwards compatibility ONLY when communicating with a legacy system, it is much more feasible. For example, let's say that a new message-transfer service is defined that uses a new message structure, so that the e2e issues can really be dealt with properly. In the new environement, perhaps the protocol only exchanges multipart/container entities, and these have subordinate parts of message/trace, message/headers and message/body, while ~From and ~To and other 822-like headers are stored in the message/headers entity. Mapping this to a legacy system is straightforward in principle: if the new transport is not available on the destination, have the agent combine portions of the message/headers entity with portions of the message/trace entity, perform whatever conversions are needed, and then send the message/body part over SMTP (possibly performing additional conversions such as line-folding or base64). So, yes, we still have to coexist with legacy systems, but 100% compatiblity at all times is no longer the root design objective. By redefining the design criteria, we are liberated from the design constraints that are imposed by SMTP. I totally agree on this too!! I think adding ESMTP commands and new MIME headers can 100% achieve this, by allow compliant new mail systems to be able to handle 8bits and for existing mail systems it will be able to fallback to ACE for transport(SMTP, etc) but still maintains the MIME header as displayable 8bits, this will serve both the future and backward compatibility. David Leung Chief Technology Officer Neteka Inc. T: (416) 971-4302 http://w!.neteka.com
Re: [idn] Re: 7 bits forever!
That's right Reply All means the email program will Reply All for you, so why do you need to type the i18n email address by yourself with your keyboard!! : ) BTW, I am always seeing your email as an attachment... is this the same for other in the mailing list? If so Valdis can you please fix the way how you send out email first : David Leung Chief Technology Officer Neteka Inc. T: (416) 971-4302 http://w!.neteka.com - Original Message - From: [EMAIL PROTECTED] To: David Leung (Neteka Inc.) [EMAIL PROTECTED] Cc: Eric A. Hall [EMAIL PROTECTED]; Keith Moore [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, March 22, 2002 4:06 PM Subject: Re: [idn] Re: 7 bits forever!
Re: [idn] Re: 7 bits forever!
On Fri, 22 Mar 2002 16:24:29 EST, David Leung (Neteka Inc.) said: That's right Reply All means the email program will Reply All for you, so why do you need to type the i18n email address by yourself with your keyboard!! : ) I don't need to *type* the Chinese address. But if my MUA and MTA can't even *find* the Chinese address, that causes much Very Bad JuJu. Well I thought I was talking about the needs of user to user their KEYBOARD to TYPE in i18n email, and not the MUA or MTA being able to send or transport the mail properly to the designate mailbox... I though this discussion was started because some one said there will be a need for users to have KEYBOARDS capable to type in all languages in order to use i18n email, and I never said all MUA and MTA can transport or deliver those email properly, if you see my other posting on this list you will see that I mentioned that in order to make i18n email to work there MUST be a protocol change on SMTP and also MIME header changes... I never said that all MUA and MTA in the world will MAGICALLY work : BTW, I am always seeing your email as an attachment... is this the same for other in the mailing list? If so Valdis can you please fix the way how you send out email first : RFC2440. It's even a Proposed Standard. If it's causing interoperability problems, something probably needs to be done. I suspect if the *main* text/plain is being flagged as an attachment, your MUA doesn't have even minimal support for RFC1847 multipart/signed and is downgrading to multipart/mixed. The MUA that I am using is just Outlook... I dont need to built my own MUA to read email : ) David Leung Chief Technology Officer Neteka Inc. T: (416) 971-4302 http://w!.neteka.com
Re: [idn] Re: 7 bits forever! [X-idn]
BTW, I am always seeing your email as an attachment... is this the same for other in the mailing list? If so Valdis can you please fix the way how you send out email first : David Leung Chief Technology Officer Neteka Inc. T: (416) 971-4302 http://w!.neteka.com David: What you are receiving from Valdis Kletnieks is a PGP signature block (see below). Some people don't realize that their email appears on the receiving-end as attachments. For example, from just this morning email, I have three unknown documents (Untitled, Untitled 1, Untitled 2) on my computer that I have to delete from this exchange. I would like to know how to stop this, but I am sure in doing so, I would also be forced to stop all attachments -- which I don't want. tedd --- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQE8m4glcC3lWbTT17ARAhbHAKD+M2foqVF7TZTSKLZyO2vr8+O1hwCg3iE4 yT7bNEEooRzOqI6AaOC7Cm4= =1jnx -END PGP SIGNATURE- -- http://sperling.com
Re: Guidance for spam-control on IETF mailing lists
I tend to agree with Mr. Touch, Spam is definned by content. However, the content complying with SPAM comes from a small list of people. People, who are, in general, not signed up for the IETF mailings. By placing a guard on the incoming lists, restricting incoming mail to those individuals/organizations/corporations/etc. that recieve messages sent to the IETF lists, Then, by moderating the lists to these users who comply with the morals of the IETF, we can eliminate spam to a near virtual zero. This is one simple, but effective method of controlling spam. My opinion: this, and a combination of filters, would eliminate SPAM. Cheers, Don McMorris, Chief Network Operator, Ospitare Intl. --- James M Galvin [EMAIL PROTECTED] wrote: On Sat, 16 Mar 2002, Joe Touch wrote: The main issue here is about the rule for the filter. We all want less spam. The difference is: - to me, spam is defined by content - to you, spam is defined by user and assumes a correlation between user and content I almost agree with your distinction but I want to make one clarification. To me, it's not that spam is defined by user, it's that non-spam is defined by user. What this means from an implementation point of view is that non-spam is almost trivial to configure and then more or less runs itself, or at least distributes the management to the subscribers. Thus the cost-benefit ratio for this particular spam control mechanism is negligible from the point of view of the *volunteer* list host. We have to remember that the bulk of IETF mailing lists are hosted and managed by volunteers. All mechanisms other than correlation by user have a labor intensive component. Such mechanisms are not excluded but they are impractical for volunteers. While I agree that user ease is of paramount concern, I do not believe it is a priority concern considering how the IETF as an organization manages its mailing lists. Now, if you want to talk about centralizing the management of the IETF lists, then the priority concern issues can be different. Jim __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards® http://movies.yahoo.com/
Re: [idn] Re: 7 bits forever!
I get his messages as properly signed PGP attachments. Seems like your mail user agent is having trouble with it. Might I suggest an upgrade to a more clueful mail client? Personally, I use mutt (http://www.mutt.org) -Dave On Friday, 22 Mar 2002, David Leung (Neteka Inc.) wrote: That's right Reply All means the email program will Reply All for you, so why do you need to type the i18n email address by yourself with your keyboard!! : ) BTW, I am always seeing your email as an attachment... is this the same for other in the mailing list? If so Valdis can you please fix the way how you send out email first : David Leung Chief Technology Officer Neteka Inc. T: (416) 971-4302 http://w!.neteka.com - Original Message - From: [EMAIL PROTECTED] To: David Leung (Neteka Inc.) [EMAIL PROTECTED] Cc: Eric A. Hall [EMAIL PROTECTED]; Keith Moore [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, March 22, 2002 4:06 PM Subject: Re: [idn] Re: 7 bits forever! -- David Frascone Famous last words - Don't worry, I can handle it.
RE: It's war, folks --- SSSCA formally introduced
Why... We're the U.S., of course we can just DECIDE to control whatever we want. This is why all of the other countries absolutely LOVE us. Good point, and yes I would like to hear arguments... we're only getting agreement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 23, 2002 12:05 PM To: Julia Finnegan Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: It's war, folks --- SSSCA formally introduced How can a single country legislate that music copying should be stopped. This seems like a over reaction to a small problem. I have not seen anything saying that movie companies are losing money. I do not believe that the issue of pirated Videos/music is as big a problem as is suggested by the media. Certainly in the UK most users have 56Kbps connections, which prevents the downloading of movies, even a MP3 can take a couple of hours. I just wonder what else is actually behind this new potential legislation over copyright. I understand that currently most of this comes out of countries that America has now influence over! Having said all of this I would like to see some sensible debate over this problem and potential solutions. I request this as we are told in the UK that the majority of the VCD's sold add funds to the IRA and other major crime gangs, rather than individuals. Quoting Julia Finnegan [EMAIL PROTECTED]: What he suggests is that this will save our economy. What? More and more businesses and consumers alike are growing more and more reliable on this every single day. There is ALWAYS going to be piracy, just like there will ALWAYS be crime rates. If it's not in digital form, it will be in others forms. It will always exist. To morph the internet so drastically will send our economy on a downward spiral. I agree that his suggestions could ultimately destroy the PC and could also send the Intranet to ruins. Since the majority of us are working in the tech field, of course we're biased but the BIG picture is that of affecting EVERY consumer AND business. This guy didn't even run a spell check. :( Hopefully his lack of thoroughness will only radiate to the rest of his efforts in the matter- even though the larger task is already out of his hands. -Original Message- From: Phil Karn [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 8:00 PM To: [EMAIL PROTECTED] Subject: It's war, folks --- SSSCA formally introduced The story just hit Slashdot -- Senators Hollings, Stevens, Inouye, Breaux, Nelson, and Feinstein have introduced the so-called Consumer Broadband and Digital Television Act of 2002, formerly known to most of us as the SSSCA. The text of Hollings' comments are available here: http://www.politechbot.com/docs/cbdtpa/hollings.cbdtpa.release.032102.html The Slashdot article (with links to other coverage) is here: http://slashdot.org/article.pl?sid=02/03/21/2344228mode=threadtid=103 I cannot overstress the awful implications of this bill if it becomes law. The personal computer, as we know it, will be destroyed. The Internet, as we know it, will be destroyed. Hollings doesn't say that, of course. But all through his statement he claims that there exist technological solutions to the piracy problem. These apparently consist entirely of do not copy bits added to copyrighted materials. The fact that any do-not-copy-bit can be trivially cleared on any personal computer that can be programmed by its user does not seem to have registered yet with the authors of this bill. And when it does, the logical next step will then become obvious to them: the licensing of programmers and/or the prohibition of open source software as too easily modified by end users. And when *that* fails, a total ban on any personal computer that can be programmed by its user. It's time for the IETF, its members and the IAB to react, and react quickly and forcefully. We need to say clearly that there is simply no such thing as an Internet copy prevention technology that can actually work in a world with programmable personal computers. We need to steer policy makers in a different direction, toward watermarking technologies that do not block copies from being made but allows them to be traced after the fact. Yes, effective watermarking is technically difficult, and several have already been broken. But at least it's *possible* to build an effective watermarking scheme without utterly destroying both the personal computer and the Internet. Phil - This mail sent through IMP: http://horde.org/imp/
RE: It's war, folks --- SSSCA formally introduced
How can a single country legislate that music copying should be stopped. Same way we legislated against the drug trade. Of course, it didn't eliminate drugs, but it made the politicans look good, and it provided an excuse for us to use whenever we want to bully a weaker country (i.e., anybody else) into toeing the line. Copyright piracy, like growing drugs, is an business that's relatively easy for a poor country to get into, so the result is that the US provides a market opportunity for people who need money desperately, and then shoots them when they try to take it. Also like the drug war, copyright controls offer the promise of being useful for controlling the domestic population, too. The Constitution guarantees the right to make excerpts from a copyrighted work to comment on it; but the DMCA makes it illegal to develop tools that would make that excerpting possible. Once all published content is copy-protected, public discourse will be locked down. /===\ |John Stracke|Principal Engineer| |[EMAIL PROTECTED] |Incentive Systems, Inc. | |http://www.incentivesystems.com |My opinions are my own. | |===| |Call me a Nervous Nellie, but I am concerned about the sale of| |nuclear arms in my general neighborhood. -- Dave Barry| \===/
Article: Mobile security flaw delivers yet another blow to IPv6
The problems with Mobile IPv6 are frustrating for IPv6 proponents, who view wireless applications as the likely first adopters of IPv6. This frustration was evident at a meeting of the IETF's Mobile IP working group, which was held in Minneapolis on March 22. It's a setback for those who are eager to get IPv6 out there, says Steve Deering, a Cisco engineer who helped design IPv6 and serves on the IETF's Internet Architecture Board. The Mobile IP working group has been working on this since 1991. It's been a long process. Full article at http://www.nwfusion.com/news/2001/0402mobileip.html -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
S. 2048, CBDTPA (was: It's war, folks --- SSSCA formally introduced)
everyone-- Come on, folks. It's time to get our oop in a group. Read section 3. The text of S. 2048 is here: http://www.politechbot.com/docs/cbdtpa/hollings.s2048.032102.html If the CBDTPA passes (not terribly likely, but the possibility exists), then the FCC (the U.S. regulatory commission for radio and wired telecomm industries) will be empowered to determine (among other things) whether the IETF has reached agreement on a security system standard for use in the Internet, and whether that standard meets the requirements of the act. The CBDTPA envisions an Internet composed of hosts and routers that have a great deal of network-layer knowledge about illegitimate uses of copyrighted application-layer data flows. This would be a major break from the Internet architecture. Speaking only on behalf of myself, I'd like to see the IESG be proactive about it all, by quickly approving an informational RFC that basically tells the U.S. Senate that, if they don't like how the Internet works, then they can form their own engineering task force and require American Industry to build one that works the way they think it should. In other words, I think it might help the U.S. Senate to know that they won't have to wait a year for the FCC to make a negative determination according to Section 3.(c), i.e. they can go directly to requiring the vendors and users of digital media devices in the United States to adopt Internet standards of its own making rather than those of the IETF. Let's see how well Congress likes the taste of *that* medicine... -- j h woodyatt [EMAIL PROTECTED]
9/11 Reports
Could someone point me to good papers and presentations about the effect 9/11 had on the network? I'm particularly interested in the congestion levels and how they were geographically distributed. Thanks, Cory Beard
Re: S. 2048, CBDTPA (was: It's war, folks --- SSSCA formally introduced)
On Mon, 25 Mar 2002 12:13:18 PST, james woodyatt [EMAIL PROTECTED] said: In other words, I think it might help the U.S. Senate to know that they won't have to wait a year for the FCC to make a negative determination according to Section 3.(c), i.e. they can go directly to requiring the vendors and users of digital media devices in the United States to adopt Internet standards of its own making rather than those of the IETF. Let's see how well Congress likes the taste of *that* medicine... Oh, they'll love it. You'll get a protocol designed by lobbyists for lobbyists. Let's not find out. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech msg08040/pgp0.pgp Description: PGP signature
Re: 9/11 Reports
there was a session September 11 Impact on the Network : Perspectives from Near Ground Zero in Virtual Internet2 Member Meetings, 2001.10.3(Wed). you can find presentation slides and archived Real/MPEG1 videos at http://www.internet2.edu/activities/html/vimm-networks.html - Hyun-Chul Kim On Mon, Mar 25, 2002 at 02:25:54PM -0600, Beard, Cory wrote: Could someone point me to good papers and presentations about the effect 9/11 had on the network? I'm particularly interested in the congestion levels and how they were geographically distributed. Thanks, Cory Beard -- -- Hyunchul KimE-mail : [EMAIL PROTECTED] System Architecture Lab.Phone : +82-42-869-3554 CS Dept., KAIST, Taejon, 305-701Fax : +82-42-869-5554 South Korea Cellular: 011-285-0064 -- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say 'Daddy, where were you when they took freedom of the press away from the Internet?' --Mike Godwin, Electronic Frontier Foundation --
Re: 9/11 Reports
In message [EMAIL PROTECTED], Bear d, Cory writes: Could someone point me to good papers and presentations about the effect 9/11 had on the network? I'm particularly interested in the congestion levels and how they were geographically distributed. The National Research Council (of the U.S.) is doing a study on that. See http://www4.nationalacademies.org/cpsma/cstb.nsf/web/project_crisisconditions?OpenDocument for details. They haven't written their report yet, but watch that space for updates. --Steve Bellovin, http://www.research.att.com/~smb Full text of Firewalls book now at http://www.wilyhacker.com
