John writes:
In a move that is, overall, unusual given the sell standards to
support the business model, [ISO] have made part of the 3166-1
list (the alpha-2 codes --which are what we use-- and the
short-form country names) available for internal use and
non-commercial purposes online and
Dean writes:
In fact, the 3 most popular browsers, MSIE, Netscape,
and Mozilla, which account for perhaps 90% of the browser
market, do not display Page not found, but take you
to MSN, and Netscape search pages, respectively.
That's easy to turn off, and I do so routinely.
Dan writes:
Proves ICANN is not interested in the integrity of the DNS to have
permitted
this.
ICANN is probably busy trying to find a way to copyright the root domain.
Everyone wants his slice of the unlimited possibilities for manufactured
wealth inherent in IP law.
Nathaniel writes:
Weird things often seem to come in threes. The third IP-related
insanely greedy weirdness for last week involved the Dewey Decimal
system and its current corporate, er, guardians:
http://www.newsday.com/news/nationworld/wire/sns-ap-dewey-decimal-
Valdis writes:
The same week as Verisign's stunt. Coincidence? Maybe
not... ;)
Are there drugs that produce irrational greed?
Dean writes:
However, there is a distinction between mail routing, an MTA
function, and mail submission, an MUA function.
Not in the SMTP protocol.
Dean writes:
No, its not valid for a mail client to make direct
connections.
There is no distinction between a mail client and a mail server in SMTP. It
is perfectly valid for either to deliver mail directly to another SMTP
server.
Dean writes:
I think you have pointed out that this is indeed the function of a mail
server, not a mail client. It is a bug.
SMTP makes no distinction between servers and clients. It's not a bug.
Valdis writes:
Out of curiosity, where did Verisign get the right
to have the advertising monopoly for all the eyeballs
they'll attract with this?
They didn't.
And there's even a way for individuals to stop it: Type an incorrect
spelling for a famous trademark. When Verisign puts up its
Jim writes:
Correct me if I'm wrong, the principle disruption -- and I want to
emphasize disruption here -- I've seen is that a particular spam
indicator no longer works as expected. Is there more to this than that?
You could make many random DNS requests of a DNS server and flush the cache,
Clint writes:
... which means that in many jurisdictions it
would be illegal to call myself an engineer ...
Which ones?
In general, you can call yourself an engineer, a doctor, or even an attorney
legally, as long as you don't qualify the appellation. If you call yourself
a medical doctor,
Didn't the DoD officially adopt Ada about 20 years ago?
- Original Message -
From: Richard Shockey [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, June 14, 2003 02:47
Subject: US Defense Department formally adopts IPv6
Significant news of note..
Vendors must be compliant by
Haren writes:
There was a flaw in IE, although it has been fixed ...
Since it has been fixed, where's the problem?
How can trust IE, it there is some very serious
flaws like this one?
There are very serious flaws in just about all software; I have not
encountered any exceptions outside the
John writes:
This appears to be relatively new.
The policies on shipping certificates with the product or making them
available via MS updates may be recent. The mechanism of handling them in
software has been around for a long time. You can see the certificates in
the Internet options in
Haren writes:
Some CA has sold their private key to get out
of bankruptcy.
Which one?
John writes:
Now, if I read this correctly, there is no
more choice ...
You read incorrectly. Default behavior is not mandatory behavior.
Conversely, if I'm part of an enterprise that
issues its own certs for internal purposes, it
doesn't look as if I can make those certs usable
in the
Paul writes:
i want the digital equivilent of a peephole
in my front door so i can ignore the doorbell
if i don't like what i see.
One of the big problems of spam is that it takes up more than half the total
bandwidth used by e-mail. If you want a peephole, then all spam must still
be
Paul writes:
1. does the ietf as a community generally believe
that provable mutual consent between a sender and
recipient is an achievable (technically) and
desireable (by the global user base) goal?
It's certainly achievable technically, since other protocols already do it.
I
Eric writes:
This sounds quite dangerous a way of thinking to me.
Nothing particularly dangerous about it. Adults seem to readily forget that
they were completely uninterested in sex prior to puberty; things sexual
(including pornography) were nothing more than curiosities that rapidly
became
Dean writes:
Which is still practically nothing, compared to the
bandwidth consumed by http (gifs and jpegs), IM (and
its picture sharing), (legal) movie and MP3
downloads, and other stuff.
I know, which is why I specified e-mail bandwidth specifically. One cannot
say that spam is actually
I hereby request the list management to remove
Anthony's email address from the subscriber list,
so as to not expose the IETF to liability.
Too late ... my incredibly valuable service mark has already been
distributed to the list many times in the headers of my messages. Clearly
this dilutes
Richard writes:
i might add that the CEO of Habeas, Anne Mitchell,
is an actual lawyer.
So? Is she the _only_ lawyer??
There are probably any number of lawyers who would enjoy eating Habeas for
breakfast.
i am not familiar with Anthony's credentials in the
field of law. casually throwing
Valdis writes:
... the biggest question is which spammer (if any)
is willing to risk the lawsuit to find out.
There might be quite a few. It might be easy to have Habeas' claims
invalidated, and it would be worthwhile to spammers to get that out of the
way. Additionally, some organizations
Dave writes:
How do they fail to provide 'globally verifiable
authenticated mail?
Neither is universally supported.
Phillip writes:
IANAL but I don't take the fact that habeas was founded
by a lawyer to indicate that their idea of copyright law
is necessarily enforceable.
Agreed. Probably 95% of all corporations are founded by lawyers. That
doesn't mean that they'll always win in court, or even that they
Marc writes:
Spam can only be fought through a worldwide
police and justice system.
If so, that does not bode well for the future. As far as I can remember,
_nothing_ has been successfully fought worldwide, except perhaps smallpox.
This cannot by achieved by an RFC. Send this
problem to
Paul writes:
if you build a world wide communications
system to make communications easier, It
Will Be Used. by the full spectrum of humanity.
Then logically, the only way to exclude any part of that spectrum is to make
a communications system harder to use. I'm not sure that making things
Haren writes:
My question is how can you trust the CA?
You can't, or at least I cannot really imagine any CA that _everyone in the
world_ would be willing to trust. This alone pretty much invalidates the
idea of using signatures as a way to reduce spam, unless you only wish to
reduce spam in
I'm not sure that I understand what you are asking.
- Original Message -
From: Haren Visavadia [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, June 05, 2003 19:13
Subject: RE: authenticated email
the CA guarantees that the identification information
Verisign's declaimer which is part of the CPS.
This would the CA simply endorses the subscriber's
information. How can you trust a CA with a
disclaimer like this?
You can't.
Furthermore, Verisign already compromised its trust model in the worst way
some time ago when it let a complete
Haren writes:
If SMTP server uses certification authentication
to trace all messages easily. And each mail adds
the SMTP's server's public key and then is
signed by the SMTP on the message, so when you
receive it you know if the signature does not verify
it has been tampered.
This is a
Dan writes:
Regarding a passport mechanism, have you
taken a look at www.habeas.com?
Habeas represents one of the most egregious perversions of trademark and
copyright law that I've ever encountered. Their copyright and trademark
claims are invalid prima facie, and they hope to get their way
Franck writes:
Someone unknown to me send me an e-mail. I do not
receive this e-mail yet but an automatic reply ask
the person to perform a task to authenticate itself...
Like replying to a specific address after reading
the message (something like a simple Turing test to
prove the person
Alexandru writes:
Can't I just create a public key with the Harald's
name and email address and then post to this list
claiming I'm Harald?
Sure, but that wouldn't do much good, because of the way PGP's key
infrastructure works.
See, with PGP, you NEVER trust a key just because it claims to
Alexandru asks:
So the level of trust depends on the number of signatures?
No, it depends on who signed the key. If you trust the people who signed
the key, then by extension, you can trust the key (because presumably
trustworthy individuals would not sign a key if they were not certain that
Terry writes:
In contrast, I suspect that most enterprises use either
Exchange/MAPI or an IMAP-based solution ...
Both solutions are extremely well suited to intracompany or
intraorganizational e-mail systems in relatively homogenous user
environments. I'd always recommend Microsoft Exchange
Michel writes:
In Enterprise networks using GroupWise or Notes
or Exchange, a good 80% to 100% of the clients are
using the client software that pairs with the
server software. So there is a GroupWise client,
a Notes client and there used to be an Exchange
client but now everyone uses
Stephen writes:
Does my signature on this message make you trust
it more than, say, the ten ads you got this morning
for Viagra?
Yes.
Why or why not?
It proves who you are, which means that you expose yourself to a certain
extent in the event that you do anything inappropriate with your
Valdis writes:
Solipsism has no place in protocol design.
Not solipsism. Just a reluctance to believe that you are an official--or
even an unofficial--spokesperson for LSoft.
Granted, but since *your* claim is that most people
don't do any mailing lists, or very few, I'm not
willing to
Tony writes:
Are there other reasons for having authenticated,
time-stamped email? I am sure there are many, but
the first I would like to see is the end to the
designation that a fax is acceptable legal evidence,
while email is not.
Assuming this statement is true (and it seems to be),
You always have the delete key.
- Original Message -
From: Eliot Lear [EMAIL PROTECTED]
To: Stephen Kent [EMAIL PROTECTED]
Cc: Einar Stefferud [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 03:24
Subject: Mailing list or bust (was Spam, nasty exchanges, and the like)
Eric writes:
Should this list be open to ANYbody (any curious/
interested netizen), or limited to proven... well...
specialists? experts?
Maybe we should limit list participation to people who can refrain from
writing entire posts that are nothing more than thinly veiled personal
attacks
Valdis writes:
The guys at LSoft Inc feel otherwise...
The guys at LSoft Inc are welcome to express themselves directly here.
That's *only* for LSoft's Listserv product, and
does *NOT* include all the intranet installs of
Listserv.
Two points: (1) you don't seem to be counting people
Eric writes:
Have you never created e-mail addresses without
ever making them public, and nevertheless note
that you get SPAM anyway?
Not that I can recall.
I did. I created more than one e-mail address
without ever making them public, and though I
note some of them receive SPAM!
Were
Terry writes:
At least one of them is a combination of letters
and numbers that I would have expected to
resist most dictionary spam attacks.
To whom have you sent e-mail from that address?
If they didn't use a dictionary attack, and they didn't harvest the address,
how did they get it?
Valdis writes:
That's one *TALL* order for a useful e-mail address.
Not really. A great many people never use e-mail for anything except
exchanging messages with friends and relatives.
That means that you can't join a mailing list for
(say) cancer survivors, or for people with persian
David writes:
Guessing and trying?
That would require tens of thousands or even millions of bounces for every
successful mailing attempt. I don't think anyone is doing it that way.
Online directory provided by her email provider?
Which e-mail providers are providing online directories? And
Paul writes:
the whole installed base is in incredible pain
right now ...
Oooh ... let's not jump off the deep end here. Spam is a nuisance for most
Internet users, not an incredible pain. It's very important to
distinguish between something that does real damage and something that
merely
Peter writes:
Anthony, please don't take this the wrong way ...
What's the best way to take personal attacks, in your opinion? And what is
your purpose in making them, given that they do not contribute to the
discussion?
Dave writes:
But spammers DO sometimes subscribe to mailing lists,
for the purpose of harvesting addresses.
So? That wouldn't give them the secret strings. The only secret string a
mailing list subscription would provide would be the secret string to send
to the list (if any).
Delete keys are very handy as a traffic-control device.
- Original Message -
From: Schliesser, Benson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 19:07
Subject: RE: The utilitiy of [EMAIL PROTECTED] is at stake here
This is an important topic. However, it's
Eric writes:
First, I sent my mail to the list to make public
apologies for the public insult made to John on
this list.
But you claim that Dean was the author of an insult. How can you apologize
for him? Are you his legal guardian?
Second, the objective of this mail was not to discredit
Paul writes:
The benefits of IMAP are obvious to everyone who has
looked at it in any depth, and yet it is very thinly
deployed. The main reason: the perceived additional
administrative overhead.
A more significant reason, perhaps: IMAP is a solution looking for a
problem, in most cases.
Tony writes:
And that would be because they can't do it in
isolation.
AOL, to cite one example, does a lot of things in isolation. They don't
seem to care if the rest of the Internet goes along, nor do they wait for
any system-wide standards to be put in place before they act unilaterally.
So
Now post the same numbers for the past year, and perhaps some even more
interesting conclusions can be drawn.
- Original Message -
From: Rob Austein [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 20:47
Subject: Last 7 days on the IETF list
Traffic statistics (as
I haven't repeatedly (or at all) defamed anyone.
While I don't recall reading the original posts, you've backquoted text you
wrote yourself in which you cast aspersions upon others, which is
defamation. Speculating that someone lacks experience or that what he has
written is nonsense falls into
Tony writes:
100M users * 1/30hr = 3.3M hours ; and that
happens every day.
Each day contains 100M x 24 = 2400 M hours. 3.3 M hours is thus 1/8 of 1
percent.
I have to adjust my filters at least once a month
to keep the volume down.
I just delete most of it by hand. It's easy enough to
Terry writes:
True enough... but You obviously have no experience...
is *real* close to I think you're stupid.
I did not suggest otherwise.
Valdis writes:
I'm glad that you have such a high-speed connection
that you can connect, download hundreds of messages,
and filter/delete them all in a minute or two.
I have a broadband connection, and my perpetually-open Outlook Express
client checks my e-mail every sixty seconds. So I just
Noel writes:
It *better* be solvable, otherwise when email
becomes 99% spam, everyone will stop reading email.
I wouldn't worry about that. When everyone stops reading e-mail, spam will
disappear again. Remember, spammers only send out spam because people reply
to it. If nobody replies,
Dean writes:
I expect that Type 1 spammers will comply. Some already are.
Of course they will. The whole idea of Type 1 spammers is to provide a way
for you to contact them, anyway, so they have little incentive to hide.
John writes:
In the US, ISPs are not, and never have been
viewed, as common carriers.
I recall a case involving CompuServe in which it was treated at least
partially as a common carrier, not responsible for the content of its
network.
(1) Treatment of publisher or speaker
No
e-mail with or
without spam.
- Original Message -
From: Michael Thomas [EMAIL PROTECTED]
To: Anthony Atkielski [EMAIL PROTECTED]
Cc: IETF Discussion [EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 22:56
Subject: Re: spam
Anthony Atkielski writes:
Noel writes:
It *better
Eliot writes:
From the Internet Worm to Code Red, consumers do
install software when they perceive either a
threat or a benefit.
What percentage of users, even today, have installed fixes for either of
these problems?
What I've found so amusing is that people seem
to upgrade their
Clint writes:
One problem with attaching the secret string
to an email address is how that is done at the
sender's side. I can see email clients automating
the process, which is fine, until a virus comes
along and starts popping off random emails.
Viruses are a separate problem from spam.
Your analogies are flawed. Spam is easy to delete, but bullets are
exceedingly hard to dodge (outside the Matrix), and cigarettes are smoked
voluntarily by the people in whom they produce cancer.
- Original Message -
From: Tomson Eric (Yahoo.fr) [EMAIL PROTECTED]
To: 'Anthony Atkielski
Guys,
Girls aren't included?
Dean Anderson obviously supports and defends SPAM.
No further conversation with him could lead to anything
constructive. Stop feeding the Troll, now.
I tend to find calls to censorship and lynchings suspicious. If you don't
like someone's posts, you don't have
John,
If you are speaking only to John, why do you send your message to an entire
list?
Since I don't think Dean Troll Anderson will do
it, I would like to apologize, in the name of every
honest and decent contributor to this list, for the
insults made against someone that was so deeply
The problem is that it does nothing to address rogue spammers who refuse to
respect the opt-out list.
- Original Message -
From: TABAKIS, ELEAS (AIT) [EMAIL PROTECTED]
To: 'IETF Discussion' [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 02:31
Subject: RE: The utilitiy of IP is at stake
I can't say that I'd favor any solution that requires everyone to pay money
or obtain the approval of some third party before sending e-mail. Any
system that imposes a universal financial burden on all Internet users
and/or effectively allows a third party to censor communication between two
Andy writes:
Look, you've solved the spam problem too!
That's exactly how I deal with it personally, but not everyone finds this an
acceptable solution, so it would be nice to help them look at other options.
Tony writes:
Rather than passing a token, require the mail to
be encrypted with the public key of the recipient.
Public-key encryption of an entire e-mail is extremely processor-intensive.
Even conventional encryption is very time-consuming. You can just hash it
and sign the key.
However,
David writes:
In the USA today, it costs $.37 to send a physical
mail. I don't think it unreasonable for someone
sending me mail to pay a similar fee ...
You can pay me via PayPal. Looking at my inbox, you owe me $1.48 already.
... conversely for me to pay such a fee for each
of my posts
Tony writes:
Which is precisely the goal. It is not so extreme
as to make routine mail unusable, but extreme enough
to make random bulk mail not worth the cost.
Point taken, although I think conventional encryption would probably a
better choice for this purpose.
I think, though, that a more
Dave writes:
The question is what the IETF can or should do
about bad ISP customer policies, when those policies
do not cause operations problems for the rest
of the Internet?
Nothing. While I'm strongly opposed to such restrictive policies at ISPs, I
don't see how they have anything to do
Tony writes:
Not if it simultaneously wants protection from
liability for any content that the customer might
be sending.
Now that I can fully agree with, although it's not an engineering issue.
ISPs that simultaneously want common-carrier protection from liability AND
the ability to finely
David writes:
One model exists in the postal service operated
'by' each country.
Have you really thought through how much this would cost in the Internet
world? It would be a staggering burden, just as it already is for postal
mail.
A large part of what you pay in postage for a letter simply
Valdis writes:
You're welcome to extend your proposal to handle
bootstrapping communications between people who
haven't before ...
There isn't any way to automate this without opening the door to spammers.
... if the whole intent of the secret number
is so I can ignore email without it so
Doug writes:
Do we have to solve *the* spam problem?
I'm beginning to think that it cannot be solved--not technically, and not
legally. One man's spam is another man's legitimate e-mail. It's like
censorship.
The hard problem is how to allow people to be
generally accessible by email, but
Eric writes:
Your response to this point was, and I quote
here: Don't get email on measured rate services,
then. which is a limp way of saying that spam
costs people with these links too much money for
them to use email.
The ability to receive e-mail is not a Constitutional right. Some
Jim writes:
Add Earthlink to the list.
Thus far I've had no trouble sending e-mail to Earthlink.
If a phone company acted like some of these
ISP, we would have situtations like Verizon
blocking all incoming calls from phones in Ohio.
Don't give them any ideas.
In the future, it may become
Tim writes:
Can the discussion now retire to the IRTF
anti-spam list?
Does your computer have a Delete key?
Peter writes:
Do please pay attention, this will all be on the exam.
That's one of my problems. I pay too much attention, and then people get
irritated when I see what they missed.
First, I didn't say explicit authorization.
You didn't have to. See, the applicability of a law is decided in
Russ writes:
So does trying to find the legitimate mail among
a pile of spam.
The difference is that, in the first case, legitimate e-mail is lost,
whereas in the second case, legitimate e-mail is preserved.
It's reality-check time. We're not going to get that,
and the problem is
Right now, there is probably no other greater problem with the Internet than
spam. That sounds more than important enough to justify discussion here.
You can delete any messages that mention spam, if you want.
- Original Message -
From: Keith Moore [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Paul writes:
actually, i can speak for myself, there's no need
to interpret for me.
You may not be saying what you are thinking, however.
i'm calling you a troll because you're urging
people to pay no attention to the costs, to just
hit delete, and to avoid filtering since you claim
that
Paul writes:
you're talking e-mail even after i ripped smtp
from stem to sternum here yesterday. i'm not going
to try to educate you about what smtp is or where
it lives in the grand spectrum of things.
It would also be nice if you would additionally refrain from attacking me
personally
Bryan writes:
Do we expect to resolve anything by continuing
this discussion here at this time?
We don't know if we don't try. Should we just wait for a Presidential
blue-ribbon committee, or a direct-marketing consortium report, or a study
by the Attorney General? Would you rather that
Paul writes:
... the problem isn't deterring spammers or even
preventing abuse, but rather designing a new
interpersonal batch communications system (ibcs?)
which allows a receiving party to accept or reject
inbound traffic with some kind of confidence in
the identity of the sender, the
Russ writes:
If you, like another poster in this thread, are
currently only receiving 5-10 spams a day, congratulations,
you don't have to care yet.
I receive about 300 a day, and that number is increasing very rapidly.
Atul writes:
In short, this should belong in some general purpose
Internet Security Forum discussions.
Spam is not a security issue, just a nuisance.
Tony writes:
In a major example of false positives, we already
have examples of one real cost of spam. AOL (as one
example of many) has declared ranges of IP addresses
marked 'residential' as invalid for running a particular
application.
AOL bounces all of my e-mail, but they are unable to
Tony writes:
I get:
[02] The reason of the delivery failure was:
550-The IP address you are using to connect to AOL is a dynamic
(residential) 550-IP address. AOL will not accept future e-mail
transactions from your 550-IP address until your ISP removes your IP
from its list of dynamic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just in case anyone hasn't already figured it out, I didn't send the
virus-infected message below, as an examination of the original
headers will verify. I suppose people on this list, of all places,
are not likely to be deceived, but I thought I'd
Rick writes:
first of all I don't think this belongs in the IETF forum.
That's what delete keys are for.
It seems relevant to me.
Fred writes:
It seems to me that these two can't both be true.
IP Addresses cannot at once be scarce enough to
charge for and non-scarce enough that scarcity is
a non-issue.
They are becoming scarce in the way that they are managed; they are not yet
scarce in absolute terms (total number of
Eric writes:
The cable companies want to charge per computer
...
Why? Their costs are based on the amount of capacity used, not the number of
computers connected. A transfer volume of 1 GB per month costs the company the
same whether it is carried out by one computer or ten computers.
This is not the place to ask, but the simplest way is to adjust permissions on
the content directories that you wish to protect. IIS will force users
accessing those directories to validate with domain credentials. There are
other ways as well. Your best bet is to ask the question on the
Matt writes:
Have you looked at any of these ISP's contracts?
Just accessing common web-based consumer applications
on a single host violates their letter!
I'm not sure I understand what you mean. Can you provide any examples?
Michael writes:
Families are going toward a telephone per person
with caller id and/or distinctive ring to figure
out who should answer. That sure sounds like NAT
to me!
How so? Are they all using the same telephone number?
They would take a phone number per person, but
someone there
1 - 100 of 177 matches
Mail list logo