On 2/16/19 8:50 AM, David Niklas wrote:
My context was not that email servers were so unique to the internet that there is only one in the world, rather that they were sufficiently few that a failure of one, such as VFEmail, is a major problem for a lot of people.
That is a decidedly different problem than what usually considered SPOF.
My email is affected, just not all gone. I still can't send or receive emails from my accounts.
I'm sorry that you (and others) were effected.
Your email is unaffected. But your email and a lot of others is on gmail and if they suffered the same attack then that would show that gmail is a SPOF, just like VFEmail.
My email is decidedly not on Gmail. Seeing as how I run my own email infrastructure, I'm not effected by anybody's actions by my own (or someone that hacks me and pretends to be me). VFEmail, Gmail, Yahoo, etc can all have failures and my email, along with the hundreds of thousands of other email servers, will not be effected.
I also know for a fact that it would be EXTREMELY DIFFICULT, if not actually impossible, for the same type of attack to happen to Gmail. Between the infrastructure, number and type of backups, and monitoring, such an attack would be EXTREMELY DIFFICULT to conduct against to Gmail.
I don't understand why this is confusing. I've listened to many talks on distributed systems, such as freenet, and they always mention that they want no SPOF and then go on to list servers, just like gmail and VFEmail as a SPOF.
The /desire/ to avoid a SPOF is independent of what actually exists.It's somewhat easy to shard different parts of an email service across multiple separate / discrete pieces of infrastructure, such that the blast radius of a catastrophic failure in one part has little to no effect on another part. But that's complex to do and requires people that are very good at what they do. Even then, it's possible, all be it difficult, to turn a portion of the infrastructure into a crater. It's just a matter of how much that portion impacts.
Thus why I asked you earlier, "how were distributed email systems designed with no single point of failure?" How do you design an email system that doesn't have any single points that impact everything. Even if your infrastructure is highly redundant, and highly distributed, you still end up with a dependency on the domain name that is common across it.
Sure, DNS infrastructure can be made highly redundant. But that's functionally serving the same (single for the sake of this discussion) name. Then there is the registrar and DNS infrastructure above that, which are largely SPOF against a sufficiently motivated attacker.
Sure, you could arrange Business-to-Business partner relationship with big email players such that they know how to route to you without using DNS. But that's … fragile … and requires a LOT of work. Plus, it doesn't scale to Internet size.
There are a LOT of things that can be done to minimize and / or contain the blast. But there is still a blast radius and thing in it will be effected.
So … Pray tell, how were distributed email systems (historically) designed with no single point of failure (like I have outlined herein)?
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
