-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sat, 16 Feb 2019 10:50:58 -0700 Grant Taylor <gtay...@tnetconsulting.net> wrote:
> On 2/16/19 8:50 AM, David Niklas wrote: > > My context was not that email servers were so unique to the internet > > > that there is only one in the world, rather that they were > > > sufficiently > > few that a failure of one, such as VFEmail, is a major problem for a > > > lot of people. > > That is a decidedly different problem than what usually considered SPOF. > > > My email is affected, just not all gone. I still can't send or > > receive > emails from my accounts. > > I'm sorry that you (and others) were effected. > > > Your email is unaffected. But your email and a lot of others is on > > gmai > l > and if they suffered the same attack then that would show that > gmail is > > a SPOF, just like VFEmail. > > My email is decidedly not on Gmail. Seeing as how I run my own email > infrastructure, I'm not effected by anybody's actions by my own (or > someone that hacks me and pretends to be me). VFEmail, Gmail, Yahoo, > etc can all have failures and my email, along with the hundreds of > thousands of other email servers, will not be effected. > > I also know for a fact that it would be EXTREMELY DIFFICULT, if not > actually impossible, for the same type of attack to happen to Gmail. > Between the infrastructure, number and type of backups, and monitoring, > such an attack would be EXTREMELY DIFFICULT to conduct against to Gmail. > > > I don't understand why this is confusing. I've listened to many talks > > > on distributed systems, such as freenet, and they always mention > > > that > they want no SPOF and then go on to list servers, just like > > > gmail and > VFEmail as a SPOF. > > The /desire/ to avoid a SPOF is independent of what actually exists. > > It's somewhat easy to shard different parts of an email service across > multiple separate / discrete pieces of infrastructure, such that the > blast radius of a catastrophic failure in one part has little to no > effect on another part. But that's complex to do and requires people > that are very good at what they do. Even then, it's possible, all be > it difficult, to turn a portion of the infrastructure into a crater. > It's just a matter of how much that portion impacts. > > Thus why I asked you earlier, "how were distributed email systems > designed with no single point of failure?" How do you design an email > system that doesn't have any single points that impact everything. > Even if your infrastructure is highly redundant, and highly > distributed, you still end up with a dependency on the domain name that > is common across it. > > Sure, DNS infrastructure can be made highly redundant. But that's > functionally serving the same (single for the sake of this discussion) > name. Then there is the registrar and DNS infrastructure above that, > which are largely SPOF against a sufficiently motivated attacker. > > Sure, you could arrange Business-to-Business partner relationship with > big email players such that they know how to route to you without using > DNS. But that's … fragile … and requires a LOT of work. Plus, it > doesn't scale to Internet size. > > There are a LOT of things that can be done to minimize and / or contain > the blast. But there is still a blast radius and thing in it will be > effected. > > So … Pray tell, how were distributed email systems (historically) > designed with no single point of failure (like I have outlined herein)? Under those conditions even so much as cutting the (plastic) internet cable would be all that is needed to preform a SPOF against what I proposed. It is, therefore, unrealistic for me to define a distributed email system as not having a SPOF with respect to your definition herein. My understanding would be more of a "contain the blast" method. And I still am of the opinion that it would do a better job than is currently being employed, at a fraction of the cost (esp. cost to user privacy). Please note, however, that individuals normally have IPs, not DNS names, so that cuts off a main route of attack. Sincerely, David -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEL2N7+xWmVOJDQxWGm3XCrhg2YP8FAlxow0YACgkQm3XCrhg2 YP+HQg/+LcVody5yryzDIjFJqgmL7Jm9hRv3OMdfwiwADYHF75bQwCurHzl8i3JP qWB8EsisXOTyHC1WMltu2RfK4kXstUtwWYhWjUjzDMvEqGI05FCcDjz0FlebIeIx loQFiP17HOLCN+iWMsUu16xqnVSxk+lpEnpt9HEJNpFBOJ6lWRL4gO8xgAyOP/Fi yrItHRBuSnXS4YPm4Q0wGTYCKRAa5TqPzWoIzQm/eTvTKGxUMH2fKlXqbKbKOjT+ hO+glrHMipXC+DAA0HER5Juj0rGMeUMq29yXg3PlWnjgikj3lgYXtbUkVaSYH6so +wT38DzzpxLG50m6w3CBD+laIsljq3IgY3RPi5M/3+InR4DRAMmwwHFMvx767pnI 8c3SeUtbimSYQBRPcSwQKhV8H4zURONPiUtVZr9jteOe5cQVeBU6ONVHzq2PNobz Y9dcUbnIhgJOmUnMHPx91obumN8RZxbkLFfvNTHzgRn5rI6Gib/DpcEvh1Odsfh1 algt3DFWu5IeOvtpG/hLP5WevS0R8/brlu8Q5VIkobtPnVSoStqO1hYoN2nWXMHP XgiozNGZCnw+9pVocLuYO+LiGmt1dVvNvKKgBdjmZrjtFfqOBnahx33+jYrI5vQP PF6ATzt9N7IrjZoc7AcTZCHIeAV/rNfHCGsTFBFxourbc5RUHrU= =iYyS -----END PGP SIGNATURE-----
