RE: botnets: web servers, end-systems and Vint Cerf [LONG, sorry]

I look forward to your paper on "the end to end concept, and
why it doesn't
apply to email" :wink:

Clearly the answer is that it never has applied to email in the pasts.
Hosts don't email each other, people do. People have always relied on
Internet postmaster services to enable Internet email. Given that we
have already thrown out the end-to-end concept from day one, why must we
maintain such a brain-dead flat architecture. People who wanted the
end-to-end concept used to use "talk" on UNIX and Windows popup messages
until recently. Now, even those people have shifted to a hierarchical
architecture of instant-messaging servers.

I'm not convinced there is an email architecture problem of
relevance to the
discussion. People mistake a security problem for its most
visible symptoms.

There is more than one security problem here. A well-thought-out email
architecture will only address one of those security problems.

The SMTP based email system has many faults, but it seems
only mildly stressed
under the onslaught of millions of hosts attempting to
subvert it.

It depends where you measure that stress. The decline of Internet email
mindshare in favour of IM and Web forums indicates to me that it is
severely stressed at the user level.

We may need a trust system to deal with identity within the
existing email


but I see no reason why that need be
hierarchical, indeed
attempts to build such hierarchical systems have often failed
to gather a
critical mass, but peer to peer trust systems have worked
fine for decades
for highly sensitive types of data.

Peer-to-peer is a form of hierarchy. If you decide to trust X, Y, and Z
and also trust all the hosts that X, Y and Z trust, then you have a
trust hierarchy carved out of the peer-to-peer space. So if I trust AOL,
Earthlink and Verizon, and I also trust all those trusted by these
three, then you can't talk to my mail server until you arrange trust
with me, or with one of the three trusted mail systems. Fact is that the
email architecture does not include any form of trust and things like
Sender-ID and DKIM are only bandaids that don't solve the problem and
introduce additional insecurities.

Additionally, if we can introduce hierarchy into the mail flow, we also
introduce points at which cost-based models of spam prevention can be
tried. If you can pay a penny a message to guarantee that your mail gets
delivered quickly, bypassing any spam-filtering checkpoints, then that
is something that the majority of users would buy into and the money
provides grease for the wheels of the system, making it worthwhile to do
things like set up an email peering agreement.

Let's face it, the Internet of the early 90's is gone. It won't be
coming back either. The challenge now is to operate a network that is
capable of being *THE* global communications infrastructure. If the
public Internet doesn't adapt to this job, then other networks will
leverage the IETF's technology to do so.

--Michael Dillon

I look forward to your paper on "the end to end concept, and
why it doesn't
apply to email" :wink:

I think the problem here is that people invoke something they think of as 'the end-to-end principle', but actually isn't.

from <;:

In what way is IM hierarchial? The commercial IM systems have a star
topology with a tightly controlled core and basically no inter-domain
federation, so I don't know why you claim they are hierarchial.
Jabber/XMPP has a mesh-of-stars topology which is the same as email's
modulo some simplifications (mainly owing to the lack of forwarding).

ISTR that you were arguing in favour of a chain-of-trust system for email
back in November on the IETF list. I pointed out that the architecture you
are proposing is essentially the same as inter-domain routing (IP & BGP)
and Usenet, and you failed to explain how your ideas would solve the
unwanted traffic problem for email given that the same architecture
doesn't solve the unwanted traffic problem for IP or NNTP.