From owner-freebsd-chat Sat Jan 16 16:43:36 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA14304 for freebsd-chat-outgoing; Sat, 16 Jan 1999 16:43:36 -0800 (PST) (envelope-from owner-freebsd-chat@FreeBSD.ORG) Received: from fep2-orange.clear.net.nz (fep2-orange.clear.net.nz [203.97.32.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA14299 for ; Sat, 16 Jan 1999 16:43:34 -0800 (PST) (envelope-from jabley@buddha.clear.net.nz) Received: from buddha.clear.net.nz (buddha.clear.net.nz [192.168.24.106]) by fep2-orange.clear.net.nz (1.5/1.9) with ESMTP id NAA19798; Sun, 17 Jan 1999 13:42:50 +1300 (NZDT) Received: (from jabley@localhost) by buddha.clear.net.nz (8.9.2/8.9.1) id NAA01956; Sun, 17 Jan 1999 13:42:49 +1300 (NZDT) (envelope-from jabley) Date: Sun, 17 Jan 1999 13:42:49 +1300 From: Joe Abley To: Jim Bryant Cc: jal@ThirdAge.com, freebsd-chat@FreeBSD.ORG, dennis.moore@mail.house.gov, tlambert@primenet.com, jabley@clear.co.nz Subject: Re: Forward all spam to UCE@FTC.GOV [please take to -chat] Message-ID: <19990117134249.B1870@clear.co.nz> References: <19990117020152.A812@clear.co.nz> <199901162259.QAA28290@unix.tfs.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95i In-Reply-To: <199901162259.QAA28290@unix.tfs.net>; from Jim Bryant on Sat, Jan 16, 1999 at 04:59:07PM -0600 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Jan 16, 1999 at 04:59:07PM -0600, Jim Bryant wrote: > > [snip!] > > because you are not american, you probably do not understand the > meaning of what was said. And whoever suggested that Americans were arrogant? :) > [snip!] > > > (b) that there is a conceivable mechanism for enforcing any law outlawing > > UCE > > i believe i already mentioned that there are federal laws in place > here concerning private property issues. the penalties are in place. > > the methods of enforcement are many. but talk of the methods can > happen later, we have more immediate problems here like overturning an > unconstitutional law that allows them to invade our property. The methods of evading enforcement are also many. I understand your point that a law, no matter how ineffectual in practice, can act as a deterrant. However, I am far from convinced that this will make any practical difference to the amount of spam that flows around - anonyminity is too easy to come by on the net. > > 3. Implement a technical solution based on end-to-end signatures and/or > > cryptography, so that unsolicited mail will never be accepted. This would > > effectively make spam pointless, since the target audience is removed. > > terry used this argument. > > such a solution would require standardization, many years to > implement, as well as the finding unconstitutional of our current law > based on property rights issues. to do this before such a ruling > would result in massive restraint of trade lawsuits that could only be > defended by using the private property case and making the current law > unconstitutional. You are making an assumption that what is needed is radically different from what we have today. In fact, we already have 90% of what we need to accomplish this. Nobody needs to supplant SMTP - that's why I talked about end-to-end signatures. As far as rolling out new protocols, the reality is that all it would take to make 90% of the internet immune to spam is for Microsoft and the other major suppliers of client e-mail software to release a version which checked signatures before accepting mail. You also need a coherent global directory for signatures. Several approaches have been well documented (including those based on the DNS). There is no reason to suppose that one of these could not be rolled out very quickly with suitable encouragement from mail client suppliers. > how long will it be before a way is found around this solution by > spammers? once they do that, we are back where we started. they have > found ways around everything else we can throw at them. The answer to that question has a mathemetical solution. It is always possible that a one-way cryptographic hash function will be compromised; however I would submit that a technical solution still has a far better chance of affecting the reality of the solution than a regional legal one. > i also believe that implementation on a national scale would also be > more expensive than a legal solution with adequate enforcement methods > and budgets. it would be totally ineffective to do this unless it was > mandated by law, see my argument concerning why we have the current > problems because of "voluntary self-regulation" and the lack of anyone > volunteering to do it effectively. Does most of the living, breathing world use Microsoft operating systems by force of law? No - they use them by force of marketing. If Microsoft popularise and market a cryptographic mail interface within the OS there is every reason to think that the uptake would be swift. After all, who would have thought that people would bother with the effort of upgrading to windows 98 from 95, given the rather slim change in functionality involved? You underestimate peoples' desire to stay current. > where there is no legal or financial incentive for change, change does > not happen. CIDR, VLSM and corresponding practices in IP address allocation? There was no legal mandate for that - just a technical problem and a technical solution. > [snip!] > > that's why we build courthouses and prisons. that's why you build > courthouses and prisons. how did your country get it's start? [i'm > not attempting to bash your country by saying that, i think aussies > are great people, i'm just making a point] Grr - I am from New Zealand. Buy an atlas. > [snip!] > > i'm still waiting for IPv6.... Well? When?! http://www.6bone.net/ - there are networks in 30-40 countries now participating in the first global rollout of IPv6, and the 6bone is fast becoming much less a developers' playpen than a production network. There is content today that is not reachable from an IPv4 connected machine. > i predict that full implementation of IPv6 on a global scale will take > many years, and will be fought every step of the way by criminals with > a lot of money that don't want to be easily traced every time they > commit a criminal act. how far off is this from the truth? Pretty far, I think. Why do you think IPv6 helps trace criminal activity? > [snip!] > > Private property laws can easily be extended to the internet, and to > do so is merely the natural progression of those laws into today's > way of life and conducting business. What existing private property law (or treaty) covers the abuse of property owned by a foreign national, in her own country, when the perpetrator committed his abuse from outside the victim's borders, without ever making personal contact with the victim, or physical contact with the victim's property? Especially if the perpetrator cannot physically be found? > If Denial of Service [DoS] attacks can be made illegal and enforced > against, so can spam. True. Although in most cases there is no way to even trace the source of a DoS attack where the source address has been effectively spoofed, never mind enforce against them. > [snip!] > > back then if a country was causing a problem, all we had to do was > flip a switch on a single line card, and they were off of the net for > the duration. Perhaps the rest of the world should take this approach with the US? ;) After all, the US represents a minority in userbase and content compared with the rest of the global network... > [snip! snip! snip!] > > i'm surprised to find so much opposition to helping a government > agency in it's constitutional duties from the americans on this > mailing list. kind of hypocritical i think, in light of the fact that > the majority of people propagating the "self-regulation" sophistry > seem to be talking so much about "constitutional duties", upholding > the law, and such, these days. I think the issue is that nobody really believes that the government department in question is (or can, practically) do anything with the messages they receive apart from count them. The mechanism for counting you are a proponent of is very inefficient, and if globally followed would double the wasted bandwidth on the network due to spam. How does this help the problem? > [snip!] > > we wouldn't need locks, security systems, laws, enforcement, drug > sniffers, bomb sniffers, nuclear/biological/chemical warfare & > terrorism response teams, domestic terrorism task forces, > international terrorism task forces, technological crimes task forces, > courthouses, jails, prisons, death penalties, guns, police, FBI, CIA, > Secret Serice, NSA, armies, navies, air forces, marines, nukes, ad > nausium... and neither would any other country. We don't need (or have) most of the items on this list. Perhaps, again, you are confusing reality with a US-centric world-view? Speaking of reality, I post to a number of lists and newsgroups without disguising my real e-mail address. My correct e-mail address is in the RIPE, APNIC, ARIN and InterNIC databases. I was, until my previous employer got their act together and finally changed the records, technical and/or administrative contact for about 2000 domains. I get about 80 to 100 non-list e-mails on an average day - e-mails addressed to me, requiring my attention. On average I get about 3 or 4 UCEs, which I relay back to providers via abuse.net. The most I have ever got was about 15, but that was pretty unusual. This just isn't a big problem for me. If it was, I would apply mail filters to organise the disposal of spam automatically. In fact, the telemarketers who call my phone at home are a much bigger problem, and I only get three-four of those per week. If it's not a problem for me, given the distribution of my e-mail address in newsgroups and public databases around the world, who _is_ it a problem for? > WELCOME TO REALITY. Hi. Nice to be here. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message