Actual sender authentication ala pgp, is a long solved problem, unrelated to spam, spf or dkim. The solution doesn't require SMTP auth, or spf or dkim, and certainly not the related patents.
I don't know everyone who was part of the "usenix cabal", as they called themselves, but some people were either naive and/or willing to associate with bad people while working on a false problems like spam. Besides the relay abuse, the simultaneous spam sending and blocking by Vixie and Levine, and disingenuously "studying" he problem they were creating, and besides the info theory analysis, there were other signs: Dkim was patented. Vixie tried to take credit for inventing rmx, a predecessor to spf, to name a few that I recall. Indeed, I'd have to say that wasting time on these things delayed adoption of actual solutions and thereby contributed to the rise in phishing in the last 20 years. But the ietf in particular has been marked by 20 some years of failure on important things like IPv6, (delivery promised for 1996) which also traces to the same group of people. "Don't develop ISO! We'll give you something better by 1996", they said in 1992. They didn't deliver the promised new features. Now they basically only have a wider address and some autoconfig that apple perfected in AppleTalk well before 1992. And where did they get? Well, it looks like today in 2015, that IPv6 still has only 1% of market. And they still have no plan B. I guess every router still does Is-is and ISO clns...so maybe we do have plan B... Of course, mobile and fundamental change in compute model might make the problem moot... Oh yeah, mobile is(are) a non-ietf protocol(s)... Wait, WAP was ietf. I suppose that WAP could go in the failure category... Oh yeah, DNS anycast was a disaster that I predicted. 5 years ago, I observed a large financial institution almost lose all DNS service in a cascading anycast failure. I'm struggling right now to think of something the ietf cronies did well, after, say 2003... All of the advances that come to mind are either hardware or changes to compute models. Must be something there from the ietf that I'm not thinking of, I'm sorry. But I guess I didn't miss out on anything at the ietf. Their story is evidenced by their own failure to deliver. They were told of the problems, but they decided they'd rather blacklist the messenger to silence that message than address the problems. That bought them some extra time, but they still failed... Sent from my iPhone > On Jan 14, 2015, at 3:30 PM, Steven M Jones <[email protected]> wrote: > >> On 01/14/2015 09:23 AM, [email protected] wrote: >> That's a flaw in spf, dkim. They don't anticipate forwarding. > > Actually, they do anticipate and work with forwarding - unfortunately > they don't work with forwarding the way it was done in the 1980s and > 90s. :) Sadly the notion that these practices should change after so > many decades makes some people very upset, and very vocal. > > From my perspective, the rise of wholesale fraud and system compromise > via phishing over the past 20 years is a compelling reason to pursue > email authentication - as one of a number of steps. There are things > that I believe will never be amenable to similar technical measures, > like the misleading contents of a message. However such challenges do > not excuse doing nothing on points that can be constructively addressed. > > Just so this isn't brought up later as a sign I'm part of some shadowy > cabal - I participated in the IETF working group that created DKIM, and > I also participated in the creation of DMARC and am active in that IETF > working group, as well as DMARC.org. > > --S. > > _______________________________________________ > bblisa mailing list > [email protected] > http://www.bblisa.org/mailman/listinfo/bblisa _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
