[ih] what is and isn't the web, was Rise and Fall of the Gopher Protocol
dhc2 at dcrocker.net
Mon Aug 22 11:11:13 PDT 2016
I've long been strongly advocating against a 'default deny' model, but
hadn't latched on to a sufficiently simple and clear way to explain it.
I therefore greatly appreciate the girl scout example.
Unfortunately I also agree that the most efficacious approach for
dealing with bad actions from hosts is terminating access by the host
(or net, if there is an aggregation, or maybe as leverage against the
On 8/22/2016 9:17 AM, Paul Vixie wrote:
> Stephen Casner wrote:
>> On Sun, 21 Aug 2016, Dave Crocker wrote:
>>> Telephone calls and postal service did not (and do not) require
>>> authentication before the call completes or the message is delivered.
>>> Email was design with the same level of authentication as the existing
>>> personal communication services, namely none.
>> And for telephone calls that is proving to be a serious deficiency.
> when we created the first distributed internet reputation system (MAPS
> RBL) there was considerable pressure to make it positive rather than
> negative. this would have made the internet into a "gated community".
> my problem with gated communities is that it's impossible for the girl
> scouts of america to go door to door selling cookies. that may sound
> subjective and/or trivial, but economies and communities and cultures
> grow from roads moreso than from walls.
> lack of authentication/authorization in smtp is a small matter compared
> to the lack of source address validation on packets themselves,
> considering that dns and ntp and other udp protocols, and tcp itself
> during the first two phases of the 3-way handshake, are stateless and
> therefore perfect ddos amplifiers.
> in other words the problems of untrustworthy parties connected to the
> internet are so fundamental and so toxic that de-peering or other
> disconnection is the only possible defense. adding authentication and/or
> authorization to every internet application is so much harder that we
> know it can never be accomplished.
More information about the Internet-history