[ih] OpenPGP and email lists

Sat Feb 1 23:53:40 PST 2025

I agree that the details of today's technology are not yet of historical 
relevance and belong elsewhere.  That wasn't my intent in my initial post.

Actually, I was thinking about John Schoch's post, and the aspects of 
history beyond the technology itself.  There is more to "Internet 
History" than the technology development, which has been captured in 
RFCs and such.   It seems I'm a "Haighian".   I lived through, and 
participated in, a lot of Internet History, but there are large parts 
that I haven't experienced, or seen captured or discussed.   I don't 
know much of that part of the History, but maybe others do.

In particular, two other historical aspects of Internet History struck 
me: the evolution of the "project management" of The Internet, and the 
evolution of competing technologies, over the last half-century or so.

My earlier reference to ARPA and NSF reflected the initial days of the 
"project management" of The Internet.  ARPA clearly drove the effort at 
first, making decisions, funding the work, and defining clear scenarios 
that the Internet had to support.   NSF joined the team, spreading the 
ARPA work beyond the military, and creating the first ISPs, with a 
mandate and a deadline to figure out how to survive without research 
funding.   Much later, W3C joined the team, and performed similar, but 
more limited, functions for the Web. The Internet grew explosively, 
starting as an ARPA-driven "Experiment" and ending with the Internet 
Industry of today.

Personally, I was involved in the early era and those projects. But I'm 
sure there were lots of other people, organizations, corporations, and 
associated decisions made over the decades that led to the Internet of 
Today.

So, the questions for Internet History are how did we get from there to 
today, who made the decisions, and how did The Internet "project 
management" adapt to the rapid changes in computing and communications 
technology?

The second historical aspect that I believe is an important part of 
Internet History is the context in which the Internet evolved.  It was 
not alone.  Although ARPA drove the TCP technology path, even at the 
beginning there were other players, in particular IBM with SNA, and 
CCITT with X.25/X.75.  Services, such as Compuserve, Lexis/Nexis, lotus 
Notes, and others also appeared, using dialup access when there was no 
Internet available to their customers.

Later, as LANs and workstations replaced terminals and mainframes, 
competitors arose with their own ideas, architectures, technologies, 
standards, and products that provided their own versions of "Their 
Internet" using technologies other than TCP/IP.   Corporations such as 
DEC, IBM, Xerox, Novell, Apple, and many smaller players all had some 
form of their own "Internet" that didn't use TCP.  Even the standards 
world participated with OSI.

Corporate networks used "multiprotocol routers" to run a simultaneous 
mix of different Internets over the same circuits and equipment they had 
purchased.   I was involved in operating one of them in the early 1990s.

During the 1990s and 2000s, I watched as all of those competitors 
disappeared.  It seemed like it happened almost overnight.  Few people 
today likely even remember they existed.   TCP seems to be the sole 
survivor.   There was a  cost however, such as fragmentation into 
"walled gardens", email spam, identity theft, and such.

The question for Internet Historians is:   How did all that happen? Who 
made what decisions?  Why did TCP win?  Was it technically superior to 
all of the others?  Or did all of the others make some bad decisions 
along the way?  Were the "costs" inevitable?  Or ...?

Perhaps some Historian will put the whole story together.

Jack Haverty

On 2/1/25 14:41, touch at strayalpha.com wrote:
> OK, so now I need to step in and remind everyone that this list is for 
> discussions of Internet History.
>
> Debates on how to run an email list should be taken elsewhere.
>
> Please stay on-topic and remember that this list isn’t run by the 
> ISOC; it’s only hosted by the ISOC.
>
> Joe
> —
> Dr. Joe Touch, temporal epistemologist
> www.strayalpha.com
>
>> On Feb 1, 2025, at 1:00 PM, Andrew G. Malis via Internet-history 
>> <internet-history at elists.isoc.org> wrote:
>>
>> Jack,
>>
>> This discussion is getting pretty far afield from the original topic, 
>> so I
>> changed the subject. it's also getting away from Internet History, so we
>> may have to take this elsewhere. :-)
>>
>> OpenPGP is orthogonal to DMARC, SPF, etc., and email list header munging.
>> It's meant for end-to-end security between pairs of email users.
>>
>> You typically wouldn't use it on an email list because you use the
>> receiver's public key to encrypt the email that you're sending. Thus, the
>> receiver with the matching private key will be the only person able 
>> to read
>> it.
>>
>> Cheers,
>> Andy
>>
>> On Sat, Feb 1, 2025 at 3:14 PM Jack Haverty via Internet-history <
>> internet-history at elists.isoc.org> wrote:
>>
>>> Well... I disagree, or at least don't understand.
>>>
>>> Last year when I was receiving complaints that some people weren't
>>> getting my email, I learned more than I ever wanted to know about those
>>> "munging mechanisms" such as DMARC, SPF, PGP, et al.  It's a mess, and
>>> it seems that mailing lists can no longer be considered reliable as more
>>> and more "anti-spam" measures are created.
>>>
>>> IMHO, "doing it right" by breaking digital signatures negates a
>>> mechanism that might reduce spam.  With such signatures, it possible to
>>> determine that a message actually came from the person who seems to have
>>> sent it.
>>>
>>> In this case, "doing it right" contradicts other IETF-driven work which
>>> might alleviate email spam, e.g.:
>>> https://www.openpgp.org/about/standard/
>>>
>>> That doesn't seem "right" to me.    ISOC doesn't even sign the altered
>>> messages it send to the list, to confirm that the ISOC server was the
>>> actual source.
>>>
>>> Such strategy likely motivates people to migrate to other
>>> closed-community systems, e.g., Whatsapp or its competitors.
>>>
>>> IMHO, most people, governments, corporations, and others would probably
>>> agree that spam is a serious and worsening problem with the Internet.
>>> If ISOC agrees, they could use their own systems to define, develop,
>>> debug, test, and then showcase how to "do it right" - as ARPA and NSF
>>> did back in the early days.
>>>
>>> Jack
>>>
>>> On 1/31/25 16:46, Brian E Carpenter via Internet-history wrote:
>>>> Jack,
>>>>
>>>> Back when 95% (or whatever the exact fraction is) of email wasn't spam,
>>>> mailing list operators didn't have to do anything special. But today,
>>>> every mailing list operator has to either do a number of things that
>>>> involve munging messages in one way or another, to avoid anti-spam
>>>> mechanisms used by all the major email provders, or give up and close
>>>> the lists. An expert on this such as John Levine could explain many
>>>> of those munging mechanisms, so I won't try. But ISOC's choice is to
>>>> rewrite the nominal sender of the mail to match the actual sender, i.e.
>>>>   Jack Haverty via Internet-history <internet-history at elists.isoc.org>
>>>> for your messages, so naturally they will not be signed by you when 
>>>> they
>>>> reach subscribers. That's "doing it right" in the era of pervasive 
>>>> spam.
>>>>
>>>> As for:
>>>>
>>>>>>> Large items should be posted via links to other storage sites.
>>>>
>>>> Surely people here of all people are aware that mailing list archives
>>>> are a very poor method of digital conservation. For example, many
>>>> (probably most) IETF WG mail archives prior to the lists being hosted
>>>> at ietf.org are incomplete or lost.
>>>>
>>>> Regards
>>>>   Brian Carpenter
>>>>
>>>> On 01-Feb-25 08:10, Jack Haverty via Internet-history wrote:
>>>>> Thanks, Joe.  I didn't remember ISOC's specific limitations until 
>>>>> I got
>>>>> the rejection report, which said the message was too big.   So I 
>>>>> quickly
>>>>> converted the photo into a smaller size of 80KB, to fit well 
>>>>> within the
>>>>> 400KB constraint, and resent it.  The second try made it through the
>>>>> list server, but the image was stripped away with no indication 
>>>>> that it
>>>>> had ever been there.  I realize you can't do anything about it and
>>>>> sympathize.
>>>>>
>>>>> Apparently the ISOC service silently censors and alters messages 
>>>>> as they
>>>>> pass through.   The recipients don't get what I sent.  It also 
>>>>> breaks my
>>>>> digital signature.   I'm disappointed that ISOC, as parent of the
>>>>> Engineering arm of the Internet, doesn't use its own services as
>>>>> showcase models of "best practice" to demonstrate how to "do it 
>>>>> right",
>>>>> as ARPA, NSF, et al did back in the early days of the Internet.
>>>>>
>>>>> Jack Haverty
>>>>>
>>>>> On 1/31/25 07:40, touch at strayalpha.com wrote:
>>>>>>
>>>>>>> On Jan 30, 2025, at 11:27 PM, Jack Haverty via Internet-history
>>>>>>> <internet-history at elists.isoc.org> wrote:
>>>>>>>
>>>>>>> [trying again... furst try was rejected "Message too big." The
>>>>>>> Internet can now handle gigabit speeds, but apparently not emails
>>>>>>> more than 400 kilobytes?]
>>>>>>
>>>>>> That’s correct; as has been noted before, this list is for 
>>>>>> discussions
>>>>>> but is not a storage archive.
>>>>>>
>>>>>> Large items should be posted via links to other storage sites.
>>>>>>
>>>>>> Joe (list admin)
>>>>>
>>>>>
>>>
>>> --
>>> Internet-history mailing list
>>> Internet-history at elists.isoc.org
>>> https://elists.isoc.org/mailman/listinfo/internet-history
>>>
>> -- 
>> Internet-history mailing list
>> Internet-history at elists.isoc.org
>> https://elists.isoc.org/mailman/listinfo/internet-history
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20250201/ff58ceb1/attachment.asc>