Slashdot Mirror

angry tapir writes with this excerpt from Tech World: "Researchers from German security firm Recurity Labs have released a JavaScript implementation of the OpenPGP specification that allows users to encrypt and decrypt webmail messages. Called GPG4Browsers, the tool functions as an extension for Google Chrome and now is capable of working with GMail." A quick gander at the source leaves me with the impression that it should be more or less portable to other browsers. It's also built using a lot of off-the-shelf Javascript libraries. (Who knew Javascript had a bignum library and a number of cipher implementations?)

kaiengert writes "In November 2009 a Man-In-the-Middle vulnerability for SSL/TLS/https was made public (CVE-2009-3555), and shortly afterwards demonstrated to be exploitable. In February 2010 researchers published RFC 5746, which described how servers and clients can be made immune. Software that implements the TLS protocol enhancements became available shortly afterwards. Most modern web browsers are patched, but the solution requires that both browser developers and website operators take action. Unfortunately, 16 months later, many major websites, including several ones that deal with real world transactions of goods and money, still haven't upgraded their systems. Even worse, for a big portion of those sites it can be shown that their operators failed to apply the essential configuration hotfix. Here is an exemplary list of patched and unpatched sites, along with more background information. The patched sites demonstrate that patching is indeed possible."

An anonymous reader writes "FTP celebrates its 40th birthday tomorrow. Originally launched as the RFC 114 specification, which was published on 16 April 1971, FTP is arguably even more important today than when it was born. Frank Kenney, vice president of global strategy for US managed file transfer company Ipswitch, said that the protocol we know as FTP today is 'a far cry from when Abhay Bushan, a student at MIT, wrote the original specifications for FTP.' According to Kenney, the standard has grown from 'a simple protocol to copy files over a TCP-based network [to] a sophisticated, integrated model that provides control, visibility, compliance and security in a variety of environments, including the cloud.'"

An anonymous reader writes "RFC 6217 was published today yesterday tomorrow orally , enabling one to send messages over a wide area even to people lions tigers bears without computers or smartphones. The technology looks promising, but is not without drawbridges drawbacks drawdowns drawwwwyeah ; 'Additionally, solar radiation conditions affect transmission in a predictable, cyclic manner. Depending on latitude, the medium large small grande may be unusable for a lengthy period, during which alternate arrangements must be made.' Additionally Bombastically Subtractionally Yo , while 'The physical layer used is made up primarily of nitrogen and oxygen,' there are concerns that microscopic amounts of residue left over from the transmission may include 'argon, micropiranhas carbon dioxide uranium dioxide oxygen dioxide , neon, helium, chloride anions, sulfur dioxide, and other molecules occurring at very low mixtures' "

linuxwrangler writes "It's used in Java. It's used in nearly every flavor of UNIX/Linux. In PostgreSQL, Oracle and other databases. Several RFCs refer to it. But where does the timezone database come from? I never gave it much thought but would have assumed that it was under the purview of some standards body somewhere. It's not. Since the inception of the database Arthur David Olson has maintained the database, coordinated the mailing list and volunteers and provided a release platform and now he is retiring. IANA is developing a transition strategy. Jon Udell has an interesting literary appreciation of the timezone database."

An anonymous reader writes "Google has submitted an Internet Draft covering the bitstream format and decoding of VP8 video to the Internet Engineering Task Force. CNET's Stephen Shankland writes, 'Google representatives published the "VP8 Data Format and Decoding Guide" at the IETF earlier this month, but that doesn't signal standardization, the company said in a statement. The document details the VP8 bitstream — the actual sequence of bytes into which video is encoded. "We submitted the VP8 bitstream reference as an IETF Independent RFC [request for comments] to create a canonical public reference for the document," Google said. "This is independent from a standards track." The IETF document could help allay one concern VP8 critics have raised: that VP8 is defined not by documentation of the bitstream but rather by the source code of the software Google released to implement VP8. But the IETF document still plays a subordinate role to that source code.'"

An anonymous reader writes "Google has submitted an Internet Draft covering the bitstream format and decoding of VP8 video to the Internet Engineering Task Force. CNET's Stephen Shankland writes, 'Google representatives published the "VP8 Data Format and Decoding Guide" at the IETF earlier this month, but that doesn't signal standardization, the company said in a statement. The document details the VP8 bitstream — the actual sequence of bytes into which video is encoded. "We submitted the VP8 bitstream reference as an IETF Independent RFC [request for comments] to create a canonical public reference for the document," Google said. "This is independent from a standards track." The IETF document could help allay one concern VP8 critics have raised: that VP8 is defined not by documentation of the bitstream but rather by the source code of the software Google released to implement VP8. But the IETF document still plays a subordinate role to that source code.'"

FranckMartin writes "Little known to the general public, the Internet Engineering Task Force celebrates its 25th birthday on the 16th of January. DNSSEC, IDN, SIP, IPv6, HTTP, MPLS ... all acronyms that were codified at the IETF. But little known, one can argue the IETF does not exist; it just happens that people meet 3 times a year in some hotel around the world and are on mailing lists in between. The openness of the IETF and its structure has inspired the way ICANN is run, as well as the way the Internet Governance Forum (IGF) has been open to the civil society."

An anonymous reader writes "36 countries in the world have over 100% per-capita usage of mobile phones, and this is driving a real crunch on IPv4 addresses as more and more of these devices are data-capable. The mobile network operators are acting fast to deploy IPv6, and T-Mobile USA has had an IPv6-only trial going on for over 9 months now using NAT64 to bridge to IPv4 Internet content. It is interesting to note that the original plan for IPv6 transition, dual-stack, has failed since IPv4 addresses are effectively already exhausted for many people who want them. Dual-stack also causes many other issues and has forced the IETF to generate workarounds for end users called happy eyeballs (implying that eyeballs are not happy with dual-stack), and a big stink around DNS white-listing. How will you ensure that your network, users, and services continue to work in the address-fractured world of the future where some users have only IPv4 (AT&T ), some users have only IPv6 (mobile and machine-to-machine as well as developing countries), and other Internet nodes have both?"

An anonymous reader writes "36 countries in the world have over 100% per-capita usage of mobile phones, and this is driving a real crunch on IPv4 addresses as more and more of these devices are data-capable. The mobile network operators are acting fast to deploy IPv6, and T-Mobile USA has had an IPv6-only trial going on for over 9 months now using NAT64 to bridge to IPv4 Internet content. It is interesting to note that the original plan for IPv6 transition, dual-stack, has failed since IPv4 addresses are effectively already exhausted for many people who want them. Dual-stack also causes many other issues and has forced the IETF to generate workarounds for end users called happy eyeballs (implying that eyeballs are not happy with dual-stack), and a big stink around DNS white-listing. How will you ensure that your network, users, and services continue to work in the address-fractured world of the future where some users have only IPv4 (AT&T ), some users have only IPv6 (mobile and machine-to-machine as well as developing countries), and other Internet nodes have both?"

An anonymous reader writes "36 countries in the world have over 100% per-capita usage of mobile phones, and this is driving a real crunch on IPv4 addresses as more and more of these devices are data-capable. The mobile network operators are acting fast to deploy IPv6, and T-Mobile USA has had an IPv6-only trial going on for over 9 months now using NAT64 to bridge to IPv4 Internet content. It is interesting to note that the original plan for IPv6 transition, dual-stack, has failed since IPv4 addresses are effectively already exhausted for many people who want them. Dual-stack also causes many other issues and has forced the IETF to generate workarounds for end users called happy eyeballs (implying that eyeballs are not happy with dual-stack), and a big stink around DNS white-listing. How will you ensure that your network, users, and services continue to work in the address-fractured world of the future where some users have only IPv4 (AT&T ), some users have only IPv6 (mobile and machine-to-machine as well as developing countries), and other Internet nodes have both?"

alphadogg writes to tell us that the Internet Engineering Task Force has decided to document the successes and failures of past standards and the reasons why. The hope is that lessons learned can influence future decisions. "Grading the success of the IETF standards can also serve several other functions, Crocker pointed out. It could help working groups focus their thinking on how their standards may get implemented, acting in effect a bit like a report card. A secondary benefit of the wiki is that it could serve as an aid in public relations, a place for the standards body to tout its successes. This is not the IETF's first foray into deriving lessons learned from its own work, Housley said. In 2007, Microsoft software architect Dave Thaler gave a talk at the IETF 70 meeting, held in Vancouver, British Columbia, Canada, in which he outlined some of the factors that make a protocol a success."

imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

jhutkd writes "Educause (who run the .edu gTLD) announced today that they will deploy DNSSEC and sign the .edu zone by the end of March 2010. This will enable all educational institutions to benefit from deploying DNSSEC via the secure delegation hierarchy starting with IANA's ITAR (a temporary surrogate for the root zone signing), going through .edu, down to schools, and potentially leading all the way down to individual departments. Unlike larger gTLDs like .org, the churn of adding new and deleting old zones in .edu is much lower (due to the fact that there are tight controls on who may register for a delegation). Thus, many of the hassles of adding new DS records and maintenance procedures might be more manageable and help speed DNSSEC's rollout in this branch of the DNS hierarchy."

An anonymous reader writes "Comcast has finally launched its DNS Redirector service in trial markets (Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington state), and has submitted a working draft of the technology to the IETF for review. Comcast customers can opt-out from the service by providing their account username and cable modem MAC address. Customers in trial areas using 'old' Comcast DNS servers, or non-Comcast DNS servers, should not be affected by this. This deployment comes after many previous ISPs, like DSLExtreme, were forced to pull the plug on such efforts as a result of customer disapproval/retaliation. Some may remember when VeriSign tried this back in 2003, where it also failed."

Jibbler writes "Following the recent Pwn2Own competition, in which Firefox, IE8 and Safari all fell quickly to exploits, Netcraft has observed a surge in popularity of the text-based Lynx browser. Netcraft points out that Lynx supports the latest cryptographic ciphers, and at least one online banking site has seen Lynx usage overtake that of Internet Explorer and Firefox. To boost Lynx's excellent security history, Netcraft has even developed a version of its anti-phishing toolbar for Lynx."

Yannis B. writes "This week, a group of leading technology vendors that includes Cisco, Sun, Ericsson, Atmel, Freescale, and embedded open source developers, founded the Internet Protocol for Smart Objects Alliance to promote the 'Internet of Things,' in which everyday objects such as thermometers, radiators, and light switches are given IP addresses and are connected to the Internet. Such IP-enabled 'smart objects' give rise to a wide range of applications, from energy-efficient homes and offices to factory equipment maintenance and hospital patient monitoring. For Slashdot readers who are interested in the underlying technology, a white paper written by well-known embedded open source developer Adam Dunkels and IETF ROLL working group chair JP Vasseur establishes the technical basis of the alliance (PDF)."

kurmudgeon writes "The Register is fielding reader tips that Hotmail has placed Draconian limits on the number of Hotmail recipients who can receive an email. The first 10 Hotmail addresses included in a mass email go through just fine, according to these reports. But any additional addresses are returned to sender with a message that reads: "552 Too many recipients." (Microsoft denies it has placed any such restriction on the number of senders.) This would appear to be a violation of RFC 2821, which states: "Rejection of messages (for excessive recipients) with fewer than 100 RCPT commands is a violation of this specification."

IO ERROR writes "An internet-draft published this month calls for an IPv6 transition plan which would require all Internet-facing servers to have IPv6 connectivity on or before January 1, 2011. 'Engineer and author John Curran proposes that migration to IPv6 happen in three stages. The first stage, which would happen between now and the end of 2008, would be a preparatory stage in which organizations would start to run IPv6 servers, though these servers would not be considered by outside parties as production servers. The second stage, which would take place in 2009 and 2010, would require organizations to offer IPv6 for Internet-facing servers, which could be used as production servers by outside parties. Finally, in the third stage, starting in 2011, IPv6 must be in use by public-facing servers.' Then IPv4 can go away."

ppadala writes "While research from PEW Internet (PDF) shows that few users really are bothered by spam, IETF is supporting a public key cryptographic based e-mail authentication mechanism called DomainKeys Identified Mail (DKIM) Signatures . The new spec is supposed to help in fighting both spam and fraud. From Ars Technica: 'DKIM's precursor, DomainKeys, was originally developed by Yahoo. The specifications for DKIM were then extended by an informal group of IT organizations that included companies like Yahoo, Cisco, EarthLink, Microsoft, and VeriSign, among others. It was first submitted by the group to the IETF in mid-2005, but only recently published by the IETF. The spec is still to be incorporated into a more formal draft and submitted for approval, however.'"

Many readers sent us links to the story about Chinese scientists developing pigeons whose flight can be controlled remotely. The best coverage may be Wired's, both because they link to the English language version of the original Peoples Daily Online release, and because of the (disturbing) photos. The birds can be commanded to fly left, right, up, or down. Reader KDan writes, "A number of obvious uses jump out to me... the remote-controlled pigeons will finally allow us to create an efficient implementation of RFC 1149 and RFC 2549."

Many readers sent us links to the story about Chinese scientists developing pigeons whose flight can be controlled remotely. The best coverage may be Wired's, both because they link to the English language version of the original Peoples Daily Online release, and because of the (disturbing) photos. The birds can be commanded to fly left, right, up, or down. Reader KDan writes, "A number of obvious uses jump out to me... the remote-controlled pigeons will finally allow us to create an efficient implementation of RFC 1149 and RFC 2549."

_RiZ_ asks: "I work for a medium sized company and we are looking for a solution to aid in managing the ever complex IP space in use throughout the growing enterprise. We currently use a full class B of public addresses as well as all RFC 1918 ranges. The idea came up to develop this application internally, however this has proven in the past to be more of a headache, especially if the original developer changes roles or moves on from our company. We have looked at IPplan, but have found this program is more intended for an ISP documenting customer ranges rather than an enterprise IT shop. We would like something which is database driven, intuitive to use, and preferably open source, although a good commercial solution is always a viable option. Does anyone have any suggestions?"

NW writes "According to the records in the IETF's database (here and here), both the SPF and Sender-ID anti-spam proposals were tentatively approved by the IESG (the approval board of the IETF) as experimental standards. It remains to be seen whether any of them will actually put a dent into spam." At the same time, the FTC has opened a central site about email authentication.

NW writes "According to the records in the IETF's database (here and here), both the SPF and Sender-ID anti-spam proposals were tentatively approved by the IESG (the approval board of the IETF) as experimental standards. It remains to be seen whether any of them will actually put a dent into spam." At the same time, the FTC has opened a central site about email authentication.

NW writes "According to the records in the IETF's database (here and here), both the SPF and Sender-ID anti-spam proposals were tentatively approved by the IESG (the approval board of the IETF) as experimental standards. It remains to be seen whether any of them will actually put a dent into spam." At the same time, the FTC has opened a central site about email authentication.

NW writes "According to an eWeek story Microsoft is beginning to assert IP rights over 130 protocols including many basic Internet protocols including TCP/IP, DNS, etc. The story originates with a mailing list post to the IETF's IPR list."

hexene writes "In an open letter to the IETF MARID Working Group, the Apache Software Foundation has rejected the patent-encumbered Sender ID specification. This means no Sender ID support for SpamAssassin, Apache JAMES, etc. They state that the current license is generally incompatible with open source, and contrary to the practice of open Internet standards."

NW writes "Microsoft published today a new license and FAQ for Sender-ID anti-spam standard being developed by the IETF's MARID WG (based on SPF). To use the license, a signed agreement with MSFT is required. Compatability with the Open Source Definition, the Free Software Definition, the Debian Free Software Guidelines, and the GPL/LGPL licenses is already in question."

NW writes "Microsoft published today a new license and FAQ for Sender-ID anti-spam standard being developed by the IETF's MARID WG (based on SPF). To use the license, a signed agreement with MSFT is required. Compatability with the Open Source Definition, the Free Software Definition, the Debian Free Software Guidelines, and the GPL/LGPL licenses is already in question."

NW writes "In a recent message to the MARID list RMS weighs in on the licensing issues of Sender-ID/SPF and Microsoft: 'Microsoft's Sender-ID license is directly incompatible with free software regardless of which free software license is used. Free software means users are free to run it, study and modify the source, and to redistribute it with or without changes. Free to do so means there is no requirement to ask or tell anyone that you are doing so.'" "MARID" stands for MTA Authorization Records in DNS; here's the IETF MARID working group's charter. (Read more below.)

Stallman's message continues: "The Microsoft license for Sender-ID directly forbids release of software with all these freedoms, so it is impossible for any program to be free software under Microsoft's regime. I've been expecting to see something like this ever since Gates started talking about spam. This license is an example of Microsoft's strategy for killing off free software as an alternative to Windows. Microsoft first patents something, then incorporates it into a format or protocol, then tries to make it de rigueur while excluding those it wishes to exclude. In the absence of resistance, Microsoft has a good chance of imposing whatever standards it likes. Let us, therefore, resist it here and now."

wayne writes "In a show of just how much Microsoft wants to put an end to email forgery, Hotmail, MSN and Microsoft.com will start enforcing Sender ID checks by Oct 1. In late May, MicroSoft announced that they would be adopting the Open Source SPF anti-forgery system (with a slight modification to make it Sender ID) and they have been working together with the IETF MARID working group to help create an RFC to define the Sender ID standard. Already tens of thousands of domain owners, such as AOL, Earthlink, and Gmail, have published SPF records, and thousands of systems are already checking SPF records. Publishing SPF records is easy, as is checking SPF records."

GMan00 writes "Daemon News' latest May EZine has been released online. This issue covers BSDCan which was held last weekend in Ottawa, Canada. As you'll see from the DN EZine, the conference was a great success, with some 170 developers, sysadmins and end-users from around the world. Some travelled as far away as Japan, the Ukraine and the Netherlands. Speakers included Jun-ichiro itojun Hagino of the IETF and a lead authority on IPv6 besides being the NetBSD Security Officer, Theo de Raadt of OpenBSD, Poul-Henning Kamp, the creator of the FreeBSD GEOM Disk i/o subsystem, and Robert Watson, the founder of the TrustedBSD Project. Dan Langille, the brain behind FreeBSDDiary and FreshPorts, organized the conference and is planning a repeat performance next May."

NetWizard writes "Following on the heels of Yahoo submitting DomainKeys, Microsoft decided to submit their "Caller ID" anti-spam proposal as a draft to the IETF. This proposal tries to tie in IP addresses to the domain of the sender just like SPF does. To make things even more interesting, looks like SPF and MSFT's Caller-ID proposals are merging. On a related note, Yahoo submitted an IPR disclosure for DomainKeys to the IETF."

NetWizard writes "Following on the heels of Yahoo submitting DomainKeys, Microsoft decided to submit their "Caller ID" anti-spam proposal as a draft to the IETF. This proposal tries to tie in IP addresses to the domain of the sender just like SPF does. To make things even more interesting, looks like SPF and MSFT's Caller-ID proposals are merging. On a related note, Yahoo submitted an IPR disclosure for DomainKeys to the IETF."

NetWizard writes "Following on the heels of Yahoo submitting DomainKeys, Microsoft decided to submit their "Caller ID" anti-spam proposal as a draft to the IETF. This proposal tries to tie in IP addresses to the domain of the sender just like SPF does. To make things even more interesting, looks like SPF and MSFT's Caller-ID proposals are merging. On a related note, Yahoo submitted an IPR disclosure for DomainKeys to the IETF."

NetWizard writes "According to a mailing list post at the IETF, Yahoo's website and a Wired News story, Yahoo has made the DomainKeys draft public and submitted to the IETF." Russ Nelson explains "Basically, your MTA uses RSA-SHA1 to sign the headers and body of your email and inserts that signature before sending the email. The recipient MTA looks up $selector._domainkey.$domain in the DNS, gets your public key, verifies it, and inserts a notice. There's also a SourceForge project for a DomainKeys library." An anonymous reader asks "It seems to me that it doesn't offer anything more than the Sender Policy Framework by pobox.com, other than doing relay-based signing of the messages to provide the sender verification. SPF has already grown to over 14,000 domains so far and only requires an addition to your DNS to support (from the sending side). Verifying messages on the receiving MTA is as simple as doing a DNS lookup, most MTAs can support SPF now, the code is available and well tested. What advantages to people see in Domainkeys over SPF that are actually useful, and what standard should people implement?"

NetWizard writes "According to a mailing list post at the IETF, Yahoo's website and a Wired News story, Yahoo has made the DomainKeys draft public and submitted to the IETF." Russ Nelson explains "Basically, your MTA uses RSA-SHA1 to sign the headers and body of your email and inserts that signature before sending the email. The recipient MTA looks up $selector._domainkey.$domain in the DNS, gets your public key, verifies it, and inserts a notice. There's also a SourceForge project for a DomainKeys library." An anonymous reader asks "It seems to me that it doesn't offer anything more than the Sender Policy Framework by pobox.com, other than doing relay-based signing of the messages to provide the sender verification. SPF has already grown to over 14,000 domains so far and only requires an addition to your DNS to support (from the sending side). Verifying messages on the receiving MTA is as simple as doing a DNS lookup, most MTAs can support SPF now, the code is available and well tested. What advantages to people see in Domainkeys over SPF that are actually useful, and what standard should people implement?"

An anonymous reader writes "Following the recent excitement over a potential vulnerability in TCP, Cisco's "Worldwide Patent Counsel", Robert Barr, has let it be known that they have pending patent applications for one or more of the IETF recommendations for improving TCP's security. KernelTrap has the full details."

An anonymous reader writes "Following the recent excitement over a potential vulnerability in TCP, Cisco's "Worldwide Patent Counsel", Robert Barr, has let it be known that they have pending patent applications for one or more of the IETF recommendations for improving TCP's security. KernelTrap has the full details."

Joe_Hypnol writes "I just noticed this bit of news over at IRC Junkie. Looks like a bunch of irc client authors (and even more) are putting their heads together to come up with DCC2, a replacement for the the poorly designed DCC IRC file transfer specification. The old protocol was basically based on a usenet post, but this new one is looking like it'll be a full-blown standard. It's currently an IETF internet working draft. Read the press release at DCC2.org."

An anonymous reader submits "According to a recent mailing list post by Harry Katz who is the Program Manager of Exchange at Microsoft, they plan to submit MSFT's "Caller ID" proposal to the IETF: 'I want to inform members of the MARID working group that Microsoft will shortly be submitting the Caller ID for E-mail specification to the IETF as an Informational RFC. We request that the Caller ID specification be considered an input document to the working group's deliberations.'"

netcentric writes "A post on CircleID has reported about an RFC prepared by Donald E. Eastlake 3rd and Declan McCullagh, CNET News.com's Washington D.C. correspondent, analyzing proposals from various parties to mandate the use of special top level domain names (such as .sex or .xxx) or an IP address bit to flag 'adult' or 'unsafe' material or the like. The analysis explains why these ideas are dangerous and ill considered from legal, philosophical, and technical points of view. Here is the post to this report on CircleID along with some commentaries and link to the entire RFC 3675."

hystrix writes "As long expected, the IESG has approved the Extensible Messaging and Presence Protocol (XMPP): Core (draft-ietf-xmpp-core-22.txt) as a Proposed Standard. For those of you in the dark, thats the protocol behind the only tried and proven open IM platform, Jabber. Congrats to the hard working Peter Saint-Andre, and the entire XMPP Working Group."

securitas writes "ZDNet reports that AOL is testing Sender Permitted From (SPF), 'an antispam filter intended to accurately trace the origin of e-mail messages.' AOL is performing the widescale SPF test with its 33 million subscribers worldwide. The system works by letting recipients use the SPF record to cross-check DNS data associated with AOL's IP addresses and confirm that the message originated from AOL's servers. The system is one of three competing e-mail authentication protocols. The other IP-identifying protocols are the Designated Mailers Protocol (DMP) and Reverse Mail Exchange (RME/RMX). All systems alter the DNS database to let e-mail servers publish the IP addresses that they use to send e-mail."

securitas writes "ZDNet reports that AOL is testing Sender Permitted From (SPF), 'an antispam filter intended to accurately trace the origin of e-mail messages.' AOL is performing the widescale SPF test with its 33 million subscribers worldwide. The system works by letting recipients use the SPF record to cross-check DNS data associated with AOL's IP addresses and confirm that the message originated from AOL's servers. The system is one of three competing e-mail authentication protocols. The other IP-identifying protocols are the Designated Mailers Protocol (DMP) and Reverse Mail Exchange (RME/RMX). All systems alter the DNS database to let e-mail servers publish the IP addresses that they use to send e-mail."

figlet writes "A new IETF draft is out (URI Scheme for Information Assets with Identifiers in Public Namespaces). It is a very cool idea and basically introduces namespaces through a new URI scheme. These would be used to refer to resources within their own context. NISO will be the registry for public namespaces. Example (from Herbert Van de Sompel): 'For example, assuming that the namespace of Dewey Decimal Classifications (ddc:) and the namespace of Library of Congress Control Numbers (lccn:) would be registered by their respective authorities, then: the Dewey Decimal Classification 22/eng//004.678 (for the term "Internet") could be expressed as the "info" URI:<info:ddc/22/eng//004.678> and the Library of Congress Control Number 2002022641 could be expressed as the "info" URI <info:lccn/2002022641>.' NISO is going to act as the 'info' registry. Very neat. This basically sets up a parallel web of info spaces, where http/DNS space is just one of many, and anyone can register their namespace 'domain'. Way cool!!"

SamMichaels writes "AMTP was published as an Internet Draft last week. It suggests using a 'Mail Policy Code' during the transaction to identify what kind of mail is being sent (administrative, personal, commercial, etc). Another plus is the use of TLS using x.509 certificates signed by a CA so you know exactly where the mail came from. Sounds like a solid plan...now to get a certificate signed for a decent price is the challenge."

eLoco asks: "What support do today's browsers have for XHTML? Maybe a better question would be: what support do the major browsers in current use have for formatting/display of XML with DTD defined? I don't have any browser prejudice per se (I use MSIE, Mozilla, Safari/KHTML, and Opera depending on the system I am working on and my mood), but I am primarily interested in the browsers with greater 'market share,' since my main reason for asking is this: If at least the "main" browsers in current use have decent support (vague, I know) for XHTML/XML rendering, why haven't we all converted over yet?" While it doesn't cover all browsers out there, this chart serves as a good starting point. For those of you working with application/xhtml+xml files, what issues have you run into when serving up your files to various browsers?

egoff writes "Speaking of standards, the ASRG, a member of the IETF, has a plan for "consent-based communications." Among the suggestions, according to Internet Week, are authentication services for falsified addresses, trusted senders, reputation systems (karma?), opt-out tools, best practices for challenge/response, and even a proposal for micropayments on unwanted mail. Instead of defining spam, the ASRG wants to provide administrators and users the tools necessary to avoid what they consider to be unwanted. One of the tools, Reverse MX, is expected to be in place in several months. It would allow the receiving mail server to query a domain to determine if the sending server is allowed to send on its behalf."