Domain: irtf.org
Stories and comments across the archive that link to irtf.org.
Comments · 21
-
DTN
Delay / Disruption Tolerant Internet (DTN) is still at the Research Group stage. It's really more about replacing TCP than the Internet (UDP will work just fine in space), and has received some criticism (pdf download), ironically mostly centered around how it breaks the end-to-end principle.
While there is now an SIS-DTN green book (a necessary step for general deployment on space missions), and initial tests in space are positive, these things move so slowly that I think it's going to be a while before this is generally deployed in space.
-
Re:Hmm
The problem is that congestion control on the Internet is strictly based on the Van Jacobsen hacks to TCP/IP. These work pretty well, but they have problems. First, a lot of IP traffic is not TCP. Second, various IP protocols like Bittorrent actually game congestion control to get more than their fair share of the pipe, and there's really no way to prevent this (e.g., what Comcast tried isn't a good solution).
The belief that no-one is working on this is incorrect, however. There's some very good work being done in the IRTF (a research organization associated with the IETF). They did a really cool presentation on their work at the Stockholm IETF this month. There are really good people at various ISPs and running the backbones. It is not the case that it's all on autopilot and slowly decaying. E.g., check out Hurricane Electric. Comcast has a very good team.
The most hopeless thing I see on the Internet is the continued prevalence of operating systems that are highly vulnerable to attack due to poorly-thought-out security models. Apple is starting to do some interesting work on this - they recently hired the guy who did BitFrost for the OLPC project, for example. A big complaint about Bitfrost is that it's not necessarily all that useable, but if anyone can fix that, it's probably Apple. Would be nice if Microsoft weren't backsliding on this.
-
Relevant Links - easier to read
-
karma theifNeat List? If you are going to karma whore, at least do it right
-
Corrected Link List
-
Neat List of Relevant Links
-
Re:How to stop SPAM at the source
I think that Sender Permitted From (SPF) and friends look to give us significant mileage on this.
Basically this means that when you set up a domain, you specify what the IP addresses are for the authorised mail-servers. Something like SpamAssassin can then add a "+2" it came from SPF listed address, or "-2" if it didn't.
Put that in the box with all the other heuristic techniques going on and it will make a suprisingly large difference to catching spam.
I, for one, really look forward to it's implementation for some very good reasons:
- It will completely stop "Joe Jobs".
- A domain with SPF can't usefully specify "every trojaned box on the internet"
- Software can look at the age of a domain
- It all becomes grist for heuristic systems like SpamAssassin
I've been joe-jobbed plenty of times. It is &^$%*& annoying, especially for a domain that's been in use for a long time.
-
Because that would go nowhereThe way for a person with a vision to get an open source project rolling is to create something worth building on. If you start with "ok, let's write something that does X..." you'll be mired in discussions about what X means and the right way to do X and how come you're not Y.
(If you doubt this, consider the way things are going with ASRG.)
Meanwhile, someone who skipped the design-by-clusterfxxk step will quietly crank out a foundation to build upon, leaving the squabblers behind. With any luck, a few people will crank out a few options.
Discussion is good, but there's a hell of a lot to be said for implementation, and the real-world evaluation of functioning implementations.
-
Re:Adding info to DNS servers
There are quite a number of such proposals. For instance...
- Designated Senders Protocol: A Way to Identify Hosts Authorized to Send SMTP Traffic
- A DNS RR for simple SMTP sender authentication
- Repudiating MAIL FROM
...among others. The Internet Research Task Force Anti-Spam Research Group (IRTF ASRG) currently has a sub-group specifically dedicated to the unification of these proposals. This is a relatively recent initiative (only about a month old). You can find archives of the discussion at gmane.org.
-
SPF
-
Can't use MX (someday maybe RMX...)morelife writes:
Why not use the MX?
Yes, Morelife is exactly correct. My "outbound" mail firewalls have no TCP listeners on them at all, only a PF rules to return RST for TCP/113 (to avoid the AUTH query delay), so listing them as MX hosts for inbound mail would be a bad idea.In large mta deployments the mx is hardly ever the sending mta.
There *was* a IETF draft for "RMX" (Reverse MX) published by the IETF's Anti-Spam Research Group (ASRG), but it's not really ready for prime time.
-
ASRG (Re:RMX?)
Some more proposals are on http://www.irtf.org/asrg/asrg_documents.htm/.
-
Re:I-D appears Expired
gotcha - I didn't look at the research groups (never have actually - looks like good stuff there) The anti-spam research group should have more promanence on pobox's site
-
The real ASRG: Research Group
-
The real ASRG: Research Group
-
These are all bad ideasThese plans are awful. Authentication services and trusted senders are a way for the certificate authorities to decide who can or cannot send mail (be it spam or political speech) [1]. Micropayments are a tax on speech. Challenge/response is patented. Opt-out tools depend on a centralized database from which spammers will harvest addresses. Reputation systems are an invasion of privacy.
Most of the proposals are probably patented (as ridiculous as that may sound). No doubt the recent spam proposals are being pushed by folks with an agenda totally unrelated to spam. There is no way they would get this much media attention without a commercial PR department. Which begs the question, who is behind ASRG? The guy in charge has six pending patents on this very subject.
To stop spam, we should use less invasive approaches such as bayesian filtering and common sense legislation (mandatory headers and spam-hunting boundies aren't a bad idea). We do not need privacy-invading, censorship centers which outlaw open-source solutions.
-----
[1] I fully expect that if we adopt authentication systems, the certificate authorities will permit paying marketeers to spam anyone they choose.
-
Yes, these people seem to suck.Another sign of their cluelessness in that draft is their statement that "spam is not yet exactly defined". The definition is, and always has been, unsolicited bulk e-mail. You can't get more exact than that
I prefer the term, "unsolicited comercial email", but I see where you are comming from. UCE is the most obvious and obnoxious form. Bulk mailing by organizations you belong to may not be solicited but have legitimate uses. Either way, everyone knows what spam is when they see it, but there's little hope of building a useful filter based on "consent". The simple answer, to copy fax laws against unsolicited comercial faxes, is the best way to kill spam.
These IRTF people have other problems too. They've been hard at work with DRM and seem to give their End to End group the cold shoulder. Also their E2E projects included multicasting and other push like stuff. Everywhere I look, I see things I don't like, adding inteligence to a network that works because it has none. Who's putting these people up to this stuff?
-
Yes, these people seem to suck.Another sign of their cluelessness in that draft is their statement that "spam is not yet exactly defined". The definition is, and always has been, unsolicited bulk e-mail. You can't get more exact than that
I prefer the term, "unsolicited comercial email", but I see where you are comming from. UCE is the most obvious and obnoxious form. Bulk mailing by organizations you belong to may not be solicited but have legitimate uses. Either way, everyone knows what spam is when they see it, but there's little hope of building a useful filter based on "consent". The simple answer, to copy fax laws against unsolicited comercial faxes, is the best way to kill spam.
These IRTF people have other problems too. They've been hard at work with DRM and seem to give their End to End group the cold shoulder. Also their E2E projects included multicasting and other push like stuff. Everywhere I look, I see things I don't like, adding inteligence to a network that works because it has none. Who's putting these people up to this stuff?
-
The IETF has an anti-spam research groupWhy don't these people get involved, and discuss their plans with people who really understand the issues involved in reinventing SMTP?
Perhaps because that that is the very last thing these people actually want?
-
That should be Internet RESEARCH Task Force
Actually, it's the IRTF -- not the IETF -- that is undertaking this work. To quote from the IRTF home page - "[Mission] To promote research of importance to the evolution of the future Internet by creating focused, long-term and small Research Groups working on topics related to Internet protocols, applications, architecture and technology."
Don't expect a quick fix from this initiative. -
Re:So this will help from Mars?
you should check out the IRTF if you're interested in interplanetary computer networks. no, really!