In a separate thread, under Yakov's suggestion, the solution part of this discussion is now probably moving on to the closed ASRG list (with open archive) as posted in http://article.gmane.org/gmane.ietf.asrg.smtpverify/300 I'd like to now address the other part of Yakov's reply below, or "Why not keep the old design if we can get back to the old assumption?" Comments inlined. Yakov Shafranovich wrote: > > Ed Gerck wrote: > > > > The *possibility* of spam is due to an Internet design based on an > > honor system for the end points. The model being that the connection > > was less trusted than the end points. Access to the end points was > > granted under an honor system and usage rules were enforceable. > > > > Reality showed that the model was upside down for commercial operation. > > The end points cannot be controlled and are in fact less trusted than > > the connection. Anyone can connect to the network. There is no honor > > system. Usage rules are not enforceable -- users can hide and change > > their end points. > > > > The original design relied on the human assumption that someone would > enforce the rules. In a commercial world, for some reason or another, > the network operators either cannot or do not want to enforce the rules. > If the network operators are able to enforce usage rules, that can make > a difference without resorting to any changes in the underlying > architechture. I is simply not possible to go back to the old assumption. We cannot effectively limit any particular user to NOT use the Internet. True, ISPs and the law can chase the guy round but he can run, he can hide and he can change his end point at will. How about network operators being able to enforce rules, as you suggest above, could that make a difference *without* resorting to any changes in the underlying architecture? Well, as you yourself wrote today in another thread, no. I share your concerns: My concern with your approach is with the fact that SPs can employ such measures against someone else without proof, simply cutting off connectivity for some stupid reason and blaming it on not handling abuse reports. What about ISPs erring on the side of caution and cutting off an entire netblock? Is there a provision for an accused "pollutor" to appeal the decision against the SP that is employing the practice? These are some of the questions that come up off-hand, I will be more than happy to discuss the entire document in detail with you off-list. Even in the real world, while there are consequences for actions, there are numerous checks and balances that make sure that the right person is actually punished for the actions that he or she actually did. This is why we have courts, appeals, clemency, etc. to mention a few. The same checks and balances must be applied in any similar mechanisms in the Internet arena. The problem is that these checks and balances make the process slower. This is where we move away from the technical issues and into the human ones, and this is where its gets very heated and political. It is thus a rather weak argument to talk about "actions that have consequences" in terms of a technical solution that the IETF can pursue to save the old design based on an enforceable honor system. The consequences would need to be arbitrated and we know how long, ineffective and expensive that can be. We can't go back to the explicit trust present in the early Internet. As Stef has mentioned, the DARPA Internet was more like a network than a network of networks. The Internet has no staff or sysadmin that would approve/remove users and enforce rules. The solution to spam lies squarely in the IETF hands. We need an Internet design where the end points are less trusted than the connection. The opposite of what we have today. Only then, IMHO, can we have those kind of solutions that the IETF can take on in order to really reduce the problem. Of course, updating the Internet design to fit its current operating conditions is useful not only to stop spam. Social engineering and spoofing attacks also rely on the old honor system where users are trusted. "Trust no one" should be the initial state under the new Internet paradigm. Comments? Cheers, Ed Gerck