--On Sunday, December 26, 2021 10:28 +1300 Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote: > I know someone living in NZ who overnight received a "one hour > from now" reminder of a COVID test for someone in the UK who > occasionally mistypes their own gmail address. (A test booked > on Christmas day???) > > The consequences of a typing error in a call sign are > potentially serious. In this case, we can only hope that the > person didn't miss their test. And, since the DNS was mentioned in this regard, that type of error, especially when only a single mistyped character is involved, was the key reason Postel pushed back against single-letter TLDs and one or two character labels at the second level. Three characters is not nearly enough to guarantee that a single-character error will produce an error rather than a false positive on a different name, but the thinking was at least there. But PHB is quite correct here: if the callsign mechanism requires that someone have prearranged permission to send a message or retrieve anything, many problems are solved. The analogy is poor, but I have a mailbox (which the IETF has never seen) that, through many generation of technology, has never received an unsolicited message from a stranger. Why? Because any incoming message is rejected by the delivery MTA if it does not contain current-generation authentication of the sender -- for the last decade or so that has meant that the message body is signed and that I already have the relevant public key on file. Of course, how those permissions are requested and granted requires a separate mechanism. john john
