On Mon, Oct 26, 2015 at 02:45:15PM -0400, John C Klensin wrote:
> > If we decide that the long-established semantics are the right
> > ones, then I think our email standards deserve to die, because
> > they don't currently work.
>
> Ted, I think millions of users, passing around tens or hundreds
> of millions of messages around a day, would probably disagree
> with "don't currently work" or at least dismiss it as rather
> extreme hyperbole.
I'll heartily second that. Email is not broken, rather it is
working surprisingly well, under requirements that make some
desirable security properties quite difficult to deliver.
* Ubiquitous reach
* Decentralized provisioning
* Asynchronous one to many communication.
* One to one and one to many forwarding
Various "non-broken" IM systems reduce the volume of abuse by
sacrificing one of more of the key features of email.
> Now I can probably think of at least as many
> ways in which I think the functionality would be different in a
> more perfect world and the ability to positively identify a
> sender (or identify spoofed messages or message components) and
> to verify that what is received is what was sent, and to do both
> without complex arrangements (private key management by end
> users as just one example) are high on my list.
And this too, though positive identification is a rather slippery
fish in a world where domains cost close enough to $1 in bulk, and
reputable organizations continue find novel ways to muddle their
identity through various outsourcing arrangements and rebranding
initiatives.
The bad guys can acquire a constant stream of new identities, and
the good guys shoot themselves in the foot by periodically emulating
the bad guys. The brokenness is not a feature of email, it is
rather a feature of scale. I correspond by email with an order of
magnitude or two more people than I contact by IM or similar.
> So, if you are going to claim that our existing standards don't
> work, I think it would be good to have a clear explanation of
> what you mean and what, precisely, doesn't work. Of course, I
> can only hope that, contrary to your apparent claim, this
> message will reach you in spite of non-working protocols and you
> will be able to reply.
Twisting the knife may be overkill. :-)
--
Viktor.