jas@proteon.com (John A. Shriver) (06/01/90)
Actually, that message came in from usenet netnews. It appears that is was sent to every netnews mailgroup. Dial-up access had nothing to do with it. (Anyone can send mail wherever they please from an account anywhere on the Internet, and realistically, from anywhere in usenet as well.) The problem is the absolute complete and total lack of any sort of security, trackability, or accountability in the netnews system that runs on usenet (uucp) and over nntp. The problem is that most of the Internet mailing lists have been "gatewayed" to netnews mailgroups. I don't think that this was a good thing to do. I don't like seeing Internet mailing lists being brought down to the low level typical of some of the netnews mailgroups. I'd rather the "gateways" be made one way (out from Internet only), or even non-existent. (One could argue that those "gateways" violate the access rules for the Internet, since they cannot verify that the message came from an authorized user of the Internet.) I realize that this would deny netnews/uucp only sites access to the Internet mailing lists, but if their umbrella organization (usenet) cannot maintain professional standards of behavior, then that is their loss. By implementing a system without accountability, they create that risk. Another problem due to "gatewaying" has been consistent recurring problems with mail loops through netnews. About once a month one or another of the mailing lists I'm on gets into a mail loop through netnews. I (and others) would welcome netnews being made properly accountable and secure. It is not, per-se, evil, and I understand that it is efficient. However, not building the Received: lines may make netnews more efficient, but this removes all vestiges of accountability. This is a key problem. The TCP-IP list has been quite consitently professional in its conduct, as have most public Internet mailing lists. Everything unprofessional I have seen recently was "gatewayed" in from netnews.
roy@phri.nyu.edu (Roy Smith) (06/02/90)
jas@proteon.com (John A. Shriver) writes: > if their umbrella organization (usenet) cannot maintain professional > standards of behavior, then that is their loss. By implementing a > system without accountability, they create that risk. And there lies the heart of the problem; there is no umbrella organization called usenet. At best, usenet is a loose confederation of cooperating sites. At worst, it's a anarchy. You can't blame it on "them" because there is no "them" to blame it on. -- Roy Smith, Public Health Research Institute 455 First Avenue, New York, NY 10016 roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy "Arcane? Did you say arcane? It wouldn't be Unix if it wasn't arcane!"
ittai@shemesh.GBA.NYU.EDU (Ittai Hershman) (06/02/90)
> The TCP-IP list has been quite consitently professional in its > conduct, as have most public Internet mailing lists. Everything > unprofessional I have seen recently was "gatewayed" in from netnews. Nonsense. Witness the recent debate on the IETF mailing list, which is not gatewayed to netnews, on the subject of tongue-in-cheek messages. The "problem" is very simply the price of success -- things were a lot more professional back in the old days before we let just anyone (tongue is definitely in cheek here) on the network. The real problem is that our e-mail/conferencing user-agent paradigms no longer fit the reality of the Internet. On a personal level, I use e-mail pretty much for one-to-one or one-to-small-ad-hoc-group communication, and use netnews for all mailing-list/conferencing type activities. This was a step in the right direction, but the user-agents are still far too primitive. There are some intriguing ideas being developed in the research community and I look forward to trying them out as implementations are made available. -Ittai
wb8foz@mthvax.cs.miami.edu (David Lesher) (06/02/90)
Gee, the funny thing is, few of us on the Usenet side were bothered by this lid. Why? A responsible net_citizen cancelled all the garbage before most people saw it. It's a pity your maillist software won't handle cancels; then you would not have been annoyed either. Maybe you should fix it. ;-} There are things that annoy me about maillist<-->newsgroup bridging. The chief one is all the "PLEASE UNSUBSCRIBE ME" psotings that it brings. Nothing is perfect; most of all Usenet. If you are really that upset by this very unusual event, may I suggest you snag "filter" from the elm distribution and set it up to bit_bucket all that "trash" that comes from the bridge site. I hope this bridge keeps working. I learn a lot reading this group. -- A host is a host from coast to coast.....wb8foz@mthvax.cs.miami.edu & no one will talk to a host that's close............(305) 255-RTFM Unless the host (that isn't close)......................pob 570-335 is busy, hung or dead....................................33257-0335
jacob@gore.com (Jacob Gore) (06/02/90)
/ comp.protocols.tcp-ip / jas@proteon.com (John A. Shriver) / Jun 1, 1990 / > I'd rather the "gateways" be made one > way (out from Internet only), or even non-existent. [...] > I realize that this would deny netnews/uucp only sites access to the > Internet mailing lists, You should also realize that this would deny people on the Internet mailing list contributions from Usenet users. > but if their umbrella organization (usenet) It's not an organization. It's a community. > cannot maintain professional standards of behavior, then that is their > loss. Ah, I see. Not your loss. All the important people are on the mailing lists. > By implementing a system without accountability, they create > that risk. True. Funny thing, though: this is what a lot of VMS/DECNET buffs were saying about the Internet after the Morris Worm. Until the DECNET worm a few months later, that is... > I (and others) would welcome netnews being made properly accountable > and secure. Certainly. But what's so special about mailing lists? It IS easy to fake Usenet messages; but are you saying that it's hard to fake messages sent to a mailing list? > not building the Received: lines may make netnews > more efficient, but this removes all vestiges of accountability. This > is a key problem. One can start a mail message with a fake sequence of "Received:" lines just as easily as starting a Usenet message with a fake "Path:" line (which is what the cowabanga bozo did). Jacob -- Jacob Gore Jacob@Gore.Com boulder!gore!jacob
sl@van-bc.UUCP (Stuart Lynne) (06/02/90)
In article <1990Jun2.033607.9779@mthvax.cs.miami.edu> wb8foz@mthvax.cs.miami.edu (David Lesher) writes: }Gee, the funny thing is, few of us on the Usenet side were }bothered by this lid. Why? A responsible net_citizen cancelled }all the garbage before most people saw it. It's a pity your }maillist software won't handle cancels; then you would not have }been annoyed either. Maybe you should fix it. ;-} The other funny thing is that slightly more than half the traffic originates on this side of the fence. I just did a simple straw poll, out of 88 articles in /usr/spool/news/comp/protocols/tcp-ip, only 34 had originated from "The Internet". -- Stuart.Lynne@wimsey.bc.ca ubc-cs!van-bc!sl 604-937-7532(voice)
mo@messy.bellcore.com (Michael O'Dell) (06/02/90)
The notion that mail or mailing lists on the Internet are either "secure" or "accountable" is simply hysterical. -Mike
bzs@world.std.com (Barry Shein) (06/04/90)
>The notion that mail or mailing lists on the Internet are either >"secure" or "accountable" is simply hysterical. > -Mike I agree, the loudest arguments here appear to be non-sequitars and "truisms" searching desparately for some pre-determined conclusion. What I suspect is really at work here is an underlying argument that "dial-up UUCP is cheap, therefore it must be (security-wise) inferior". In fact, those dial-ups require valid login/password pairs before any delivery is made in virtually every case. The problem actually stems from abuse of internet software, SMTP and other protocols are completely vulnerable in much the same way. But so what? So is your telephone, what stops me from rigging a box to dial hundreds of homes in the area at 3AM and play a tape of obscenities? Say from a pay phone or direct tap (which is analogous to this forgery stuff), etc. Hell, people do similar things legally around here (those auto-dialers that tell me to dial this 900 number right now to win my "free prize"), tho not at 3AM (lord help me if I work nights, however.) In the end what we really have to deal with is what standards we are willing to be measured by. If we put forth the image that the only reasonable network is one where it's impossible to post an obnoxious message, ever, and then communicate that to the public as a minimum standard of viability, then the technology is doomed, because we will never be able to deliver that. This is very critical, and I think many of these protests are demanding undesirable expectations as if they were tacit and agreed to by everyone. They're not, and I still consider my house locked up when I have only glass in my windows. And I'm willing to put up with the occasional obnoxious phone call if it keeps phone service easy to use and inexpensive, or at least deal with it on a per incident basis, etc. Somewhere in here is a classic exercise in the trade-offs of freedom vs. security. -Barry Shein Software Tool & Die | {xylogics,uunet}!world!bzs | bzs@world.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
imp@dancer.Solbourne.COM (Warner Losh) (06/04/90)
In article <670006@gore.com> jacob@gore.com (Jacob Gore) writes: >But what's so special about mailing lists? It IS easy to fake Usenet >messages; but are you saying that it's hard to fake messages sent to a >mailing list? Jacob makes a good point. SMTP mail is trivially easy for anybody with an account on any internet machine to forge. Details can be found elsewhere. The "good" thing about USENET news is that it puts an explicit path on all messages, so they can be traced fairly easily. Given the current state of the art of SMTP daemons, it is possible to create a message that can't be traced back to the offending system, much less the user that posted it. Fortunately, there is some good working going on to help stop this. The new host requirements RFC helps some. Other efforts are also in the works. Some of them are misdirected (like fingering the "from" line or assuming ports below 1024 are secure), while others are good (like using heuristics to place a "Warning, this may be bogus" in the headers). Someday we will reach the state where it is not possible to forge mail, or at the very least we will know where the forgery came from. Until that date, you must do what you do with your 50's and 100's today: Double Check them before you accept them. -- Warner Losh imp@Solbourne.COM
smart@ditmela.oz (Robert Smart) (06/04/90)
Somebody should get the political scientists on to the network news and the Internet. They are very interesting and succesful examples of a form of political organization whose name is quite discredited in the world today, namely anarchy. If you are interested in the concept of anarchy in a wider context you should read "The Dispossessed" by Ursula Le Guin. It is a convincing description of what an anarchy would be like. Not a picnic, that's for sure. You will have no trouble recognizing the equivalents of people from our network world, from the idealists who work hard with little thanks for the common good to the idiots who take advantage of the anarchy's freedom and don't contribute. It is easy to see the glaring weaknesses of an anarchic arrangement. Little incidents show this. But let's not give it away when nothing serious has happened. The successes far outweigh the problems, and it isn't at all clear that a more structured or controlled environment would be so successful. Bob Smart <smart@mel.dit.csiro.au>
jc@minya.UUCP (John Chambers) (06/08/90)
In article <23824@bellcore.bellcore.com>, mo@messy.bellcore.com (Michael O'Dell) writes: > The notion that mail or mailing lists on the Internet are either > "secure" or "accountable" is simply hysterical. > -Mike Insults aside, I'd like to hear a coherent definition of these terms with regards to mailing lists. I'm not being facetious or asking a rhetorical question. It's clear that people have some concept in mind when they use such phrases; I'd like to read a definition that can be used to develop software. It's all very well to say that you want your system secure, verifiable, and all that. But until you've said quite precisely what these terms mean, you're speaking sales propoganda, not computer engineering. The basic problem is that a mailing list is basically an automatic forwarder. All that I've seen work in the same way: There is a pseudo-user (account) "mlist" on machine "foo", and any mail to mlist@foo (or foo!mlist or foo::mlist or ...) gets bounced to all the recipients on a list. Anyone who knows how to get mail to foo can send a message to the entire list. This isn't a bug; it's what the list was meant for. What would it mean for a list to be secure? Would this perhaps mean that nobody not on the mailing list could send mail to mlist@foo? This seems rather pointless. After all, the whole point of a mailing list is to encourage sending relevant comments to everyone on the list. If someone has a contribution to make to a discussion, I'd certainly expect that I could show them what I'd received, and invite them to post their comments on the list by sending mail to foo::mlist. Maybe they'd want to get on the list, but that takes time; meanwhile they should be able to contribute. Does secure perhaps mean that the mail can't go to anyone not on the list? This seems a bit naive. I can always write a program that scans my mail for articles from a list of sources, and mails a copy to someone else. I can't imagine how the manager of the mailing list could prevent my doing this. For that matter, as the manager of email on this machine, I could write a filter for all incoming mail looking for certain subjects, sources, keywords, etc., and do whatever I want with them. Sure, some people will be outraged (or would, if they found out :-); others would insist that I am legally required to do so by recent court decisions... But all that is beside the point; the point is that I or any other email manager or recipient *could* do it, and the manager of the mailing list has no way whatsoever of knowing about it. So when someone asks for a secure mailing list, what could they possibly have in mind? Is this just a vague, fuzzy buzz-phrase, or does it have some specifiable meaning? I might also refer y'all to John McCarthy's article "Networks Considered Harmful for Electronic Mail" in last December's CACM, for an interesting alternate opinion. -- Uucp: ...!{harvard.edu,ima.com,mit-eddie.edu}!minya!jc (John Chambers) Home: 1-617-484-6393 Work: 1-508-952-3274 Cute-Saying: It's never to late to have a happy childhood.
bob@MorningStar.Com (Bob Sutterfield) (06/08/90)
In article <393@minya.UUCP> jc@minya.UUCP (John Chambers) writes: In article <23824@bellcore.bellcore.com>, mo@messy.bellcore.com (Michael O'Dell) writes: The notion that mail or mailing lists on the Internet are either "secure" or "accountable" is simply hysterical. What would it mean for a list to be secure? Would this perhaps mean that nobody not on the mailing list could send mail to mlist@foo? If someone has a contribution to make to a discussion... they should be able to contribute. Some mailing lists have implemented filters to block users who consistently and persistently post inflammable messages with the particular purpose of inciting wars. These mailing lists tend to be ones carrying political or religious discussions and other topics that are prone to particular emotionalism. I don't know of any technically-oriented list that has needed to take this step. Does secure perhaps mean that the mail can't go to anyone not on the list? ... I can always ... mail a copy to someone else. I can't imagine how the manager of the mailing list could prevent my doing this. This is the practice on certain security-oriented mailing lists, where the list maintainer requests that members not forward the messages to anyone not on the list, and not keep them in publicly-readable places. The list maintainer enforces this policy by threatening to remove any member from the list, upon sufficient proof of misbehavior. So when someone asks for a secure mailing list, what could they possibly have in mind? Is this just a vague, fuzzy buzz-phrase, or does it have some specifiable meaning? When I hear "secure mail" I generally think that it means that the mail comes from the person named in the From: line, and goes only to the person named in the To: line. If the From: line is inaccurate it's either a bug or a forgery, and if someone other than those listed in the To: line reads the mail, it's either a bug or snooping. I think similar things about mailing lists, but in a one-to-many context. There are plenty of research projects in secure communications. One area is secure electronic mail. But the S in SMTP is Simple, not Secure. Don't get your hopes up with something so Simple.