Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!mit-eddie!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: comp.protocols.tcp-ip Subject: Re: trash message from usenet (BIFF) Message-ID: <393@minya.UUCP> Date: 8 Jun 90 04:26:49 GMT References: <9006011234.AA22023@monk.proteon.com> <23824@bellcore.bellcore.com> Lines: 59 In article <23824@bellcore.bellcore.com>, mo@messy.bellcore.com (Michael O'Dell) writes: > The notion that mail or mailing lists on the Internet are either > "secure" or "accountable" is simply hysterical. > -Mike Insults aside, I'd like to hear a coherent definition of these terms with regards to mailing lists. I'm not being facetious or asking a rhetorical question. It's clear that people have some concept in mind when they use such phrases; I'd like to read a definition that can be used to develop software. It's all very well to say that you want your system secure, verifiable, and all that. But until you've said quite precisely what these terms mean, you're speaking sales propoganda, not computer engineering. The basic problem is that a mailing list is basically an automatic forwarder. All that I've seen work in the same way: There is a pseudo-user (account) "mlist" on machine "foo", and any mail to mlist@foo (or foo!mlist or foo::mlist or ...) gets bounced to all the recipients on a list. Anyone who knows how to get mail to foo can send a message to the entire list. This isn't a bug; it's what the list was meant for. What would it mean for a list to be secure? Would this perhaps mean that nobody not on the mailing list could send mail to mlist@foo? This seems rather pointless. After all, the whole point of a mailing list is to encourage sending relevant comments to everyone on the list. If someone has a contribution to make to a discussion, I'd certainly expect that I could show them what I'd received, and invite them to post their comments on the list by sending mail to foo::mlist. Maybe they'd want to get on the list, but that takes time; meanwhile they should be able to contribute. Does secure perhaps mean that the mail can't go to anyone not on the list? This seems a bit naive. I can always write a program that scans my mail for articles from a list of sources, and mails a copy to someone else. I can't imagine how the manager of the mailing list could prevent my doing this. For that matter, as the manager of email on this machine, I could write a filter for all incoming mail looking for certain subjects, sources, keywords, etc., and do whatever I want with them. Sure, some people will be outraged (or would, if they found out :-); others would insist that I am legally required to do so by recent court decisions... But all that is beside the point; the point is that I or any other email manager or recipient *could* do it, and the manager of the mailing list has no way whatsoever of knowing about it. So when someone asks for a secure mailing list, what could they possibly have in mind? Is this just a vague, fuzzy buzz-phrase, or does it have some specifiable meaning? I might also refer y'all to John McCarthy's article "Networks Considered Harmful for Electronic Mail" in last December's CACM, for an interesting alternate opinion. -- Uucp: ...!{harvard.edu,ima.com,mit-eddie.edu}!minya!jc (John Chambers) Home: 1-617-484-6393 Work: 1-508-952-3274 Cute-Saying: It's never to late to have a happy childhood.