1 |
thanks. highly appreciate your time. to save |
2 |
space i'll skip parts where i fully agree |
3 |
with/happily-learned. |
4 |
|
5 |
(e.g. loop detection; good reminder, i wasn't |
6 |
thinking about it. plus didn't know of acronyms |
7 |
DSN, MDNs, etc; nice keywords for further |
8 |
googing). |
9 |
|
10 |
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ |
11 |
On Friday, August 21, 2020 8:59 PM, Grant Taylor <gtaylor@×××××××××××××××××××××.net> wrote: |
12 |
|
13 |
> On 8/20/20 7:39 PM, Caveman Al Toraboran wrote: |
14 |
> |
15 |
> > 1. receipt by final mail server (mandatory). |
16 |
> > |
17 |
> |
18 |
> You're missing the point that each and every single server along the |
19 |
> path between the original submission server and the final destination |
20 |
> server is on the hook for delivery of the message -or- notification of |
21 |
> it's failure back to the purported sender address. So "final mail |
22 |
> server" is not sufficient. |
23 |
|
24 |
i was thinking (and still) if such relay-by-relay |
25 |
delivery increases probability of error by a |
26 |
factor of n (n = number of relays in the middle). |
27 |
e.g. probability of accidental silent mail loss is |
28 |
if one, or more, accidentally said "yes got it!" |
29 |
but actually didn't. i.e.: |
30 |
|
31 |
Pr(silent loss) = |
32 |
|
33 |
sum_{k=1}^n |
34 |
{n choose k} |
35 |
* Pr(mistake)**k |
36 |
* Pr(no mistake)**{n-k} |
37 |
|
38 |
n = number of relays in the middle. |
39 |
* = mult. |
40 |
** = exponent. |
41 |
|
42 |
i wonder if it would be better if only the entry |
43 |
relay aims at the confirmation from the terminal |
44 |
server? this way we won't need to assume that |
45 |
relays in the middle are honouring their guarantees, |
46 |
hence the probability above would be smaller since |
47 |
k is limited up to 2 despite n's growth. |
48 |
|
49 |
|
50 |
> Of course, there are servers that go against the RFC "MUST" directives |
51 |
> and either don't safely commit messages to disk /before/ saying |
52 |
> "Okay..." and / or don't deliver failure messages. |
53 |
|
54 |
care to point part of the rfc that defines "safe" |
55 |
commit to disk? e.g. how far does the rfc expect |
56 |
us to go? should we execute `sync`'s equivalent |
57 |
to ensure that data is actually written on disk |
58 |
and is not in operating system's file system write |
59 |
buffer? |
60 |
|
61 |
|
62 |
> Signing will be of somewhat limited value as it will quite likely be |
63 |
> subject to the same problem that DMARC / ARC suffer from now. Mail |
64 |
> servers can sign what they receive. But in doing so, they alter what is |
65 |
> sent to include their signature. As such, the data that the next server |
66 |
> receives is different. The real problem is working backwards. Down |
67 |
> stream servers don't have a reliable way to undo what upstream servers |
68 |
> have done to be able to get back to the original message to validate |
69 |
> signatures. |
70 |
|
71 |
onion signatures? e.g. message is wrapped around |
72 |
several layers of signatures for every relay in |
73 |
the path? |
74 |
|
75 |
|
76 |
> > this way we can have group-level rules. |
77 |
> |
78 |
> I'm not quite sure what you mean by group-level rules in this context. |
79 |
|
80 |
e.g. whitelisting, tagging, spam filtration, |
81 |
prioritizing, etc, based on entities that |
82 |
onion-signed the message. |