| 1 |
thanks. highly appreciate your time. to save |
| 2 |
space i'll skip parts where i fully agree |
| 3 |
with/happily-learned. |
| 4 |
|
| 5 |
(e.g. loop detection; good reminder, i wasn't |
| 6 |
thinking about it. plus didn't know of acronyms |
| 7 |
DSN, MDNs, etc; nice keywords for further |
| 8 |
googing). |
| 9 |
|
| 10 |
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ |
| 11 |
On Friday, August 21, 2020 8:59 PM, Grant Taylor <gtaylor@×××××××××××××××××××××.net> wrote: |
| 12 |
|
| 13 |
> On 8/20/20 7:39 PM, Caveman Al Toraboran wrote: |
| 14 |
> |
| 15 |
> > 1. receipt by final mail server (mandatory). |
| 16 |
> > |
| 17 |
> |
| 18 |
> You're missing the point that each and every single server along the |
| 19 |
> path between the original submission server and the final destination |
| 20 |
> server is on the hook for delivery of the message -or- notification of |
| 21 |
> it's failure back to the purported sender address. So "final mail |
| 22 |
> server" is not sufficient. |
| 23 |
|
| 24 |
i was thinking (and still) if such relay-by-relay |
| 25 |
delivery increases probability of error by a |
| 26 |
factor of n (n = number of relays in the middle). |
| 27 |
e.g. probability of accidental silent mail loss is |
| 28 |
if one, or more, accidentally said "yes got it!" |
| 29 |
but actually didn't. i.e.: |
| 30 |
|
| 31 |
Pr(silent loss) = |
| 32 |
|
| 33 |
sum_{k=1}^n |
| 34 |
{n choose k} |
| 35 |
* Pr(mistake)**k |
| 36 |
* Pr(no mistake)**{n-k} |
| 37 |
|
| 38 |
n = number of relays in the middle. |
| 39 |
* = mult. |
| 40 |
** = exponent. |
| 41 |
|
| 42 |
i wonder if it would be better if only the entry |
| 43 |
relay aims at the confirmation from the terminal |
| 44 |
server? this way we won't need to assume that |
| 45 |
relays in the middle are honouring their guarantees, |
| 46 |
hence the probability above would be smaller since |
| 47 |
k is limited up to 2 despite n's growth. |
| 48 |
|
| 49 |
|
| 50 |
> Of course, there are servers that go against the RFC "MUST" directives |
| 51 |
> and either don't safely commit messages to disk /before/ saying |
| 52 |
> "Okay..." and / or don't deliver failure messages. |
| 53 |
|
| 54 |
care to point part of the rfc that defines "safe" |
| 55 |
commit to disk? e.g. how far does the rfc expect |
| 56 |
us to go? should we execute `sync`'s equivalent |
| 57 |
to ensure that data is actually written on disk |
| 58 |
and is not in operating system's file system write |
| 59 |
buffer? |
| 60 |
|
| 61 |
|
| 62 |
> Signing will be of somewhat limited value as it will quite likely be |
| 63 |
> subject to the same problem that DMARC / ARC suffer from now. Mail |
| 64 |
> servers can sign what they receive. But in doing so, they alter what is |
| 65 |
> sent to include their signature. As such, the data that the next server |
| 66 |
> receives is different. The real problem is working backwards. Down |
| 67 |
> stream servers don't have a reliable way to undo what upstream servers |
| 68 |
> have done to be able to get back to the original message to validate |
| 69 |
> signatures. |
| 70 |
|
| 71 |
onion signatures? e.g. message is wrapped around |
| 72 |
several layers of signatures for every relay in |
| 73 |
the path? |
| 74 |
|
| 75 |
|
| 76 |
> > this way we can have group-level rules. |
| 77 |
> |
| 78 |
> I'm not quite sure what you mean by group-level rules in this context. |
| 79 |
|
| 80 |
e.g. whitelisting, tagging, spam filtration, |
| 81 |
prioritizing, etc, based on entities that |
| 82 |
onion-signed the message. |
Archives