1 |
On 8/18/20 4:36 PM, Grant Taylor wrote: |
2 |
> On 8/18/20 5:59 AM, Caveman Al Toraboran wrote: |
3 |
>> redundant as in containing concepts already done in other protocols, |
4 |
>> so smtp has many re-invented wheels that are already invented in |
5 |
>> existing protocols. |
6 |
> |
7 |
> Please elaborate.� Please be careful to provide information about /when/ |
8 |
> the protocols that SMTP is supposedly redundant of were developed. |
9 |
> |
10 |
> I suspect that you will quickly find that SMTP predates the protocols |
11 |
> that you are stating it's redundant of.� I further suspect that you will |
12 |
> find that SMTP predates them by 10, or more likely 20, if not 30 years. |
13 |
> |
14 |
> Here's a hint.� SMTP was ~82.� HTTP (1.0) was ~89.� We couldn't post |
15 |
> thing in HTTP 1.0.� HTTP 2.0 was ~15. |
16 |
> |
17 |
>> basically smtp, as an application-layer protocol, is needless. |
18 |
> |
19 |
> We are all entitled to our own opinion. |
20 |
> |
21 |
>> imo, smtp should be a much-higher level protocol defined purely on top |
22 |
>> of how dns and http/2. |
23 |
> |
24 |
> How do you get any higher layer than the application layer? |
25 |
> |
26 |
>> e.g. for mail submission, there is no need for a separate |
27 |
>> application-layer protocol as we can simply use http/2.� because the |
28 |
>> concept of mail submission is a special case of data submission, which |
29 |
>> is already in http/2. |
30 |
> |
31 |
> HTTP /now/ has a way to submit data.� HTTP didn't exist when SMTP was |
32 |
> developed.� Further, HTTP didn't have the ability to submit data for a |
33 |
> while. |
34 |
> |
35 |
> If you look at multiple layers of the network stack, HTTP and SMTP are |
36 |
> both at the application layer.� Now you are suggesting moving equal |
37 |
> peers so that mail is subservient of / dependent on web? |
38 |
> |
39 |
> Does HTTP or the web servers have the ability to queue messages to send |
40 |
> between systems?� How many web servers handle routing of incoming |
41 |
> messages to send to other servers?� How dynamic is this web server |
42 |
> configuration to allow servers for two people who have never exchanged |
43 |
> email to do so? |
44 |
> |
45 |
> This routing, queuing, and many more features are baked into the email |
46 |
> ecosystem.� Features that I find decidedly lacking in the web ecosystem. |
47 |
> |
48 |
>> here is a more complete example of what i mean: |
49 |
>> |
50 |
>> 1. we lookup MX records to identify smtp servers to submit mails to. |
51 |
>> 2. from the response to that lookup we get a domain name, say, |
52 |
>> mail.dom.com. |
53 |
> |
54 |
> #1 and 2 are par for what we have today.� No improvement. |
55 |
> |
56 |
>> 3. then, the standard defines a http/2 request format to submit the mail. |
57 |
> |
58 |
> Given how things never die on the Internet, you're going to need both |
59 |
> SMTP /and/ HTTP /on/ /the/ /email/ /server/ to be able to send & receive |
60 |
> email with people on the Internet. |
61 |
> |
62 |
> So you now have a HUGE net negative in that you have the existing |
63 |
> service plus a new service.� You're in many ways doubling the exposure |
64 |
> and security risk of email servers. |
65 |
> |
66 |
>> an example of step (3) could be this: |
67 |
>> |
68 |
>> ���� https://mail.dom.com/from=...&to=...&cc=...\ |
69 |
>> ���� &bcc=...&subject=...&attach1=...&attach2=...\ |
70 |
>> ���� &attachn=... |
71 |
> |
72 |
> If you were to do this, you would NOT do it via GETs with URL |
73 |
> parameters.� You would do it as POSTs. |
74 |
> |
75 |
> You will also have to find a way to deal with all the aspects of SMTP |
76 |
> and RFC 822 email + mime.� I suspect that you will find this to be |
77 |
> extremely tricky.� Especially if you try to avoid SMTP / RFC 822 |
78 |
> semantics b/c SMTP is apparently a bad thing. |
79 |
> |
80 |
> How does your example scheme account for the fact that the SMTP envelope |
81 |
> from address frequently diff from the RFC 822 From: header?� Remember, |
82 |
> this very feature is used thousands of times per day.� So you have to |
83 |
> have it. |
84 |
> |
85 |
> There's also many Many MANY other features of SMTP that are also used |
86 |
> thousands of times a day that I'm seeing no evidence of. |
87 |
> |
88 |
>> ���� i don't know how http/2 works.� do they have |
89 |
>> ���� POST requests?� if so maybe fields attach1, |
90 |
>> ���� attach2, ..., attachn can be submitted as file |
91 |
>> ���� uploads using POST. |
92 |
>> |
93 |
>> further, if we modify steps (1) and (2), we can generalise this |
94 |
>> concept into tor services.� e.g.� an email address simply becomes an |
95 |
>> onion address.� e.g. if vagzgdrh747aei0q.onion is the hidden service |
96 |
>> address of your mail server, then your email address could be written |
97 |
>> as (for convenience): |
98 |
>> |
99 |
>> ���� remco@××××××××××××××××.onion |
100 |
> |
101 |
> I ... I don't have the words.� Go run that idea past an SEO expert. |
102 |
> |
103 |
> Go ask people to drop their domain name in favor of a hash. |
104 |
> |
105 |
> I'm not going to hold my breath. |
106 |
> |
107 |
> How are you going to handle the billions of email clients that exist |
108 |
> today, many of which will never be updated, to handle ToR?� You're going |
109 |
> to have to have something to gateway old and new. |
110 |
> |
111 |
> That means that you're still going to have steps #1 and #2.� You can't |
112 |
> get away from them without everybody and everything migrating to the new |
113 |
> system.� Even then, chances are still extremely good that you're /still/ |
114 |
> going to have #2. |
115 |
> |
116 |
>> and when a "mail" client tries to submit you an email, it submits it |
117 |
>> by this url: |
118 |
>> |
119 |
>> ���� https://vagzgdrh747aei0q.onion/to=remco&...etc. |
120 |
> |
121 |
> I haven't the words. |
122 |
> |
123 |
>> then, in order to authenticate a source, we simply use public-private |
124 |
>> keys ... |
125 |
> |
126 |
> Because that has worked out so well and with so few problems in the past |
127 |
> 25 years. |
128 |
> |
129 |
>> ... to sign messages. |
130 |
> |
131 |
> Even /more/ unlikely to be ubiquitously adopted. |
132 |
> |
133 |
>> basically, our public keys become our user identifiers. |
134 |
> |
135 |
> What?! |
136 |
> |
137 |
> Now you are taking away the human friendly name in addition to the |
138 |
> domain name. |
139 |
> |
140 |
> People are going to be lined up to hang you. |
141 |
> |
142 |
>> this will also solve the problem of the case when an onion address |
143 |
>> changes. |
144 |
> |
145 |
> I don't think so. |
146 |
> |
147 |
>> i call this protocol mailball for the purpose of making speech this |
148 |
>> mail thread a bit easier.� of course, we can pick better names, and |
149 |
>> refine the mechanics. |
150 |
> |
151 |
> There are a LOT of mechanics that need to be defined before they can |
152 |
> even be refined. |
153 |
> |
154 |
>> for people who use the deprecated smtp protocol, yes, it will be |
155 |
>> "don't spam us, we'll spam you". |
156 |
> |
157 |
> I think you'll find that your mail(fire)ball will be excommunicated form |
158 |
> the rest of the SMTP speaking Internet and never gain enough traction, |
159 |
> much less take over and become the norm. |
160 |
> |
161 |
>> however, that's not our fault.� they are using a deprecated protocol, |
162 |
>> and we are just kind enough to allow them an opportunity to talk to us |
163 |
>> over the superior mailball protocol. |
164 |
> |
165 |
> Oh, how graciously thoughtful of yo....� See my previous statement. |
166 |
> |
167 |
>> basically, they are using deprecated identifiers (email ids) instead |
168 |
>> of public keys, and we're kind enough to give them a temporary api so |
169 |
>> that we confirm their emails. |
170 |
> |
171 |
> LOL |
172 |
> |
173 |
>> on the other hand, people who use mailball will not have this problem. |
174 |
>> why?� because ids are public keys anyway, and their messages are |
175 |
>> signed by their private keys (the usual drill, won't insult your |
176 |
>> intelligence). |
177 |
> |
178 |
> So, how will mail(fire)ball prevent me from creating as many key pairs |
179 |
> as I want and sending you a message from each and every one of them? How |
180 |
> does this do anything to prevent spam or viruses? |
181 |
> |
182 |
> How well does your security hold up when, not if, someone creates a |
183 |
> gateway to make it trivial to send SMTP based email into mail(fire)ball? |
184 |
> �It will happen just after mail(fire)ball gets just enough traction |
185 |
> that people scratch the surface to look at it.� That is if it doesn't |
186 |
> happen as part of getting enough people Interested.� Or even your own |
187 |
> ""API that you are graciously providing. |
188 |
|
189 |
|
190 |
I find all of this *fascinating*. |
191 |
|
192 |
So I have threads from 7/28 and others that attempt to discover the |
193 |
(gentoo) packages necessary to run my own email services. I have (2) |
194 |
R.Pi4 (8Gram) and (2) more on order to build out complete |
195 |
mail/DNS/security for a small/moderate number of folks to use. Just me |
196 |
to start/test/debug. |
197 |
|
198 |
I'd like to build out Grant(Taylor) and Ashley's solution for further |
199 |
learning and testing, on Rpi4 based gentoo systems. robust security and |
200 |
reasonable straightforward (gentoo) admin, is my goal. |
201 |
|
202 |
Can either or both of you concisely list what I'd need |
203 |
(the ebuild list) to implement a basic, but complete, secure email |
204 |
system, as delineated in your recent posts? I'd be willing to document |
205 |
both the build and running tests, for the greater good of the gentoo |
206 |
community. |
207 |
If there is interests in the tests and results. |
208 |
|
209 |
|
210 |
Remember, I started this some months ago, cause Frontier does not even |
211 |
offer basic email services. I hate all thing cloud (deep desire to be |
212 |
100% independent of the cloud) and want the ability to remotely |
213 |
retrieve mails and send emails through *my email systems*. I am |
214 |
certainly not alone, as some have sent me private email, |
215 |
with similar desires. |
216 |
|
217 |
The big corporations are trying to destroy and remove standards based |
218 |
email from the internet. For me, it is my most useful, important and |
219 |
most desired feature of the internet. |
220 |
|
221 |
I'm ordering up (6) static IPs from Frontier. At some point, I'll put |
222 |
another primary bandwidth provider under this, with hopefully the |
223 |
ability to "bond the pipes" via BGP4 or another capable protocol. |
224 |
Keeping the list of codes to a minimum, is appreciated, at least until I |
225 |
get the (2) boards up and running. Previously, IPv6 address mapped to |
226 |
these boards was suggested. I do not see any reason why both ipv4 and |
227 |
ipv6 cannot be mapped (routed if you like) to these R.pi.4 boards |
228 |
simultaneously or separately, based on the test vectors under |
229 |
developmental/proof study? |
230 |
|
231 |
|
232 |
Sorry for "jumping" this wonderful 'diatribe' but if I post directly, |
233 |
via Verizon, to gentoo-user, it mostly bounces (another problem). |
234 |
Verizon is dumping their email services too: |
235 |
|
236 |
https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server |
237 |
|
238 |
https://www.howtoforge.com/perfect_server_gentoo_2007.0 |
239 |
|
240 |
https://www.androidpolice.com/2020/08/15/this-smartphone-has-physical-kill-switches-for-its-cameras-microphone-data-bluetooth-and-wi-fi/ |
241 |
|
242 |
motivated and curious, |
243 |
James |