| 1 |
On 8/18/20 5:59 AM, Caveman Al Toraboran wrote: |
| 2 |
> redundant as in containing concepts already done in other protocols, |
| 3 |
> so smtp has many re-invented wheels that are already invented in |
| 4 |
> existing protocols. |
| 5 |
|
| 6 |
Please elaborate. Please be careful to provide information about /when/ |
| 7 |
the protocols that SMTP is supposedly redundant of were developed. |
| 8 |
|
| 9 |
I suspect that you will quickly find that SMTP predates the protocols |
| 10 |
that you are stating it's redundant of. I further suspect that you will |
| 11 |
find that SMTP predates them by 10, or more likely 20, if not 30 years. |
| 12 |
|
| 13 |
Here's a hint. SMTP was ~82. HTTP (1.0) was ~89. We couldn't post |
| 14 |
thing in HTTP 1.0. HTTP 2.0 was ~15. |
| 15 |
|
| 16 |
> basically smtp, as an application-layer protocol, is needless. |
| 17 |
|
| 18 |
We are all entitled to our own opinion. |
| 19 |
|
| 20 |
> imo, smtp should be a much-higher level protocol defined purely on |
| 21 |
> top of how dns and http/2. |
| 22 |
|
| 23 |
How do you get any higher layer than the application layer? |
| 24 |
|
| 25 |
> e.g. for mail submission, there is no need for a separate |
| 26 |
> application-layer protocol as we can simply use http/2. because the |
| 27 |
> concept of mail submission is a special case of data submission, |
| 28 |
> which is already in http/2. |
| 29 |
|
| 30 |
HTTP /now/ has a way to submit data. HTTP didn't exist when SMTP was |
| 31 |
developed. Further, HTTP didn't have the ability to submit data for a |
| 32 |
while. |
| 33 |
|
| 34 |
If you look at multiple layers of the network stack, HTTP and SMTP are |
| 35 |
both at the application layer. Now you are suggesting moving equal |
| 36 |
peers so that mail is subservient of / dependent on web? |
| 37 |
|
| 38 |
Does HTTP or the web servers have the ability to queue messages to send |
| 39 |
between systems? How many web servers handle routing of incoming |
| 40 |
messages to send to other servers? How dynamic is this web server |
| 41 |
configuration to allow servers for two people who have never exchanged |
| 42 |
email to do so? |
| 43 |
|
| 44 |
This routing, queuing, and many more features are baked into the email |
| 45 |
ecosystem. Features that I find decidedly lacking in the web ecosystem. |
| 46 |
|
| 47 |
> here is a more complete example of what i mean: |
| 48 |
> |
| 49 |
> 1. we lookup MX records to identify smtp servers to submit mails to. |
| 50 |
> 2. from the response to that lookup we get a domain name, say, |
| 51 |
> mail.dom.com. |
| 52 |
|
| 53 |
#1 and 2 are par for what we have today. No improvement. |
| 54 |
|
| 55 |
> 3. then, the standard defines a http/2 request format to submit |
| 56 |
> the mail. |
| 57 |
|
| 58 |
Given how things never die on the Internet, you're going to need both |
| 59 |
SMTP /and/ HTTP /on/ /the/ /email/ /server/ to be able to send & receive |
| 60 |
email with people on the Internet. |
| 61 |
|
| 62 |
So you now have a HUGE net negative in that you have the existing |
| 63 |
service plus a new service. You're in many ways doubling the exposure |
| 64 |
and security risk of email servers. |
| 65 |
|
| 66 |
> an example of step (3) could be this: |
| 67 |
> |
| 68 |
> https://mail.dom.com/from=...&to=...&cc=...\ |
| 69 |
> &bcc=...&subject=...&attach1=...&attach2=...\ |
| 70 |
> &attachn=... |
| 71 |
|
| 72 |
If you were to do this, you would NOT do it via GETs with URL |
| 73 |
parameters. You would do it as POSTs. |
| 74 |
|
| 75 |
You will also have to find a way to deal with all the aspects of SMTP |
| 76 |
and RFC 822 email + mime. I suspect that you will find this to be |
| 77 |
extremely tricky. Especially if you try to avoid SMTP / RFC 822 |
| 78 |
semantics b/c SMTP is apparently a bad thing. |
| 79 |
|
| 80 |
How does your example scheme account for the fact that the SMTP envelope |
| 81 |
from address frequently diff from the RFC 822 From: header? Remember, |
| 82 |
this very feature is used thousands of times per day. So you have to |
| 83 |
have it. |
| 84 |
|
| 85 |
There's also many Many MANY other features of SMTP that are also used |
| 86 |
thousands of times a day that I'm seeing no evidence of. |
| 87 |
|
| 88 |
> i don't know how http/2 works. do they have |
| 89 |
> POST requests? if so maybe fields attach1, |
| 90 |
> attach2, ..., attachn can be submitted as file |
| 91 |
> uploads using POST. |
| 92 |
> |
| 93 |
> further, if we modify steps (1) and (2), we can generalise this |
| 94 |
> concept into tor services. e.g. an email address simply becomes an |
| 95 |
> onion address. e.g. if vagzgdrh747aei0q.onion is the hidden service |
| 96 |
> address of your mail server, then your email address could be written |
| 97 |
> as (for convenience): |
| 98 |
> |
| 99 |
> remco@××××××××××××××××.onion |
| 100 |
|
| 101 |
I ... I don't have the words. Go run that idea past an SEO expert. |
| 102 |
|
| 103 |
Go ask people to drop their domain name in favor of a hash. |
| 104 |
|
| 105 |
I'm not going to hold my breath. |
| 106 |
|
| 107 |
How are you going to handle the billions of email clients that exist |
| 108 |
today, many of which will never be updated, to handle ToR? You're going |
| 109 |
to have to have something to gateway old and new. |
| 110 |
|
| 111 |
That means that you're still going to have steps #1 and #2. You can't |
| 112 |
get away from them without everybody and everything migrating to the new |
| 113 |
system. Even then, chances are still extremely good that you're /still/ |
| 114 |
going to have #2. |
| 115 |
|
| 116 |
> and when a "mail" client tries to submit you an email, it submits it |
| 117 |
> by this url: |
| 118 |
> |
| 119 |
> https://vagzgdrh747aei0q.onion/to=remco&...etc. |
| 120 |
|
| 121 |
I haven't the words. |
| 122 |
|
| 123 |
> then, in order to authenticate a source, we simply use public-private |
| 124 |
> keys ... |
| 125 |
|
| 126 |
Because that has worked out so well and with so few problems in the past |
| 127 |
25 years. |
| 128 |
|
| 129 |
> ... to sign messages. |
| 130 |
|
| 131 |
Even /more/ unlikely to be ubiquitously adopted. |
| 132 |
|
| 133 |
> basically, our public keys become our user identifiers. |
| 134 |
|
| 135 |
What?! |
| 136 |
|
| 137 |
Now you are taking away the human friendly name in addition to the |
| 138 |
domain name. |
| 139 |
|
| 140 |
People are going to be lined up to hang you. |
| 141 |
|
| 142 |
> this will also solve the problem of the case when an onion address |
| 143 |
> changes. |
| 144 |
|
| 145 |
I don't think so. |
| 146 |
|
| 147 |
> i call this protocol mailball for the purpose of making speech this |
| 148 |
> mail thread a bit easier. of course, we can pick better names, |
| 149 |
> and refine the mechanics. |
| 150 |
|
| 151 |
There are a LOT of mechanics that need to be defined before they can |
| 152 |
even be refined. |
| 153 |
|
| 154 |
> for people who use the deprecated smtp protocol, yes, it will be |
| 155 |
> "don't spam us, we'll spam you". |
| 156 |
|
| 157 |
I think you'll find that your mail(fire)ball will be excommunicated form |
| 158 |
the rest of the SMTP speaking Internet and never gain enough traction, |
| 159 |
much less take over and become the norm. |
| 160 |
|
| 161 |
> however, that's not our fault. they are using a deprecated protocol, |
| 162 |
> and we are just kind enough to allow them an opportunity to talk |
| 163 |
> to us over the superior mailball protocol. |
| 164 |
|
| 165 |
Oh, how graciously thoughtful of yo.... See my previous statement. |
| 166 |
|
| 167 |
> basically, they are using deprecated identifiers (email ids) instead |
| 168 |
> of public keys, and we're kind enough to give them a temporary api |
| 169 |
> so that we confirm their emails. |
| 170 |
|
| 171 |
LOL |
| 172 |
|
| 173 |
> on the other hand, people who use mailball will not have this problem. |
| 174 |
> why? because ids are public keys anyway, and their messages are |
| 175 |
> signed by their private keys (the usual drill, won't insult your |
| 176 |
> intelligence). |
| 177 |
|
| 178 |
So, how will mail(fire)ball prevent me from creating as many key pairs |
| 179 |
as I want and sending you a message from each and every one of them? |
| 180 |
How does this do anything to prevent spam or viruses? |
| 181 |
|
| 182 |
How well does your security hold up when, not if, someone creates a |
| 183 |
gateway to make it trivial to send SMTP based email into mail(fire)ball? |
| 184 |
It will happen just after mail(fire)ball gets just enough traction |
| 185 |
that people scratch the surface to look at it. That is if it doesn't |
| 186 |
happen as part of getting enough people Interested. Or even your own |
| 187 |
""API that you are graciously providing. |
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
-- |
| 192 |
Grant. . . . |
| 193 |
unix || die |
Archives