1 |
On 8/18/20 5:59 AM, Caveman Al Toraboran wrote: |
2 |
> redundant as in containing concepts already done in other protocols, |
3 |
> so smtp has many re-invented wheels that are already invented in |
4 |
> existing protocols. |
5 |
|
6 |
Please elaborate. Please be careful to provide information about /when/ |
7 |
the protocols that SMTP is supposedly redundant of were developed. |
8 |
|
9 |
I suspect that you will quickly find that SMTP predates the protocols |
10 |
that you are stating it's redundant of. I further suspect that you will |
11 |
find that SMTP predates them by 10, or more likely 20, if not 30 years. |
12 |
|
13 |
Here's a hint. SMTP was ~82. HTTP (1.0) was ~89. We couldn't post |
14 |
thing in HTTP 1.0. HTTP 2.0 was ~15. |
15 |
|
16 |
> basically smtp, as an application-layer protocol, is needless. |
17 |
|
18 |
We are all entitled to our own opinion. |
19 |
|
20 |
> imo, smtp should be a much-higher level protocol defined purely on |
21 |
> top of how dns and http/2. |
22 |
|
23 |
How do you get any higher layer than the application layer? |
24 |
|
25 |
> e.g. for mail submission, there is no need for a separate |
26 |
> application-layer protocol as we can simply use http/2. because the |
27 |
> concept of mail submission is a special case of data submission, |
28 |
> which is already in http/2. |
29 |
|
30 |
HTTP /now/ has a way to submit data. HTTP didn't exist when SMTP was |
31 |
developed. Further, HTTP didn't have the ability to submit data for a |
32 |
while. |
33 |
|
34 |
If you look at multiple layers of the network stack, HTTP and SMTP are |
35 |
both at the application layer. Now you are suggesting moving equal |
36 |
peers so that mail is subservient of / dependent on web? |
37 |
|
38 |
Does HTTP or the web servers have the ability to queue messages to send |
39 |
between systems? How many web servers handle routing of incoming |
40 |
messages to send to other servers? How dynamic is this web server |
41 |
configuration to allow servers for two people who have never exchanged |
42 |
email to do so? |
43 |
|
44 |
This routing, queuing, and many more features are baked into the email |
45 |
ecosystem. Features that I find decidedly lacking in the web ecosystem. |
46 |
|
47 |
> here is a more complete example of what i mean: |
48 |
> |
49 |
> 1. we lookup MX records to identify smtp servers to submit mails to. |
50 |
> 2. from the response to that lookup we get a domain name, say, |
51 |
> mail.dom.com. |
52 |
|
53 |
#1 and 2 are par for what we have today. No improvement. |
54 |
|
55 |
> 3. then, the standard defines a http/2 request format to submit |
56 |
> the mail. |
57 |
|
58 |
Given how things never die on the Internet, you're going to need both |
59 |
SMTP /and/ HTTP /on/ /the/ /email/ /server/ to be able to send & receive |
60 |
email with people on the Internet. |
61 |
|
62 |
So you now have a HUGE net negative in that you have the existing |
63 |
service plus a new service. You're in many ways doubling the exposure |
64 |
and security risk of email servers. |
65 |
|
66 |
> an example of step (3) could be this: |
67 |
> |
68 |
> https://mail.dom.com/from=...&to=...&cc=...\ |
69 |
> &bcc=...&subject=...&attach1=...&attach2=...\ |
70 |
> &attachn=... |
71 |
|
72 |
If you were to do this, you would NOT do it via GETs with URL |
73 |
parameters. You would do it as POSTs. |
74 |
|
75 |
You will also have to find a way to deal with all the aspects of SMTP |
76 |
and RFC 822 email + mime. I suspect that you will find this to be |
77 |
extremely tricky. Especially if you try to avoid SMTP / RFC 822 |
78 |
semantics b/c SMTP is apparently a bad thing. |
79 |
|
80 |
How does your example scheme account for the fact that the SMTP envelope |
81 |
from address frequently diff from the RFC 822 From: header? Remember, |
82 |
this very feature is used thousands of times per day. So you have to |
83 |
have it. |
84 |
|
85 |
There's also many Many MANY other features of SMTP that are also used |
86 |
thousands of times a day that I'm seeing no evidence of. |
87 |
|
88 |
> i don't know how http/2 works. do they have |
89 |
> POST requests? if so maybe fields attach1, |
90 |
> attach2, ..., attachn can be submitted as file |
91 |
> uploads using POST. |
92 |
> |
93 |
> further, if we modify steps (1) and (2), we can generalise this |
94 |
> concept into tor services. e.g. an email address simply becomes an |
95 |
> onion address. e.g. if vagzgdrh747aei0q.onion is the hidden service |
96 |
> address of your mail server, then your email address could be written |
97 |
> as (for convenience): |
98 |
> |
99 |
> remco@××××××××××××××××.onion |
100 |
|
101 |
I ... I don't have the words. Go run that idea past an SEO expert. |
102 |
|
103 |
Go ask people to drop their domain name in favor of a hash. |
104 |
|
105 |
I'm not going to hold my breath. |
106 |
|
107 |
How are you going to handle the billions of email clients that exist |
108 |
today, many of which will never be updated, to handle ToR? You're going |
109 |
to have to have something to gateway old and new. |
110 |
|
111 |
That means that you're still going to have steps #1 and #2. You can't |
112 |
get away from them without everybody and everything migrating to the new |
113 |
system. Even then, chances are still extremely good that you're /still/ |
114 |
going to have #2. |
115 |
|
116 |
> and when a "mail" client tries to submit you an email, it submits it |
117 |
> by this url: |
118 |
> |
119 |
> https://vagzgdrh747aei0q.onion/to=remco&...etc. |
120 |
|
121 |
I haven't the words. |
122 |
|
123 |
> then, in order to authenticate a source, we simply use public-private |
124 |
> keys ... |
125 |
|
126 |
Because that has worked out so well and with so few problems in the past |
127 |
25 years. |
128 |
|
129 |
> ... to sign messages. |
130 |
|
131 |
Even /more/ unlikely to be ubiquitously adopted. |
132 |
|
133 |
> basically, our public keys become our user identifiers. |
134 |
|
135 |
What?! |
136 |
|
137 |
Now you are taking away the human friendly name in addition to the |
138 |
domain name. |
139 |
|
140 |
People are going to be lined up to hang you. |
141 |
|
142 |
> this will also solve the problem of the case when an onion address |
143 |
> changes. |
144 |
|
145 |
I don't think so. |
146 |
|
147 |
> i call this protocol mailball for the purpose of making speech this |
148 |
> mail thread a bit easier. of course, we can pick better names, |
149 |
> and refine the mechanics. |
150 |
|
151 |
There are a LOT of mechanics that need to be defined before they can |
152 |
even be refined. |
153 |
|
154 |
> for people who use the deprecated smtp protocol, yes, it will be |
155 |
> "don't spam us, we'll spam you". |
156 |
|
157 |
I think you'll find that your mail(fire)ball will be excommunicated form |
158 |
the rest of the SMTP speaking Internet and never gain enough traction, |
159 |
much less take over and become the norm. |
160 |
|
161 |
> however, that's not our fault. they are using a deprecated protocol, |
162 |
> and we are just kind enough to allow them an opportunity to talk |
163 |
> to us over the superior mailball protocol. |
164 |
|
165 |
Oh, how graciously thoughtful of yo.... See my previous statement. |
166 |
|
167 |
> basically, they are using deprecated identifiers (email ids) instead |
168 |
> of public keys, and we're kind enough to give them a temporary api |
169 |
> so that we confirm their emails. |
170 |
|
171 |
LOL |
172 |
|
173 |
> on the other hand, people who use mailball will not have this problem. |
174 |
> why? because ids are public keys anyway, and their messages are |
175 |
> signed by their private keys (the usual drill, won't insult your |
176 |
> intelligence). |
177 |
|
178 |
So, how will mail(fire)ball prevent me from creating as many key pairs |
179 |
as I want and sending you a message from each and every one of them? |
180 |
How does this do anything to prevent spam or viruses? |
181 |
|
182 |
How well does your security hold up when, not if, someone creates a |
183 |
gateway to make it trivial to send SMTP based email into mail(fire)ball? |
184 |
It will happen just after mail(fire)ball gets just enough traction |
185 |
that people scratch the surface to look at it. That is if it doesn't |
186 |
happen as part of getting enough people Interested. Or even your own |
187 |
""API that you are graciously providing. |
188 |
|
189 |
|
190 |
|
191 |
-- |
192 |
Grant. . . . |
193 |
unix || die |