[tor-relays] Exit policy question

Eugen Leitl eugen at leitl.org
Fri Jun 3 19:03:49 UTC 2011 

On Fri, Jun 03, 2011 at 04:01:45PM +0000, Sven Olaf Kamphuis wrote:

> no, there is something wrong with a protocol that requires "Spam filters" 
> in the first place.

Any mature system requires way to deal with abuse. Email has been
been dealing with abuse nigh to 30 years now. It has gotten quite
good at it in the process. Many more modern systems are mostly in
babes in the woods mode, until it hits them, out of the blue. Abuse?
Nobody could have expected *that*!

>>
>>> handled over skype and other transports which have "friends lists"
>>
>> Skype? That thing that's blocked on corporate networks, and the
>> kind of company that autoinstalls malware despite explicit user's
>> wishes? The kind of company just purchased by Microsoft, which
>> forebodes plenty of great things in the future?
>
> whatever, jabber, msn, etc all have friends lists and none of them have  

I don't know what a friends list ist. I presume, you mean contacts.

> problems like smtp.

If it allows anonymous communication, it has to deal with exactly the
same problems like email. If you don't have that need, whitelisting/blacklisting
especially with digital signatures etc. is straightfoward enough.

>
>>
>>> nowadays. if they don't fix their protocol to have friends lists, they
>>> have no right to complain.. we're gonna completely shut down smtp soon
>>
>> Who is this 'we' kemosabe?
>
> the republic cyberbunker / cb3rob (as34109/51787), can't speak for the  
> rest of the internet but we conclude the same with our customers... smtp 
> based email, has been brought back to the bare nessesity and will 
> disappear soon enough.

If it works for you and you get to hand-pick your customers, sure.
Few people are so lucky.

>>
>>> enough, its old, dusty, not peer 2 peer (hardly any open relays
>>
>> It *WORKS*. And is an integral part of corporate communications.
>
> no, it does not "work", for all the reasons described here, the people  
> that tried to stop spam, only introduced more severe problems in the  
> process.

Any system allowing anonymous communication has to deal with abuse,
and false positives. There is no free lunch, unfortunately.

>> Insecure? Never heard about StartTLS or PGP/S/MIME?
>
> yeah sure, like ssl is a good idea... root exploit anyone, master keys  
> with an enemy of the european people (america), etc.

I don't see the problem in practice. E.g. a major pharma customer
audited us, asked for mandatory StartTLS, supplied CA/cert information
out of band, problem solved. It's all security theater anyway, so
insisting on Thawte doesn't offer you anything else than warm
fuzzies. Nothing wrong with that, especially if paying customers
insist on warm fuzzies. Hooray to warm fuzzies. Keeps the butter on your
bread.

> no thanks :P
>
> pgp, sure, but if we're gonna take -that- much trouble, might as well  
> replace the whole protocol :P

But people routinely run e.g. server-side PGP encryption as corporate
policy. Of course the protocol is braindead. But it works, and StartTLS
and application layer encryption does offer additional layer of defense.

>> Ftp is dead, too? Nobody told me.
>
> run some statistics on the number of people that install ftpd on servers  
> would ya... it's all ssh file transfer nowadays, and http for public file 
> transfer, google doesn't even index ftp (altavista did ;)

Most of our customers haven't even heard of sftp/scp. Wait, most of
our developers haven't heard of sftp/scp. I'm still surprised they've
heard of sockets. And TCP/IP, what do you mean by IPv4? And networks
are *always* octet-aligned, blessed their little hearts.

>>
>> In fact, ftp and mail server is the first thing that people yell about
>> when it goes down.
>
> the reason why this happens is because there is a bunch of popups on 
> their screen that stay there even if the pop3 server was unreachable for 

No, the typical reason is the server is silently broken, and they
realize it is because no mail is coming in. I'm not kidding, email
is almost as business-critical for most companies as telephone
(no VoIP, strictly POTS) is.

> a minute or so.. doesn't make it a 'more popular protocol' than skype.

As another anecdote, nobody on our networks uses Skype (because they 
couldn't). Not a single of our customers uses Skype (they do use WebEx, 
with POTS conferencing).

> just means that they notice any downtime, however small it may have been, 
> even if its a week ago :P
>
>>
>> What are you going to tell us next? That nobody uses telephones,
>> and there are no fax machines? Really? You sure?
>
> do you still have a fax machine working and connected?

Absolutely. I use it routinely, so do many other people.
My in-laws and wife's business is 95% dead tree facsimile.

> telephones? yeah sure but not on every desk anymore..

Most assuredly telephones. People insist on having functions
I don't even want to understand. Yet they use these. Most curious.

>> P.S. As someone who bitches about email, notice you're using
>> email, and you top-posted and failed to trim the message.
>
> i'll post wherever the fuck i want, tyvm :P

Just pointing out you're abusing a poor old protocol unnecessarily ;p

> and i'm aware that i'm using email, which doesn't nessesarily mean that  
> it's still a "live" protocol (it just means that you are abusing it for  
> what newsgroups were intended for, and meanwhile newsgroups are being  
> abused for what http/ftp were intended for (warez ;)

Usenet does fine, last time I looked (about a decade ago, admittedly).
In fact, I hear S/N has improved quite a bit since most people forgot it
still exists. IRC does fine. Many old, strange things are still alive.

> all mailservers except for a few have been removed, mx records have gone, 
> before the end of 2011, bye bye smtp. old crap :P

Works for you, great. I try something like that, first I lose my job
(is that a downside? waitaminute...), then the company goes out of business.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the tor-relays mailing list