from the full-of-300bps-goodness dept.
Professor Steve Bellovin at the computer science department at Columbia University in New York City writes in his blog about early design decisions for Usenet. In particular he addresses authentication and the factors taken into consideration given the technology available at the time. After considering the infeasiblity of many options at the time, they ultimately threw up their hands.
That left us with no good choices. The infrastructure for a cryptographic solution was lacking. The uux command rendered illusory any attempts at security via the Usenet programs themselves. We chose to do nothing. That is, we did not implement fake security that would give people the illusion of protection but not the reality.
For those unfamiliar with it, Usenet is a text-based, worldwide, decentralized, distributed discussion system. Basically it can be likened to a bulletin board system of sorts. Servers operate peer to peer while users connect to their preferred server using a regular client-server model. It was a key source of work-related discussion, as well as entertainment and regular news. Being uncensorable, it was a key source of news during several major political crises around the world during the 1980s and early 1990s. Being uncensorable, it has gained the ire of both large businesses and powerful politicians. It used to be an integral part of any ISP's offerings even 15 years ago. Lack of authentication has been both a strength and a weakness. Professor Bellovin sheds some light on how it came to be like that.
Despite weaknesses, Usenet gave rise to among many other things the now defunct Clarinet news, which is regarded to be the first exclusively online business.
OpenBSD developer, Gilles Chehade, debunks multiple myths regarding deployment of e-mail services. While it is some work to deploy and operate a mail service, it is not as hard as the large corporations would like people to believe. Gilles derives his knowledge from having built and worked with both proprietary and free and open source mail systems. He covers why it is feasible to consider running one.
I work on an opensource SMTP server. I build both opensource and proprietary solutions related to mail. I will likely open a commercial mail service next year.
In this article, I will voluntarily use the term mail because it is vague enough to encompass protocols and software. This is not a very technical article and I don't want to dive into protocols, I want people who have never worked with mail to understand all of it.
I will also not explain how I achieve the tasks I describe as easy. I want this article to be about the "mail is hard" myth, disregarding what technical solution you use to implement it. I want people who read this to go read about Postfix, Notqmail, Exim and OpenSMTPD, and not go directly to OpenSMTPD because I provided examples.
I will write a follow-up article, this time focusing on how I do things with OpenSMTPD. If people write similar articles for other solutions, please forward them to me and I'll link some of them. it will be updated as time passes by to reflect changes in the ecosystem, come back and check again over time.
Finally, the name Big Mailer Corps represents the major e-mail providers. I'm not targeting a specific one, you can basically replace Big Mailer Corps anywhere in this text with the name of any provider that holds several hundred of millions of recipient addresses. Keep in mind that some Big Mailer Corps allow hosting under your own domain name, so when I mention the e-mail address space, if you own a domain but it is hosted by a Big Mailer Corp, your domain and all e-mail addresses below your domain are part of their address space.
Earlier on SN:
Protocols, Not Platforms: A Technological Approach to Free Speech (2019)
Re-decentralizing the World-Wide Web (2019)
Usenet, Authentication, and Engineering - We Can Learn from the Past (2018)
A Decentralized Web Would Give Power Back to the People Online (2016)
Decentralized Sharing (2014)