From: Theodore Ts'o <tytso@Athena.MIT.EDU>
Date: Fri, 5 Mar 93 13:27:31 PST
To: Eric Hughes <hughes@soda.berkeley.edu>
Subject: Re: You Aren't [I'm Not]
In-Reply-To: <9303052041.AA05452@soda.berkeley.edu>
Message-ID: <9303052126.AA02211@SOS>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Fri, 5 Mar 93 12:41:24 -0800
   From: Eric Hughes <hughes@soda.berkeley.edu>

   Existing controls on the signal-to-noise ratio?

   Yet this upper bound is ineffectual.  Let us take the widely used
   analogy of Usenet as a sewer.  Reading Usenet is like wading chest
   high through the muck.  But am I reassured that there is an overflow
   valve so that it never gets past my chin?  Hardly at all.  I won't
   drown, to be sure; what a _slight_ comfort.  

Touche'.  Granted, the signal-to-noise ratio on Usenet varies widely.
However, some groups still are able to function quite well, although
perhaps not as well as they could in an ideal world.  Just because they
aren't working perfectly isn't an excuse to break them completely, or at
least until this mythical positive reputation technology is implemented,
debugged, and deployed on the all over Usenet.

As far as the sewer analogy goes, what you are trying to do is to remove
the overflow valve *now*, while not providing the drain to actually
drain out all of the muck.  While there has been some prototype designs
which have been thrown about, I have yet to hear a coherent, realistic
plan for how it could be installed on all or most of the Usenet servers
and readers *today*.

   I had thought that we had pretty clearly established that attacks on a
   system of content and of volume were of different natures.  Lack of
   robustness in mail software makes a mailbomb possible, not lack of
   accountability.

However, this mail software is deployed all over the world, and is not
going to change anytime soon.  And again, I have yet to see a coherent
and realistic protocol that will be able to screen out mailbombs while
leaving "only the good stuff" on the SMTP layer --- let alone an
implementation of the same.  

   >Maybe there are good, sound, policy reasons for making this change.  But
   >out of fairness, one would think that the agents of change should be
   >prepared to bear some of cost of that change.  

   Were there silence before in the neighborhood, I would agree.  

There may not have been silence, but nevertheless, if the agents of
change are going to increase the average sound level by 50db, it is
unreasonable to assume that the people who will suffer from this noise
increase, and who will have to go out of their way to implement
soundproofing, etc. are going to sit back passively and let you screw
them.

   You can't protect the network unless you *do* protect individual
   sites.  The network as a whole is not a legal entity, only the
   companies and individuals that run them are.

Sure you can; you can protect regional and national networks such as
NEARnet, by making them common carriers.  I think that would be a fine
idea!  However, that does not mean that people who connect to that
network should then be also protected.  In the same way, just because
Nynex is a common carrier, it doesn't and shouldn't mean that anyone who
uses Nynex to place a call is similarily protected from legal liability.

If you cause someone damage by your speech, and you maliciously did so
knowing that your speech was false, the person you harmed should be able
to recover damages from you, whether it is done over the phone or done
over a TCP/IP network.

							- Ted