[TELECOM Digest Editor's Note: And now, for today's 16 K-byte Gospel
lesson, here is our resident Gospel teacher. PAT}
In article <telecom24.257.6@telecom-digest.org>, Robert Bonomi
<bonomi@host122.r-bonomi.com> wrote:
> In article <telecom24.256.11@telecom-digest.org>,
> TELECOM Digest noted in response to Joseph <JoeOfSeattle@yahoo.com>:
>> On Tue, 07 Jun 2005 03:27:55 GMT, [Telecom Digest Editor] writes:
>>> [TELECOM Digest Editor's Note: I would like to ask you just one
>>> question: _Why_ can't a registrar be expected to screen potential or
>>> actual spammers? If registrars started doing that, they'd be heros
>>> in the eyes of most netters. PAT]
>> If you're going to use that logic you might as well use it on the
>> telephone company for selling service to fly-by-night boiler room
>> scamsters in South Florida and Montreal as well.
>> [TELECOM Digest Editor's Note: One small problem with your logic.
>> Telco is a common carrier; they are required by law to supply service
>> to _anyone_ asking for service on the condition the potential
>> subscriber has demonstrated an ability and willingness to pay for
>> the service. Registrars are not common carriers, they are free to
>> accept or reject customers at will;
[[.. munch ..]]
[ *sigh* ham-handed editing by the moderator manages to completely ruin ]
[ the examples in the two paragraphs below. Thank you, PAT ]
[TELECOM Digest Editor's Note: You are quite welcome, I am sure. I am
always glad to be of assistance. PAT]
> Of course, spammers/scammers/phishers can, and *do* use raw IP addresses,
> without having domain-names attached. So can anybody else. e.g.
> http://208.31.42.81/index.html or mailto:esteemedmoderator@[208.31.42.98]
> Thanks to the wonders of HTML, unsophisticated readers need never _see_
> the above forms, you do something like
> a href=http://208.31.42.81/>Telecom Digest or
> a href=mailto:esteemedmoderator@[208.31.42.98] email Patrick Townson </a
> or fatuously:
> email a href=mailto:esteemedmoderator@[208.31.42.98]
> AlGore@whitehouse.gov/
> Domain-names are not necessary. They are simply a 'convenience'.
> Is 'directory assistance' (a non-common-carrier, *non-regulated*
> ancillary service for the PSTN) responsible when you get telemarketing
> calls? or harassment calls?
> Is _directory assistance_ responsible for checking out the 'history'
> of the person who buys into having their name 'indexed' in the
> database? ILEC telephone service usually includes getting entered
> into the database. CLEC telephone service often does *NOT*.
> Frequently you have to order that separately, sometimes via the CLEC,
> sometimes directly from the ILEC. Just like the way you can get your
> non-ILEC, or even VOIP number listed in the ILEC 'white pages' phone
> book.
> Registrars serve an essentially identical function to 'directory
> assistance'.
> [TELECOM Digest Editors' Note: No, directory services are not
> responsible for that type of phone call. But we can and do prevent
> that type of phone call by having our numbers unlisted/non-pub. And
> I do not agree that the registrar serves an 'essentially identical'
> function.
'Directory assistance' provides a 'name to number' mapping function,
nothing more. Registrars provide a 'name to number' mapping
function, nothing more ...
The only real difference between the two is that the 'numbers' are in
different address-spaces.
The PSTN does not rely on 'directory assistance' for the basic
functionality. calls *must* be placed to a 'number'. If you have a
'name', you must *first* translate it into a number, before you can
attempt to make contact.
The Internet does not rely on 'naming services' for the basic
functionality. Packets *must* be sent to a 'numeric address'. If you
have a 'name, you must *first* translate it into a number, before you
can attempt to make contact.
It is 'convenient' to remember and use names instead of numbers, and
to use 'directory assistance' to map those names into telephone
numbers.
It is 'convenient' to remember and use names instead of numbers, and
to use the registrars databases to map those names into "internet"
numbers.
The 'essentially identical' nature of the operations should be
obvious.
> One difference might be that telco makes the number assignment and
> _forwards_ that information to the various directory services where
> no single entity tells the registrar what numerics will be applied;
> the registrar simply assigns the requested name and tells the root
> servers to deal with the names.
"not exactly".
(A) sometimes it is the _end-user_customer_ who tells 'directory assistance'
what information should be there -- name *and* number, maybe including
address. And directly _pays_ the operator of the directory-assistance
service to carry that information.
(B) When you register a name, you have to provide the *address* of the
machine(s) that will answer questions about things 'under' that name.
If you fail to provide the addresses for those machines, then *nothing*
works.
> If no registrar ever listened to you and assigned the name you
> wanted, thus no root servers would ever know of that name, then how
> would anyone be able to reach you _by number only_ if the root
> servers did not know what to do with the number?
Rhetorical question #1: How does the PSTN know how to route your call,
if directory assistance doesn't know about your number?
Rhetorical question #2: How do you think the Internet functioned
_before_ there were 'root servers' (and DNS)?
It is really *easy*. The 'root servers' are *NOT*INVOLVED*AT*ALL* in
getting packets to a _numeric_address_. Each and every router on the
entire Internet has a set of 'forwarding rules' in it, that describes,
for _every_possible_ address on the internet, where the 'next step' en
route to that destination is. That is _all_ the router needs to know;
where to send it 'next'. and that next step does the same thing. "And
so on, and so on." Eventually, by recursive application of that 'send
it to the next step along the way", it arrives at it's destination.
To make things "easy" on (a) users, (b) application software, and (c)
software developers, the standard 'name to address' look-up
functionality has always worked on the basis of 'given a name as
input, go find the address for it; given an address as input, simply
return _that_ address." Note that that latter functionality does
*not* require any consultation with the 'root servers', or anything
else (even a 'hosts' file) for that matter.
> So I, John Q. Spammer go to an ISP and ask for a connection.
And you get a circuit, and some IP address numbers. *PERIOD*.
That is _all_ you get when you buy basic service.
> ISP I want to be known as 'spam.com'.
You do *not* have to do that. You _may_ ask them to handle "all that
stuff" for you, but you're engaging in a purchase of 'additional',
_optional_ services from the ISP. when you do that. Depending on the
provider, they may offer to do it 'at no additional cost', or they may
charge for it. Price on the 'basic service' is better from those who
_do_ charge extra for that optional service.
Of course, you can be known to the world at large as 'spam.com'
*without* any intervention by that ISP. *WITHOUT*, in fact, the ISP
even being aware that you are using that name. You can either
contract with "somebody else" (other than that ISP) to handle the
DNS-related stuff, or you can 'do it yourself'.
My ISP, for example, has no idea what domain-names I am using for what
machines, at which of the addresses they supplied me. I can change
the host names, and domain names, any time I choose. Without their
knowledge or consent. I can add a new domain name, and deploy servers
under that name, and the ISP has no knowledge, nor any awareness that
I have done so.
> I do not tell the ISP I want to be known as '208.31.42.98' ...
True. The ISP *tells* you that you _will_ be addressed as
'208.31.42.98'. You do not have any real choice as to what your
'number' is -- you must use whatever number(s) you get assigned.
EXACTLY the way that the telephone company tells you what your phone
number will be.
> ... ISP says I will take care of all that once you get installed by
> a registrar. Quite a difference,
You apparently "don't know what you don't know" about how the process
actually works.
The ISP says "I will play middle-man with the directory service, if
you want me to, or you can have somebody else do it, or you can deal
with them directly yourself."
The CLEC says "I will play middleman with the directory service, if
you want me to, or you can have somebody else do it, or you can deal
with them directly yourself."
As you say, "quite a difference."
> registrar _is_ like directory assistance, but different in the sense
> that directory assistance does not _assign_ anything, but simply
> reports on what has been assigned.
A registrar doesn't "assign" anything either, it simply reports info
on what names are 'in use'.
There is a design difference in the architecture -- the
name-to-address mapping service in the Internet realm requires that
names be 'unique'; In database terms, you are only allowed one record
with any particular 'key'. The telephone 'name-to-address mapping
service' is not that restrictive. There can be several "John
A. Smith" listings, with different numbers. How do you know
_which_one_ is the one you're looking for? That _is_ the problem --
there's no way to tell. You have to get all the numbers, and call
each one and ask "are you _the_ John. A. Smith that...?"
> So if the registrar was not a greedy son-of-a-bitch and started
> saying NO! that would help a lot.
Totally ignoring the fact, as described in the botch-edited material
above, that the spammer can do everything he needs, *without* relying
on a domain- name _at_all_. Domain names are a 'convenience', nothing
more. HTML makes it 'trivially doable' to 'conceal' the fact that one
is *not* using a domain-name -- _and_ to give the appearance of using
_somebody_else's_ domain name, but -actually- connecting to your own
servers instead.
> Oh yes, I know that John Q. Spammer could try to cut a deal under the
> table direct with the ISP, or whomever it is that physically makes
> his connections in and out,
You continue to display your lack of understanding of how things
actually work.
There isn't any need for any sort of 'under the table' dealing. You
just order basic service from the ISP. Period. You can then: (a)
handle domain-name stuff _yourself_, without *any* ISP involvement,
(b) contract with the ISP to handle it for you, (c) contract with
'somebody else' to handle it for you, or (d) not bother with it
_at_all_. ALL the ISP knows is whether or not you contracted with
them to handle things. If you didn't, they have no way of telling
whether (a), (c) or (d) applies. Nor do they care -- either way,
_they_ aren't providing any related service, and that is the entire
extent of their interest (more properly lack thereof :) in the matter.
Almost all big commercial accounts buy 'just connectivity' from the
ISP, or more likely ISPs (plural) that they use. And handle all the
'other stuff', including interfacing with 'directory assistance'
themselves. The people that provide Internet connectivity to General
Mills don't have _any_idea_ as to what domain-names are being
used. They don't care either -- *all* the data packets they see have a
_numeric_ address in them; all they have to do is get things to the
proper numeric address, and let the customer do whatever processing is
appropriate.
> but ISPs working in concert with registrars could do a lot to clean
> up the mess.
ISPs _alone_ could completely clean up the mess. If they wanted to.
The problem is that, collectively, they *don't* want to. And there is
nothing that we, the users who _do_ care, can do to make them change
their mind about it -- as long as there are "sufficient numbers" of
people who are willing to buy services from those 'uncaring'
providers.
Since 'many' ISPs are demonstrably *not* interested in doing so, the
idea of 'ISPs working in concert with registrars' is similarly nothing
but a pipe dream. I wish it wasn't that way, but it *is*. "Reality
sucks" applies.
> And like the old system which was used with FIDO, when a site
> becomes a nuisance, he gets delisted, and if others up the line do
> not cooperate then _they_ get delisted also. The rule ISP's and
> registrars would use is that if John Q. Spammer was expelled by
> whoever, then no one touches him or works with him. PAT]
Don't I wish!! Unfortunately that approach works *only* when 'almost
all' of the players agree on, and _enforce_ the same set of rules.
When the 'node' (or 'network') that carries 40% of _all_ the traffic
in North America decides that they _will_ deal with 'John Q. Spammer',
regardless of his history, it _really_ "doesn't matter much" what the
'rest of the world thinks' about it. They _are_ too big and 'too
important' to be _effectively_ 'shunned'.
It's like the old joke: "what are the little brown bumps between
elephant's toes?" Answer: "Slow natives."
And you apparently don't remember the great schism in Fidonet -- when
two major nodes blackballed each other; and the 'rest of the world'
had to choose sides. Resulting in two different 'fido nets' that
didn't talk to each other.
Unfortunately, on the Internet, there is nobody in that '800 lb
gorilla' position with the interest/gumption to do that black-balling.
And when the pygmy tries it, he just ends up as another 'little
brown bump'.
[TELECOM Digest Editor's Note: Since you seem to have so many hassles
with my editing, why don't _you_ start a Digest in which you could
witness the Gospel to everyone? I do remember the Fidonet schism, and
it was unfortunate, but it all eventually came back together did it
not? And thats really what we need here on Internet, where a large
number of the 'pygmies' as you call us, walk away and start doing our
own thing, a sort of 'Internet2' approach. And when the 800 pound
gorilla MCI comes around saying, "oh you must really be sorry about
losing all our customers (who by and large, as Spamhaus indicates are
spammers) from your circle of communications," my response would be
"not really. Numbers do not mean everything; so now we have only 60
percent of the users we used to have ... so what .. we have the
_quality_ users with us." Of the approximatly thousand items of mail
this 'pygmy' recieved today, if I had not gotten 400 of them, and 395
of those 400 were spam anyway, somehow I think I would get over it.
Yeah, Robert, you really have it made; start your own BONOMI Digest
(as I offered to help you with when I sent back that 48 K-byte
rebuttal you sent a couple weeks ago) and you will never again have
to worry or fret over my 'ham-handed' editing. PAT]
Robert Bonomi (bonomi@host122.r-bonomi.com)