Re: Outbound SMTP

[Michael Van Norman <mvn () UCLA EDU>]

> Are you suggesting that a filter is always binary?  On for the entire
> network or off?  If so, then perhaps that's extreme, but, as we all
> know, exceptions can be made.  Fortunately these types of exceptions
> are not that difficult to deal with.

No, but much of the list traffic was "We block everything except our
approved mail servers."  Sounded binary to me.

> This brings me to one of my concerns.  Why do we have to engineer our
> entire networks in one fashion?  How about a research network, where
> port 25 was open, and an administrative network where it's not?  If
> every time I say lets do X, you respond with but so and so needs X,
> we make no progress.  How about we do X, where practical, and still
> allow so and so the use of an open network?  If network security
> is going to make significant strides we need to quit catering
> to the least common denominator.

I agree wholeheartedly that we shouldn't cater to the least common
denominator.  However, today the leanings seem to be break the network
first, and then open things up when there is a justification.  This puts
the burden on legitimate users of the network to justify their use and
get permission because a few users/devices cause trouble.  Just my
opinion, but people tend to innovate less when you put up barriers to
innovation.  Making somebody get permission before trying something new
is a barrier (no matter how low you try to make it).

/Mike