lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: full-disclosure at (Bill Royds)
Subject: Email legislation does not exist

Interestingly, the regular postal service started as a collection of private
couriers carrying mail using private stagecoaches.
One great advance of the 19th century was to create the Royal Mail in
England which guaranteed delivery to all for a minimal cost.
Part of the agreement was the idea that mail had legal status and there was
an enforceable contract for delivery.
The postage stamp was invented so that the sender would be able to make an
easy contract. He had paid for delivery so he should be guaranteed delivery.
Perhaps sender-pay is an idea whose time has come on the Internet.

-----Original Message-----
[] On Behalf Of Thor Larholm
Sent: March 4, 2004 2:11 PM
To: 'Mike Barushok'
Subject: [Full-Disclosure] Email legislation does not exist

> From: Mike Barushok [] 
> Cc:
> Subject: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
> Then there is the 'rejection' problem. If the mail is 
> not accepted, laws prohibit silently discarding it. 

I don't mean to be rude, but what laws are you referring to?

The internet is a collection of private networks running on private
property. What law dictates that I am forced to accept any email, or any
single packet of any kind, on my machine?

It's an old saying, but it rings true: My network, my machine, my rules.

Though perhaps a bit simply put, Doc Searls and David Weinberger
highlights this same issue on

Do we really want email to be legislated as regular postal services are?

If so, should we not then be prohibited to run non-approved email
Doesn't the concept of email legislation itself oppose the basic
structure of the Internet, by imposing legislation on private property? 
We legislate other private property such as guns based on their inherent
danger, should we assume that machines connected to the Internet are by
definition insecure and regulate them?

(I have CC'ed the SecLegal mailing list)


Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of

Full-Disclosure - We believe in it.

Powered by blists - more mailing lists