On 9/3/19 6:34 PM, Andy Valencia wrote:
> It'd nice if your peers were known quantities.
I'll agree that it would be /nice/ to know things about peers. But I
don't think that's a /requirement/.
I think it largely depends if you view your peers as terminal (B2B type)
connections, or transit.
> The whole "hey, anybody, drop mail in port 25" thing has turned out
> pretty ugly.
Yep.
> If each node vets its connections,
What does "vet" mean to you in this context? Are you relaying
everything / anything to and / or from a peer? Does this include things
that they relay for other peers? Are you selectively relaying known
addresses to avoid Joe Jobs? What?
I would think that most entities would have a UUCP gateway, be it theirs
or outsourced, and that said gateway would be able to establish direct
connections with other UUCP systems. Such a UUCP gateway would
inherently be configured to (selectively) relay as part of it's gateway
role.
I'm having trouble understanding why / how many entities would need
multi-hop UUCP paths that can't form a direct connection. Think
external bastion hosts / gateways for organizations. I get why things
behind such gateways would need to pass through it and couldn't
establish direct inbound (or possibly outbound) connections.
I can also see why organizations might not want the hosts behind such
gateways to be public knowledge. — There's no point in advertising
something publicly if the public doesn't need the information.
Especially when you can give the information to the peers that need it.
> and if you had some crypto signing so paths can't be spoofed, seems
> like you could push back on some systemic misbehaviors.
That sounds like you're fundamentally altering how various UUCP
implementations operate.
I would think that a modern UUCP path would be relatively short.
hostA1\ /hostB1
hostA2-gatewayA-(internet)-gatewayB-hostB2
hostA3/ \hostB3
As such, I'd think that gatewayA and gatewayB could relatively easily
configure filtering of what hosts they will allow inbound and / or
outbound relaying for.
Admittedly, it's been a few years since I looked at the filtering syntax
of Taylor UUCP (no known relation) to say for sure, but I *REALLY*
thought that it was possible to do such filtering. … Skimming the
documentation, it looks like forward-to and forward-from in the sys file
are what I'm talking about. I'd have to play with things to learn what
the fan-out is and how it relates to the connecting host vs further away
hosts passing through said host.
I feel like gatewayA and gatewayB can judiciously configure their UUCP
such that it would be nearly impossible for spoofing. E.g. gatewayA
trusts that gatewayB has properly configures things such that gatewayB
will only forward from hostB1–hostB3 and that each of those hosts is not
doing any forwarding of their own. And vice versa.