On Tue, 7 Sep 2004, Hadmut Danisch wrote:
> The last 17 month of work in ASRG (Anti Spam Research > Group, IRTF) and MARID (Mail authorization records in DNS, IETF) are > an excellent example of how to not design security protocols. > > This was all about marketing, commercial interests, patent claims, > giving interviews, spreading wrong informations, underminding > development, propaganda. It completely lacked proper protocol design, > a precise specification of the attack to defend against, engineering > of security mechanisms. It was a kind of religious war. And while > people were busy with religious wars, spammers silently realized that > this is not a real threat to spam. For what it's worth, do you remember a device that was marketed on American television called the "Ronco Pocket Fisherman?" It was a sort of folding fishing rod with a built-in, tiny, tacklebox, and the idea was that here was a complete fishing rig that you could toss into a suitcase and still have room for all your clothes and stuff. The fact is, as fishing gear, it was astonishingly bad. But, as the owner of a bait shop once explained to me after someone who had come in with one tossed it in the trash and walked out with a real fishing rod, "It's not made to catch fish. It's made to catch fishermen." Similarly, the current generation of anti-spam technology isn't made to catch spammers; it's made to catch ISP's and software companies and get them to part with their money. Alas, unlike the Ronco Pocket Fisherman, there is no proven technology that people can go back to after getting fed up with it not working. It has been clear from the outset that all the solutions to spam consisting of "building a fence around the internet and keeping the spammers out" aren't going to work, any more than the old anarchist-cypherpunk dream of "building a fence around our cryptographic networks and keeping the government out" was going to to work. The problem in both cases is that if the information needed to join the network is available to members of your intended in group, it's also available to members of your intended excluded group. I have two patents in natural language, and a fair amount of experience engineering in the field. But that's a fairly recondite skill, and these days most folks are looking for engineers for much more prosaic tasks like interfacing their middleware with their databases. In the last year, I have been unemployed. I've turned down two job offers, though -- from software companies with "bulk mail products", looking for natural-language guys to build "paraphrase engines" to bypass spam filters or "copy check" functions to estimate the likelihood of a particular message body being filtered. That's the level of commitment these guys are showing. They're actually willing to hire engineers at specialist salaries to build new ways to bypass filters. We should not be at all surprised, when we offer a way to "auto-whitelist" email and therefore bypass filters at a lower cost than hiring engineers, that they're leaping onto it at a much higher rate than legit senders. >From a cryptographic perspective, there are a lot of systems out there that are solving some trivialized version of the problem or some not-very-crucial aspect of the problem. There are a lot of systems that have a threat model that's very peculiar, and which can be solved, however meaninglessly, while their customers still get lots of UCE. Indeed, there are a lot of systems out there that don't have any published threat model. These are failures of protocol design, though not necessarily failures of marketability. But to the extent that they allow bypassing filters, the spammers are the biggest customers. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]