On Sun, Sep 05, 2004 at 01:35:42PM +1200, Volker Kuhlmann wrote: > > hacking the isp is not going to do any good if we are not going to use > > the isps mailservers. > Sure, but you were arguing for "customer demand" at the ISP. Receiving > their mail at home, i.e. running a server, is out for Joe Doe. Using an > intermediate server creates a point of attack.
it needs both of course. first the user establishes a secure connection to the isp. then in order to send mail he establishes a connection to the isps mailproxy (not mailserver) but a proxy that acts like a http proxy. next a secure connection gets established to the destination mailserver through the proxy. since the isp will only allow customers to connect to his proxy, spammers can't relay things here so the destination mailserver may assume a legitimate connection. (details of this are another topic) that takes care of the sending side. the receiving side is a bit harder if we assume dynamic ips. the sender needs first to connect to the recipients isp and ask for a connection to the recipient itself which again is just a tunnel the isp itself then can not look at. he only sees that one of his customers is receiving a connection. this of course assumes that the isps stop being gullible and allow connections to be made to their clients. it also assumes that the endusers have a server running at all times, which is rather trvial to solve because such a server can be built right into the firewall every user should get. it does not take a wizaed, to enable the enduser of these capabilities needed. the technology for this is already there. there even was a company trying to offer services in that direction. freedom network from zeroknowledge.com. (lawrence lessing and bruce schneider are on their advisory board, and i believe at one time emanuel goldstein was with them too) they had an enduser package providing anonymity for for surfing and the like: http://www.zeroknowledge.com/en/news/pressrel_00/rel_may_23a_00.php it didn't sell because customer demand was not there yet. but things like that will come back up eventually. the goal is a secure connection between any number of people in this world, completely anonymous to everybody else. greetings, martin. -- looking for a job doing pike programming, sTeam/caudium/pike/roxen training, sTeam/caudium/roxen and/or unix system administration anywhere in the world. -- pike programmer travelling and working in europe open-steam.org unix system- bahai.or.at iaeste.(tuwien.ac|or).at administrator (stuts|black.linux-m68k).org is.schon.org Martin B�hr http://www.iaeste.or.at/~mbaehr/
