On 7/7/02 5:41 PM, "J C Lawrence" <[EMAIL PROTECTED]> wrote:
> Yeah, we've been down that road on this list and elsewhere. SMTP/TLS, > reverse auth, PKI infrastructures, yada yada. A whole lot gets solved > by providing mutual identity verification/authentication systems for > distributed systems even outside of mail. Does it? Assume for a minute that you build a system that allows you verify that a piece of e-mail's "from" address actually comes from the system it says it came from? We can simplify it, actually. We only need to verify that "[EMAIL PROTECTED]" actually came from fred.yada.info. What does this actually solve for us? It doesn't solve open-relay issues, because if you think about it, there's a statistically high chance that the machine sending it to you isn't fred.yada.info, thanks to intermediate servers, dialup sendoff points and secondary MX-relays. And it doesn't really solve the ID issue, either. You now have an authenticated but still opaque token. All it does is guarantee that someone who's on your whitelist can't be forged and therefore delivered through a block. So the spammer simply generates a server that when you query it, validates the signature of the e-mail. You see it, throw that signature into the blacklist, and move on. So does the spammer. His server can simply generate infinite numbers of never re-used signatures. Or if you attach that signature to a domain and block it, he generates 10,000 domains, attaches a unique signature to each, and it'll take you forever to track them all down and blacklist them, even collaboratively. You defeat the collaborative aspects by generating infinite subdomains randomly, and infinite signatures validating them. And then when a given domain gets closed down "enough", the spammer starts over with new domains, which are trivial to get. And all of that is wonderfully authenticated and validated -- and completely worthless. In practice, very quickly you turn back to blacklisting through IP addresses. Which is what we do now... One night, a few of us sat down and built a system that took a PKI infrastructure and built a fully-functional, compliant spammer world within it. That's when I stopped worrying about trying to authenticate email. It ends up solving only a tiny piece of the puzzle (forgeries through whitelisted addresses), that basically doesn't need to be solved, anyway. (Think about this piece of e-mail. It's being sent from my plaidworks account. But it won't actually touch any machine attached to that server until list-managers delivers a copy back to me. It'l be accepted by the SMTP server of the system that runs the IP network here in my hotel in Victoria, and get delivered to you through some magic way. If you assume the ability for an e-mail address to "roam", and there's no practical way to stop that, then there's basically no way to tell the difference between this piece of email, and a spammer's piece of email coming to you via some random open relay..... And since either one could easily have the magic cookie of a PKI or other auth structure attached, a PKI system doesn't solve the problem of spam email....) > Any content that is used to render a message that is also not local to > the message can be used retro-actively as a web bug. [followed by a solid proof why you can't solve this problem with a geek solution....] > A pillory can be a useful and educational thing. She is a witch! may we burn her? -- Chuq Von Rospach, Architech [EMAIL PROTECTED] -- http://www.chuqui.com/ Very funny, Scotty. Now beam my clothes down here, will you?
