[cryptography] OT: SORBS is not censorship [Was: John Gilmore: Cryptography list is censoring my emails]
On Dec 31, 2014, at 5:16 AM, John Young j...@pipeline.com wrote: http://cryptome.org/2014/12/gilmore-crypto-censored.htm I would say that I am sorry for this off-topic rant, but if I were sufficiently sorry, I wouldn’t be sending it. I used to be a postmaster for a medium-sized university and worked as a consultant helping small and medium sized organizations set up their email. I’ve even managed to piss off enough spammers to have been targeted for attacks by them. (This is all long ago.) A DNS-based Real Time Blocking List (RBL), like sorbs.net, does not do any censorship or blocking itself. It merely publishes a list of IP addresses based on published criteria. Individual email administrators set up their systems to consult that list and take action as they see fit. So if 209.237.225.253 is listed in SORBS (unless it is listed in error, which can also happen) then it means at least some of the criteria for listing. This can include spam being repeatedly sent from it (with the owner’s consent or otherwise), or hosting pages advertised by spam. Typically an attempt has been made to contact the system or network admin. Now postmas...@example.com may chose to not accept SMTP connections from such parts of the network. Alice is free to send or support spam on her part of the network, and Bob is free to refuse to accept SMTP connections from Alice’s bit of the network. Now some sites and networks offer “bullet proof hosting”. That is, the network admins and hosting providers there simply send abuse reports to /dev/null. As a consequence a great deal of net abuse comes from such portions of the network. A postmaster using SORBs, Bob, is no more censorship than running a firewall is. If Alice thinks that her network is listed incorrectly (does not meet the SORBS listed criteria) there is a process for reporting that to SORBS. If she thinks that the SORBS listing criteria should not be used for blocking SMTP connections in general, then she can contact Bob, who chose to block based on SORBS listing. In this case Bob is the administrator of mail1.piermont.com. If Alice thinks that an exception should be made for her system or email, she can ask Bob to whitelist her otherwise blacklisted net. Cheers, -j ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Fwd: [SC-L] Silver Bullet: Whitfield Diffie
Seems as though this interview might be of interest to those on these lists. I've not listened to it yet so I don't know how interesting it may be. -kevin P.S. - Happy Gnu Year to all of you. Sent from my Droid; please excuse typos. -- Forwarded message -- From: Gary McGraw g...@cigital.com Date: Jan 1, 2015 9:44 AM Subject: [SC-L] Silver Bullet: Whitfield Diffie To: Secure Code Mailing List s...@securecoding.org hi sc-l, Merry New Year to you all!! Episode 105 of Silver Bullet is an interview with Whitfield Diffie. Whit co-invented PKI among other things. We have an in depth talk about crypto, computation, LISP, AI, quantum key distro, and more http://bit.ly/SB-diffie As always, your feedback on Silver Bullet is welcome. gem company www.cigital.com blog www.cigital.com/justiceleague book www.swsec.com ___ Secure Coding mailing list (SC-L) s...@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] John Gilmore: Cryptography list is censoring my emails
nah what am I thinking probably! 1988 if not earlier, 27 years :) The point is block lists suck, they're always blocking false things, and vigilante abusive takes 3x longer to take you off than for you to complain or unresponsive etc. They'll also falsely block you not because your config is insecure but because it doesnt match their preferred configuration. Quite irritating if you ever tried running your own mail server. Adam On 1 January 2015 at 19:12, Adam Back a...@cypherspace.org wrote: He's been running an open relay since like 2000 or something... why not its his relay. Adam On 1 January 2015 at 18:40, Sadiq Saif li...@sadiqs.com wrote: On 12/31/2014 07:16, John Young wrote: http://cryptome.org/2014/12/gilmore-crypto-censored.htm Don't run an open mail relay and your IP will be off the blacklist. Why are you running an open relay in 2014? -- Sadiq Saif https://staticsafe.ca ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] John Gilmore: Cryptography list is censoring my emails
On 1/1/2015 13:40, Adam Back wrote: nah what am I thinking probably! 1988 if not earlier, 27 years :) The point is block lists suck, they're always blocking false things, and vigilante abusive takes 3x longer to take you off than for you to complain or unresponsive etc. DNSBLs do occasionally get false positives, this is true. In this case, it is not really a false positive if spammers are relaying spam through your insecure server is it? They'll also falsely block you not because your config is insecure but because it doesnt match their preferred configuration. Quite irritating if you ever tried running your own mail server. Their preferred configuration is is it relaying spam or not?. Open relays = relaying spam. He can run his open relay if he wants to, but, he also loses all right to bitching about getting blacklisted when his open relay is spewing garbage. -- Sadiq Saif https://staticsafe.ca ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Fwd: [SC-L] Silver Bullet: Whitfield Diffie
On Thu, 01 Jan 2015 10:35:43 -0800, Kevin W. Wall kevin.w.w...@gmail.com wrote: Seems as though this interview might be of interest to those on these lists. I've not listened to it yet so I don't know how interesting it may be. Pauldotcom has a good interview with Diffie too http://securityweekly.com/2013/08/13/episode-341-with-guest-dr-whit/ I was surprised to learn his original vision included encrypting every single phone call made in North America end to end, no exceptions. Pairs well with the Brian Snow interview http://blip.tv/securityweekly/brian-snow-interview-6598476 ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] John Gilmore: Cryptography list is censoring my emails
He's been running an open relay since like 2000 or something... why not its his relay. Adam On 1 January 2015 at 18:40, Sadiq Saif li...@sadiqs.com wrote: On 12/31/2014 07:16, John Young wrote: http://cryptome.org/2014/12/gilmore-crypto-censored.htm Don't run an open mail relay and your IP will be off the blacklist. Why are you running an open relay in 2014? -- Sadiq Saif https://staticsafe.ca ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] John Gilmore: Cryptography list is censoring my emails
On 12/31/2014 07:16, John Young wrote: http://cryptome.org/2014/12/gilmore-crypto-censored.htm Don't run an open mail relay and your IP will be off the blacklist. Why are you running an open relay in 2014? -- Sadiq Saif https://staticsafe.ca ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] John Gilmore: Cryptography list is censoring my emails
On Thu, Jan 1, 2015 at 1:48 PM, Sadiq Saif li...@sadiqs.com wrote: On 1/1/2015 13:40, Adam Back wrote: nah what am I thinking probably! 1988 if not earlier, 27 years :) The point is block lists suck, they're always blocking false things, and vigilante abusive takes 3x longer to take you off than for you to complain or unresponsive etc. DNSBLs do occasionally get false positives, this is true. In this case, it is not really a false positive if spammers are relaying spam through your insecure server is it? Some of them willfully misclassify. In the past, one of the blacklist services used to escalate the range of the blacklist surrounding an IP if a provider/ISP did not stop a spammer. The blacklist range was made ever broader to apply pressure to the provider/ISP. I'm not sure if its a current practice. It got so bad with ATT in the past, that I could not send emails from a US federal agency to my home account because the home account was using one of those blacklists services. So my home account would reject the email from the federal agency because the list was expanded to a Class B or C (IIRC) to apply pressure to ATT. Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] John Gilmore: Cryptography list is censoring my emails
On 1/1/2015 14:18, Jeffrey Walton wrote: Some of them willfully misclassify. In the past, one of the blacklist services used to escalate the range of the blacklist surrounding an IP if a provider/ISP did not stop a spammer. The blacklist range was made ever broader to apply pressure to the provider/ISP. I'm not sure if its a current practice. It got so bad with ATT in the past, that I could not send emails from a US federal agency to my home account because the home account was using one of those blacklists services. So my home account would reject the email from the federal agency because the list was expanded to a Class B or C (IIRC) to apply pressure to ATT. Jeff Spamhaus is one that does this for sure. Example: ColoCrossing/VelocityServers et. al. -- Sadiq Saif https://staticsafe.ca ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] John Gilmore: Cryptography list is censoring my emails
On Thu, 1 Jan 2015, Sadiq Saif wrote: Spamhaus is one that does this [expanding listings for the intransigent]. I think they start targeting the corporate servers, too, to drive the point home to the suits. More power to 'em... If it wasn't for DNSBLs, email would not be possible (something the frea speach frothers seem to overlook). -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] stab from the past, was John Gilmore: Cryptography list is censoring my emails
The point is block lists suck, they're always blocking false things, and vigilante abusive takes 3x longer to take you off than for you to complain or unresponsive etc. The most amazing thing just happened. Last night I went to bed in 2014, and today, based on the messages I'm reading, it is 1996 rather than 2015. You know when someone shows up and says he has a new super unbreakable crypto scheme, and he'll pay $100 to anyone who can break it (but you can only see it after you sign a one-sided NDA), or the web would be totally secure if every web server used https because then you'd know exactly who ran every web site? Well, that's how this discussion sounds to anyone who is familiar with the way modern mail systems work. You can't run a non-toy mail system without DNSBLs.* The mail stream is 90% or more spam, and well run DNSBLs will tag or knock out about 80% of that 90% with a very low error rate. The DNSBLs that people actually use, notably Spamhaus and Spamcop, have turned from hobbies into businesses, and the good ones work very hard to minimize the error rate. It is certainly true that any moron can run an DNSBL, and many morons do, but nobody uses the moronic BLs so it doesn't matter. SORBS, the list that Gilmore is complaining about, is an odd case. It's one of the oldest BLs and used to be widely used, but now its management can best be described as peculiar. I know the gal (formerly guy) who runs it who is fairly peculiar, too. These days it seems mostly to be used by small systems who added it to their configuration a long time ago and haven't noticed the false positives yet. My mail server is listed on it, due to a single message sent three months ago that I am fairly sure was not spam (I have logs.) But if people want to use it, that's their problem. Gilmore's listing is probably not a false positive, since he famously insists on running an open mail relay that leaks spam. Even in 1996, the problem that open relays addressed (partial network connectivity) had largely gone away, so I do not pretend to understand what point he purports to be making. R's, John * - don't argue unless you've talked to the postmasters at Gmail, Yahoo, AOL, Hotmail, Comcast, Roadrunner, Charter, Verizon, and ATT. I have. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
