CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, 25 February, 2004 04:50
Subject: digital sign
"Robert G. Brown" wrote:
>
> Work and time burdens are not uniform or static because of Moore's law
> [snip]
What? Gimme a break. I can impose the exact time burden I want at each s
step in a protocol -- I simply do not reply before the time I want elapses.
This is SOP in any attack protection
On Wed February 25 2004 16:15, Dean Anderson wrote:
> There are many ways to reasonably accurately identify mail to this
> list and distinguish it from all others: It is sent "to:
> [EMAIL PROTECTED]".
Nitpick: [EMAIL PROTECTED] could be in the Cc, or worse yet Bcc, field.
--
Dave Aronson, S
[EMAIL PROTECTED] wrote:
> see above response. also, from my perspective digital
> signature verification is simpler than maintaining a
> filter list. i'm tired of the spam/anti-spam arms
> race. i'm going to deploy a solution that is
> unspoofable.
No, you aren't. You're quite welcome to try,
On Wed, 25 Feb 2004, Dean Anderson wrote:
> There are many ways to reasonably accurately identify mail to this list
> and distinguish it from all others: It is sent "to: [EMAIL PROTECTED]".
>
> I haven't seen very much spam that has that characteristic, so I don't
> think such spam is much of a
On Wed, 25 Feb 2004 [EMAIL PROTECTED] wrote:
> i have ~98% accuracy thanks to bayesian filtering. i
> haven't calculated my false positive rate, but i get
> false positives. even *one* false positive is
> unacceptable. even if my filter accuracy was 99.99% i
> would still need to trawl my s
> From: "Robert G. Brown" <[EMAIL PROTECTED]>
> ...
> It has been pointed out several times now that unless you are willing to
> receive mail only from a small, closed group of individuals that all
> agree to use digital signatures and whose mail you whitelist while
> blacklisting EVERYTHING ELSE
On 26-feb-04, at 15:05, Robert G. Brown wrote:
It has been pointed out several times now that unless you are willing
to
receive mail only from a small, closed group of individuals that all
agree to use digital signatures and whose mail you whitelist while
blacklisting EVERYTHING ELSE you are righ
Vernon Schryver wrote:
>
> The spam problem starts with accepting mail from strangers.
This phrase is a good soundbite. I'd add:
The spam problem starts with *freely* accepting mail from strangers.
If we force strangers to jump some hoops before their email can reach
our mailboxes, it seems
> From: Ed Gerck
> ...
> If we force strangers to jump some hoops before their email can reach
> our mailboxes, it seems clear to me that we can still keep receiving
> email from strangers.
That is the e-postage and other...I'm sorry but the best phrase is
"snake oil." There is no and can ne
Vernon Schryver wrote:
>
> The idea of forcing your correspondents to jump through hoops that
> spammers' computers can't is fundamentally wrong and crazy.
Correspondents are also computers, humans don't do SMTP.
> A spammer's computer will happily continue trying to guess the
> answer to yo
Which is a royal pain for me: my email client (mandated by work) doesn't
alllow me to filter on CC: or BCC: addresses. Yuck.
>>> Dave Aronson <[EMAIL PROTECTED]> 2/26/04 05:29:04 >>>
On Wed February 25 2004 16:15, Dean Anderson wrote:
> There are many ways to reasonably accurately identify mai
On Thu, 26 Feb 2004, Ed Gerck wrote:
> Spammers need scale (because they get a very low return). Therefore,
> part of the solution should be to deny scalability to spammers. You
> seem to think that is not possible. However, it is trivial for a
> receiver to impose and enforce *both* work and ti
Can we don't pretend we can solve the spam problem on [EMAIL PROTECTED]
james
Iljitsch van Beijnum wrote:
On 26-feb-04, at 15:05, Robert G. Brown wrote:
It has been pointed out several times now that unless you are willing to
receive mail only from a small, closed group of individuals that all
On Thu, 26 Feb 2004, Robert G. Brown wrote:
> Why in the world does anyone think that digital signature maps with
> several orders of magnitude more entities to track, more complexity, and
> hence more opportunities for spoofing and finagling are going to succeed
> where simple DNS hostname lookup
I should also note that my own message below that I quoted is hypocritical
on my part. If the mail was IETF mail or other important email, I would
have a different opinion. Of course, It was hypocritical of me to say that
mail to others is any less important to its senders and recipients. I
should
> From: [EMAIL PROTECTED]
> ...
> false positives. even *one* false positive is
> unacceptable. even if my filter accuracy was 99.99% i
> would still need to trawl my spam folder to check for
> false positives. and as the spam volume continues to
> grow trawling the spam folder takes more a
On 25 Feb 2004 at 12:16, Neil Carpenter wrote:
> > the value in having the list processor sign all posts
> > is simple. guaranteed identification of the list
> > traffic for any recipient who decides to verify
> > signatures.
>
> This seems to solve a non-problem. Unless there are spam messages
On Wed, 25 Feb 2004 [EMAIL PROTECTED] wrote:
> this is a request for this list to be digitally
> signed by the list processor.
> i'm making this request because i need a way to
> positively id the messages from this list. i'm
> spending way too much of my time culling spam from
> my real email e
David Morris wrote:
It also supposes that the private keys aren't protected with a passphrase.
Nope. All you need is a keystroke monitor.
--
/\
|John Stracke |[EMAIL PROTECTED] |
|Principal Engineer|http://www.centive.com |
|C
On Wed, 25 Feb 2004, Dave Aronson wrote:
> On Wed February 25 2004 09:53, John Stracke wrote:
>
> > Dave Aronson wrote:
> > > Requiring digsigs on a list would help cut down on spammers forging
> > > list members' addies to spam "only members can post" lists.
> >
> > Not necessarily. Spam
On Wed February 25 2004 14:50, [EMAIL PROTECTED] wrote:
> On 25 Feb 2004 at 12:10, Dave Aronson wrote:
> > However, what does it gain us? Authentication that the message in
> > question, was indeed sent via the IETF list. What does THAT gain
> > us? The ability to separate it out from the sp
On 25 Feb 2004 at 12:10, Dave Aronson wrote:
> On Wed February 25 2004 11:50, [EMAIL PROTECTED] wrote:
>
> > i am very much wanting dialogue
> > around the issue of having the list digitally signed
> > by the list processor.
>
> If the folks who actually run the list find themselves a spare m
> From: [EMAIL PROTECTED]
> ...
> > Having the latest tools means nothing, unless they are used right. Are
>
> i'm using them correctly
I, for one, am unconvinced. I have had no trouble filtering unwanted
mail from this list, thanks to procmail. My various filters have no
trouble dealing with
Thus spake <[EMAIL PROTECTED]>
> > > apologies to the folks whose comments i'm replying to for
> > > not referencing their names (i didn't have the time).
> >
> > You ask us to take the time to implement a new mechanism of dubious
> > value.
>
> the value in having the list processor sign all pos
>the value in having the list processor sign all posts
>is simple. guaranteed identification of the list
>traffic for any recipient who decides to verify
>signatures.
This seems to solve a non-problem. Unless there are spam messages that
where the sender has, for instance, forged the existi
On Wed February 25 2004 11:50, [EMAIL PROTECTED] wrote:
> if it's not
> too much trouble i do request that you browse through
> the rest of my post.
Already deleted, and I can't be arsed to go trash-digging right now.
> i am very much wanting dialogue
> around the issue of having the list d
On 25 Feb 2004 at 9:22, Dave Aronson wrote:
> On Wed February 25 2004 05:50, [EMAIL PROTECTED] wrote:
>
> > i'm
> > spending way too much of my time culling spam from
> > my real email even though i'm employing the latest
> > spam filtering tools.
>
> Having the latest tools means nothing, u
]
Asunto: Re: digital signature request
Dave Aronson wrote:
>Requiring digsigs on a list would help cut down on spammers forging
>list
>members' addies to spam "only members can post" lists.
>
Not necessarily. Spam viruses would then start collec
On Wed February 25 2004 10:27, John Stracke wrote:
> Dave Aronson wrote:
> >On Wed February 25 2004 09:53, John Stracke wrote:
> > > Not necessarily. Spam viruses would then start collecting
> > > people's private keys.
> >
> > Theoretically possible, but at least it would significantly rais
Dave Aronson wrote:
On Wed February 25 2004 09:53, John Stracke wrote:
> Not necessarily. Spam viruses would then start collecting people's
> private keys.
Theoretically possible, but at least it would significantly raise the
bar.
Only one person needs to figure out how to do it. Think script
gnulinux (now that's a verifiable identity):
please do the work yourself - collect signatures for your petition by mail
to you, not to the list admins. They are busy trying to make next week's
meeting work.
And please - point to working examples of lists using what you propose.
On Wed February 25 2004 09:53, John Stracke wrote:
> Dave Aronson wrote:
> > Requiring digsigs on a list would help cut down on spammers forging
> > list members' addies to spam "only members can post" lists.
>
> Not necessarily. Spam viruses would then start collecting people's
> private k
Dave Aronson wrote:
Requiring digsigs on a list would help cut down on spammers forging list
members' addies to spam "only members can post" lists.
Not necessarily. Spam viruses would then start collecting people's
private keys.
--
/
On Wed February 25 2004 05:50, [EMAIL PROTECTED] wrote:
> i'm making this request because i need a way to
> positively id the messages from this list.
Look in the normally-hidden headers. Most lists have something unique
there. Usually it's something like a List-ID or X-Been-There line. In
this is a request for this list to be digitally
signed by the list processor.
to all list members. if after reading this post
you would like the list processor to digitally
sign all posts please say so (and tell the list
owner) so that the level of interest can be
gauged. thanks.
i'm making thi
36 matches
Mail list logo