Dean Anderson wrote:
A covert or sneaky channel is merely one in which the communication is
//not authorized by the security model// It has nothing to do with
readability or detectability.
To be useful for its covert purposes, a covert channel should not be easily
detectable as a covert channel -- in our case, spam should not be easily
detectable as spam. Thus, it has to do with readability and detectability.
That's why, as a matter of logic, we should agree that if the message can
be detected/read by the intended recipient then it's not in a covert
channel (anymore). This does not imply that if the message can NOT be
detected/read by the intended recipient then there is NO covert channel.
In yet other words: you whack-a-mole when you find one, but you can't say
that there aren't any moles. It is not a game you can win.
That's where we disagree -- if I can make it harder/slower for the other
side to set up moles than it is for me to find them, I will win.
We now have a legal process to use against abusers
someone must have said the same for anything we have a law for...
including theft...and yet we do find it useful to lock our cars, no?
In many residence areas, mailboxes have no key and anyone can open
them and insert rogue mail, bombs, etc. This is the same way that your
email address works today. Anyone can put email in your emailbox and,
if they're clever enough, spam filtering in your personal MUA or at the
MTA will not help. You will receive spam. You say this is not a game
you can win... "there is little that can be done."
In some residence areas, however, mailboxes have no mail slot. The mailman
has a key to the mailbox and needs to use it in order to insert mail. The
box owner has another key and uses it to retrieve mail. This still does
not prevent you from receiving a letter laced with anthrax, but it
gives us a good metaphor for improving email: We need to be able to control
receiving what is posted to us based on the trust/authorization we associate
with the poster AND the message. In other words, if we have no reason to trust
the poster or the message, we should be able to impose a burden as high as we
desire on the poster (including no burden).
The decision what to accept or reject should happen at the recipient's MTA
(preferably) or MUA in interaction with the purported sender's MTA and MUA.
Also, to be effective, this should not depend on a user's list of current
v****a-like words. Providing a barrier for accepting email (i.e., a putting
a selective lock in your email box) is neither a legal issue nor an user
issue -- is an IETF issue. By using suitable PK encryption for end-to-end
email privacy (including crypto-puzzles), I suggested we can offer such
spam burden at no added cost to the user.
I advance that in the old DARPANET days, spam protection was provided
by DARPA, because DARPA could locate and disconnect any user who abused
the system, and everyone knew it. That's why there was no need to design
email in any other way than what is today, with open mail addresses.
However, today, the Internet is an open system and there is no way to
locate and effectively disconnect abusers. The abusers will just continue
to route around, seeking zero friction to posting, until we put in place
a better system just like the postal mail had to do, laws notwithstanding.
Cheers,
Ed Gerck