When you cannot trust people like Paul Vixie and Bill Manning to terminate
sites that are engaging in plainly obvious and egregious defamation and
harrassment claiming that IP address space is hijacked when a quick check
of the registry indicates that it isn't, then you also can't trust them to
be in charge of a trust system. They are people who have asked others to
trust them. They are people who have said that trust is important. They
are people who have said ISP's should have AUP's, and should enforce them
against abusive users.
The world certainly has its hooks into them. Yet, we find that they are
associated with court-proven liars and other disreputable people, who have
their own spiteful agenda, and they aren't even embarrassed by that
finding. We find them misleading their subscribers, for example by
blocking companies outside of their criteria, or just completely falsely
This type of thing hasn't happened just once, but many times, by many
Quite obviously, we can't have a trust based system, because the
anti-spammers are even less trustworthy than the spammers.
On Wed, 17 Mar 2004, Vernon Schryver wrote:
From: Paul Vixie
identities without history will be a dime a dozen, or cheaper. spammers
with no history could trample your privacy all day long if you allowed it.
accepting incoming communication from someone the world has no hooks into
is off the table. allowing the world to have its hooks in someone whose
identity you don't know (and could never find out) has to continue to work,
but anonymity and homelessness are not the same thing.
Stated that way, but perhaps with an unintended interpretation, I agree.
Every mail sender is "hooked" by an entity that the mail receiver knows
and that has its own reputation that can be checked today. The ISPs
that own the IP addresses in every IP packet that Ralsky sends "have
their hooks" in Ralsky. You can decide whether the implicit no-spam
guarantee from that "hooking" agency is sufficient by checking your own
blacklist or the blacklists of others via DNS or BGP.
All of the possible good and bad aspects of any possible "trust" or
"reputation" system are already present in the current system.
- If you say that you can't trust ISPs to check that a new customer
is not Al Ralsky in disguise or one of his proxies, then you must
say the same about any other organization.
- If you say that ISPs cannot check the reputation of new customers
for a $30/month account, then you must say the same about any other
- If you say that you cannot trust ISPs to terminate the accounts of
spammers, then you must say that you cannot trust any other outfit
to revoke the PKI cert or other assurance for spammers.
- If you trust some of those other outfits to revoke their virtual
letters of introduction and recommendation, than you must be
willing to trust some ISPs to do the same and terminate accounts.
- If you say that third party organization could assure you that a
mail sender is not a spammer, then you must agree that an ISP
could check with that organization before adding a password to a
RADIUS server or or turn on a DSLAM, and that an ISP could terminate
an account when that third party revokes is assurance.
- You can be anonymous on the Internet only if your ISP protects you.
No one is homeless on the Internet. The SYN-ACK for your SYN to
port 25 must get back to your source IP address home at your ISP.
The connection between you, the spam or mail target, and the ISP that
has its hooks in the mail sender is better than any PKI or crypto
related system could possibly be. It is not only much cheaper than
anything Microsoft/Yahoo/AOL/Verisign would sell, but technically more
reliable. IP address spoofing was practically impossible for spam
even before RFC 1948 and related defenses, because it was too hard and
unreliable if you need to make 10,000,000 successfully spoofed ISN
predicted TCP connections per day. On the other hand, we all knew
even before the bogus "Microsoft Corporation" certs or the discovery
that those bogus certs could not be revoked that commercial PKI is eyewash.
If you believe that "reputation" or "trust" systems might help the
spam problem, then the only room for improvement is in the trust query
protocol. DNS is a screw driver being used as a hammer in DNS blacklists.
However, this is merely a matter of optimization or elegance.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com