From: tjacobs(_at_)redsword(_dot_)com
...
Short of the protections offered by some "fancy crypto solutions",
what is to keep a spammer from using the public algorithm used in
generating tokens to generate his own?
I don't think digital signatures involve fancy crypto solutions,
at least not if based on a public key published with the subscription
confirmation.
In that case, I'm unsure what you meant by not wanting to use "fancy
crypto solutions" (a quote from your earlier post) if this term does
not include digital signature algorithms and public keys. Were you
just meaning no commercial solutions ("authorities") that involve
paying money to maintain the key infrastructure? Or do you not
understand that "digital signatures" and "public keys" are
applications of cryptography?
Obviously it would result in
a huge number of failures, but the fact that spammers now use
dictionary attacks (and worse) suggests that they would be just as
willing to try that approach.
Please read about digital signatures.
I already know quite a bit about digital signatures; but your
original post (no "fancy crypto solutions") suggested that you were
not using them. Apparently you meant something besides what you
seemed to mean (not surprising, since it appears that a lot of people
can't even agree on the meaning of such terms as "spam"). Clearly,
someone needs to start maintaining a glossary on this topic, since if
people can't agree to the meanings of terms it is just going to
create a lot of disagreements where no fundamental differences exist.
Brute force ictionary attacks involving a few 1000 or 1,000,000 names
are one thing. Brute force attacks on public key signatures that
involve an SMTP transaction per test are something else entirely. You
couldn't begin to start a single attack before the human race has
disappeared.
Again, if you're talking about public key signatures, you're talking
about crypto (and if you're not, then you're talking about something
that can be brute-forced. You can't have it both ways).
Ideally, what I would like to see is some approach that requires
large CPU overhead for sending a large number of messages, because
this should at least throttle the bulk mailers.
Why penalize legitimate bulk mailers such as the IETF?
The IETF, CERT, and many other outfits are bulk mailers.
While the term "legitimate" bulk mailers is often misused (being only
a tiny fraction of those that claim that title), such legitimate
users could overcome the handicap via whitelisting by their recipient
(of course, this brings up the issue of forging, which some ignorant
parties believes doesn't happen to any extent).
There are a couple
of variations to this approach that I think might be workable, such
as a mail protocol where the sender first sends a "i'm about to send
a message" message, and the receiver generates a key pair, sending
the arbitrary "public" key to the sender, who then uses it to
encrypt the message,...
Please read about simple crypo-based authentication.
If you had read the rest of the message, you would've realized that
those won't work, since they place the calculation burden on the
wrong party.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg