On Mon, 10 Mar 2003, Hallam-Baker, Phillip wrote:
But consider what happens when you use mobile code to describe the
hash function.
Oh, yes, let's consider that.
You have enormous security violations all over the Internet.
"Mobile Code" is a non-starter from a security standpoint. I don't trust
sandboxes, and I don't think most SMTP server owners do either.
This is how satelite TV companies keep card piracy at acceptable levels.
PThey don't shut off a pirate card immediately, they let a number
of customers develop then they kill it when doing so does maximum
damage to the pirate's reputation.
They have a closed system and can trust their own mobile code.
The apamware companies have a big problem that script writers do not,
they want to make money from their code. So it takes them much longer
to react than the opposition.
From my observations, a lot of simple anti-spam tricks that worked a
year ago (and are even widely-known, e.g., as part of SpamAssassin), still
work pretty well. So I think you have a point about the reaction time.
--
David.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg