ietf-asrg
[Top] [All Lists]

RE: [Asrg] My Opinion regarding ietf asrg session (it went badly! )

2003-03-21 18:12:43
I agree that the meeting was.... unbalanced. It would have be en more 
appropriate to have a meeting like this at a symposium or conference 
attended by management and 'decision makers'.

I was pretty irritated that more time was spent on ill informed comments
against certificate based authentication alone BEFORE the authentication
presentation than was spent on the authentication presentation.

We had four people come to the mike with comments about why certificates
won't work before they had actually been proposed.

Such comments are rarely constructive or usefull. In particular I was very
surprised to see people who should know better stating that a straw man
system in which email from anyone with a certificate is automatically
accepted is 'not going to work'. Well like Homer Simpson would say
Duuuhhh!!!!

That is not the proposal that has been made on this list but we had four
people attacking this straw man at great length. I would hope in particular
that people who have been arround PKIX for as many years as Bob Moscowitz
would have enough of a clue to realize that I would not suggest anything as
stupid as the proposal he argued against.


You cannot rely on certificates alone. Once people use certificates on a
widespread basis the spam senders are going to attempt to get hold of
certificates. This is expected.


The first line of defense is to have good authentication procedures. CAs who
perform authentication before a certificate is issued are going to provide a
higher bar for the spam-senders. As Jon demonstrated spam senders, in
particular garbage creators do not want to give a genuine address.

Disclosure of interest - I have a commercial interest here since once the
spam senders decide they need certificates they are going to start with the
CA's whose 'authentication process' consists of an unchecked Web form.

A second line of defense is the law, anyone who applies for a certificate on
the basis of false information has committed fraud in practially every
single jurisdiction where the law means anything.

Spam senders are not going to be deterred by certificate cost but they can
and will be deterred by the risk of being caught. Obtaining a false
instrument for monetary gain is a serious offense. Using a false instrument
to obtain computer services (mail delivery) is a very serious offense that
the FBI, Special Branch, Interpol etc. treat very seriously.

Of course the Nigerian scams are pretty sophisticated and it is likely that
false businesses will be established that meet the authentication criteria
for a certificate to be issued. Note that the cost here is not the amount a
certificate might cost but the cost of setting up the front business. If a
lot of certificates are required these costs increase dramatically since any
cert that can be linked to a spamy cert can also be revoked.

The third line of defense is black listing and revocation. To take
revocation first, it now works PERIOD. We have the proven capacity to
support revocation via OCSP or XKMS at any scale. This is not cost free,
that is why the cert cost might well be higher for high, high volume certs.
Caching is going to be an absolute MUST here. The CA has to reserve the
right to only provide a limited number of responses for the same cert within
the given validity period 10 lookups a day good, 10,000 an hour and you get
blocked).

It may not be possible to revoke a spammy cert however as the criteria for
revocation are quite strict - as strict as the original authentication
criteria. This is where blacklisting and more likely greylisting comes in. A
mechanism is required to report that a certificate is considered 30% spammy.

                Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg