ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 5b. Opt-Out, 2nd version

2003-03-26 18:25:33
from [Hallam-Baker, Phillip] [Permanent Link] 
The list maintainer need not be one entity. All we need is agreement on the
hash function. I sugest a keyed digest with the key sha1("asrg")

You could give your email address to your participating isp, verisign, the
uspostal service or alan ralsky as you choose.

Most registrars would not keep any record of the addresses listed.


 -----Original Message-----
From:   Brad Templeton
Sent:   Wed Mar 26 17:11:20 2003
To:     Hallam-Baker, Phillip
Cc:     'william(_at_)elan(_dot_)net'; 'Kee Hinckley'; 'Brad Templeton'; 'Asrg
(asrg(_at_)ietf(_dot_)org)'
Subject:        Re: [Asrg] 5b. Opt-Out, 2nd version

On Wed, Mar 26, 2003 at 04:57:35PM -0800, Hallam-Baker, Phillip wrote:

Hang on a second here, I don't think anyone in the crypto world I'd
seriously worried about an atack which woud allow an attacker to find an
eficient inverse function for sha1 and I they did we would be sooo screwed
every other way it would not be funny.

I was thinking we would add boogus email addresses that have already found
their way to the lists...


The privacy goals are twofold.  We would like to avoid having to declare
publicly your desire to opt-out, though frankly this is not that much of
a killer.

Secondly, we would want to avoid spammers deliberately spamming all the
people
who opted out because they can get a list of all of them.


The seeding idea is interesting.  It doesn't solve the first problem, your
name will still go on a list that can be made public, but as I said we can
probably survive that, it's just somewhat ironic to have to go public to
protect your privacy.

You would need to seed the opt-out list with hashes of tens of millions of
fake
addresses, and those fake addresses would need to be ones that can't be
spotted as fake (they don't bounce) and which occur on popular spamming
lists,
but which are not anybody's mailbox.

That's a bit of a tall order!


Reversing a secure hash is (of course) not an issue here, you don't need to
do it to turn the list of hashed addresses into real addresses when you have
the database of 50 million valid emails on CD the spammers trade around.  If
you get spam, you're on their lists, so they can make a list of everybody
on the opt-out list who is on a common spammer's list.

Now why they want to spam it I don't know, possibly for spite.  Only well
hidden
overseas spammers would do it, but they would.

It is also a DoS attack on people.  If you hate somebody, extract the list
of
opted out people, then fake mail from the hated person to thousands of opted
out people.  Presuming the opt-out is working, the recipients will be extra
angry, this would bring down a rain of trouble on the poor soul.

Perhaps this is the greatest danger of the opt-out list.  It also applies to
the special domain I described and all other systems though.  If opt-in were
morally acceptable, it would certainly be easier to implement, but it isn't.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] 5b. Opt-Out, 2nd version, william
Next by Date:  Re: [Asrg] The "problem" from an engineering standpoint, Brad Templeton
Previous by Thread:  RE: [Asrg] 5b. Opt-Out, 2nd version, william
Next by Thread:  Re: [Asrg] 5b. Opt-Out, 2nd version, Brad Templeton
Indexes:  [Date] [Thread] [Top] [All Lists]