ietf-asrg
[Top] [All Lists]

Re: [Asrg] Washington Post: Earthlink to Deploy a Challenge-Response System for

2003-05-09 16:03:18
On Fri, 2003-05-09 at 17:58, Vernon Schryver wrote:
I think Challenge/Response
systems are hopeless for the reasons repeatedly advanced by others.
C/R schemes are like RMX (with the new RR) in the sense that neither
will be widely used (RMX even worse).  

I've been silently watching the RMX argument unfold for some days now. 
You have implied that it would not be widely adopted by users even if it
was approved as a standard.  I find this difficult to believe.  Part of
the problem is that the RMX scheme needs to be pushed in a different
way.  Arguing that use of an RMX record will lessen spam traffic is
really the wrong strategy for its adoption.  Instead, it should be
emphasized that RMX helps prevent identity theft by protecting your
domain name from abuse by a third party.

Executives regard their internet domain names as corporate assets.  RMX
provides them with a means to protect the integrity of that assest from
malicious use.  By advocating this aspect of RMX, system administrators
will almost certainly rush to adopt it once it is supported by DNS and
mail servers.  In fact, they would almost certainly pressure software
vendors to support it as rapidly as possible.

I'm not particularly sanguine about the ability of RMX to reduce spam in
the long run, but that is not its true benefit.  Mail abuse is more than
just the torrent of unwanted mail in which we are all drowning.  It is
also the abuse of our company and private assets by outsiders.  RMX
seems like a viable method for protecting those assets at very small
cost.

Just my .02 worth.

-- 
Fred Bacon <bacon(_at_)aerodyne(_dot_)com>
Aerodyne Research, Inc.

Attachment: signature.asc
Description: This is a digitally signed message part