[Top] [All Lists]

Re: [Asrg] 6. Proposals - A Brief Defence of "Pull"

2003-10-01 17:12:51
At 11:49 PM +0200 2003/10/02, Dag Kihlman wrote:

                  It is true you do not need a pull system to have a blacklist
 but since the IP address must be valid a longer time the blacklist works
 best together with a pull system.

The same can be said for existing use of greylisting plus an enforced delay before you will accept the message, in combination with black lists and message content reporting systems.

You offer no advantages here, for all the extra costs you would be imposing.

 I agree fully when you say that some pull servers will be attractiv to hack.
 In a pull system the best way to avoid blacklists is to hack pull servers.
 With SMTP you do not have to do it, it is a complete waste of time. That is
 why I suggested encryption. If the mails are encrypted and the key trown
 away there will be no point in hacking the pull server. After "decryption"
 the mails will be unreadable. :-)

It is sufficiently difficult to properly implement cryptographic message signing, much less message encryption. Moreover, the existing systems implement this sort of thing where the spare CPU is most available -- on the client. You would be increasing by untold orders of magnitude the amount of message encryption that would be required (above what is happening today), and you would be doing it centrally -- the one place in the architecture that has the biggest CPU crunch already.

Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
    -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

Asrg mailing list