At 2:14 AM -0400 2003/10/07, Ken Hirsch wrote:
So they trust 95% of IP addresses, instead of the 0.1% that they should be
trusting..
Not true. Many of those IP addresses are perfectly trustable.
Even the ones in DSL/dial-up space. They're used by responsible
people who run reasonably secure MTAs, or they don't run MTAs at all.
The problem is that you don't know which ones are trustable and
which ones are not. Nor do you know whether this address which was
trustable fifteen minutes ago is still trustable now.
Worst, there is no feasible way of determining whether or not a
particular IP address is trustable, except to watch its behaviour and
see if it does anything untrustworthy. Even then, you'd have to make
sure that the IP address wasn't spoofed, or that the connection
wasn't hijacked, etc....
This is a fundamentally unsolvable problem.
Where is the analysis that it won't scale? It seems to me that the
current system where AOL has to block 2 billion spams a day is the
one that has high overhead.
The blocking of 2 billion spams a day is not scalable. Trust me,
I worked there, and I helped create the first generation of the
anti-spam controls that were used. We ended up having to write our
own MTA in order to get the level of control we needed.
However, this issue is not relevant to the subject of whether or
not they decide to trust a given set of IP addresses, or refuse to
trust a different set of IP addresses. The concept as a whole is not
scalable, regardless of which trust model is employed.
But I won't give up on authentication, because without it all the
other proposals are a joke. The criminals will run their own name
servers and abuse any consent-framework.
Right, and they'll be perfectly happy to be completely
authenticated and identifiable. And they'll exist in other countries
where you can't touch them legally, and you're right back where you
were.
Most DDoS attacks these days don't even bother with spoofing
source IP addresses, because it's not necessary. I see no difference
here.
If authentication must be DNS-based, so be it, but it must be POSITIVE,
white-list based authentication, not blacklists, and authentication
against a trusted third party, not against name servers of unknown
control.
Authentication does not help solve the problem. However, towards
the end that so many people are focussed on the issue of
authentication as opposed to the end result, I agree that it must be
done as a white-list based method.
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg