Mark Foster wrote:
On Wed, Mar 03, 2004 at 02:37:23PM -0500, Yakov Shafranovich wrote:
In the current world the closest approximation we have to reputation
systems that are planned with LMAP are blacklists and Senderbase. Given
that current blacklists have numerous problems, why would any proposed
reputation or accrediation systems of the future be any different? How
are we planning on avoiding the same problems we have today in the
future, if we want to deploy such systems?
I've been doing some research into the use of STARTTLS and certificate
verification. The possibility exists for overlaying a
PKI trust model onto the email infrastructure... not just S/MIME and
PGP/GPG, but securing the message relay transmissions (MTA to MTA).
The problem with the PKI model is key distribution. If we follow the
current SSL scheme that might work BUT then you are making Verisign and
other CAs the gatekeepers for the Internet - and can have repercussions.
For example, in the SSL market according to
(http://www.securityspace.com/s_survey/sdata/200402/certca.html),
Verisign and Thawte have 30% and 20% each. HOWEVER, according to
(http://www.thawte.com/html/CORPORATE/today.html), Thawte is owned by
Verisign, which implies that 50% of the SSL market is controlled by one
company. Do you really want a few companies to choose who gets the right
to send email? Of course, a distributed system like DomainKeys can help
with some of these problems, but the main problems that blacklists have
are still there.
Also, SSL certificates today only *idenfity* the site, not provide its
reputation. Changing CAs into reputation systems, will involve a whole
new set of challenges. These challenges are mostly present today in
blacklists which is exactly what worries me - I don't see yet how any of
these problems can be avoided in any reputation systems.
Here are some of the problems with the idea.
1. Most if not all of the MTAs do not support certificate
revocation lists (CRLs) or OSCP (although Exim will very soon).
2. The existing CAs do not sell these "types" of certificates (usually
just web server, s/mime for email and code signing).
3. The existing CAs do not fit easily into the role currently played
by the DNSBL folks. They would need to revoke certificates upon receiving
complaints from the community at large about abuse.
#1 and #2 can be solved (#2 especially since CAs will jump at it).
HOWEVER, #3 is what worries me. What does "abuse" mean, how do we know
that any of these CAs will be any more responsible than SPEWS is today?
What about lawsuits? Dealing with different standards of spam and
different legal standards?
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg