ietf-asrg
[Top] [All Lists]

RE: [Asrg] Trust relationships etc.

2005-07-22 12:46:13
Brian Azzopardi replied up here to something quoted way down there:

Yes of course. But what's the point? 


Well, if you're interested...

Reputation schemes will only be effective if enough people implement
them, 

Well no. For instance - we can consider DNSBLs as sources of reputation
reports pertaining to (usually) the source IP "identity". This identity is
not typically subject to any "authentication" since we normally think of it
as "practically unforgeable". Or a locally maintained blacklist, even. We
only need one or two participants in these simple reputation schemes.
Generally of course, we'd expect reputation to become more useful as the
observation is wider (and deeper).

Sure, but it also becomes subject to corruption and misuse, too... it's easier 
for someone to maliciously "joe job" someone, the way Comcast was recently 
tricked into blocking all incoming mail referencing "afterdowningstreet.com".

and it will still *not* solve a spamming zombied machine.

Depending on what identities we're collecting reputation scores for, this
need not be the case. A zombied machine will tend rapidly to loose what
good reputation it had.

Right, but again, that's locking the door after the horse is gone.

Authentication is not an answer - we must assume that all data sent from
a zombied machine can be falsified and that authentication details can
be stolen.
 
I think you're missing the value of authentication. We'd like to "know"
that a message does indeed "belong" to the identity asserted (e.g. as the
"sender"). Then we can apply the reputation associated with that identity
when assessing the message. Or to put it another way; we'd expect that the
reputation for an *authenticated* identity would be a *better* predictor
(of future behaviour associated with that identity) than would be the
reputation of an unauthenticated identity.

The problem is that it encourages one to make go-nogo decisions based on 
PREVIOUS behavior.

Part of that means allowing messages from a recently-compromised machine 
because 
it used to be reputable.  Another (equally or even more nasty) component is now 
not accepting mail from a system because it had briefly been zombied, after 
it's 
now again clean.

If an authenticated identity is associated with a spam stream, I don't care
whether it's a zombie or a "real person". That credentials can be stolen,
or misappropriated tokens presented, isn't relevant. Messages claiming that
identity will be associated with the poor reputation.

Exactly, and that's not really fair, nor is it even justified.

If one can reliably differentiate "good stuff" they send from "bad stuff" the 
spambot is sending, then it's crazy NOT to do that.

Spam filtering has to be done on a per-message basis.
 
It certainly can be - but can also be done on other bases.
Messages are not simply isolated blocks of text. They're parts of a stream
(or body) of mail that has properties which may be worth considering.

But back to your original question, the "point" would be that reputation
scores pertaining to authenticated identities might be useful input to
statistical (and heuristic) filters. You may feel that these filters are as
good as they need to be - I suspect that this won't always be true.

In the end analysis, I'm not sure that reputation and authentication are EITHER 
necessary OR sufficient... or, for that matter, that they even add enough to 
the 
reliability of the differentiation function to justify the effort of deriving 
them.


Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections!  http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg