Re: [Asrg] Email service assumptions and making system-wide changes
2006-01-16 18:19:18
On Jan 16, 2006, at 11:32 AM, Dave Crocker wrote:
The nature of Internet applications is that they go through
incremental change over extended periods of time, both adapting to
changes in the environments and adding mechanisms to support added
functionality. Much like a social process...
Folks need to observe that the other global communications services
lack the kinds of authentication mechanisms that are so readily
claimed to be "essential" for today's proper Internet mail
operation. That those other services have other features, which
tend to mitigate the abuses that dominate Internet mail, is a
matter of accident, rather than planning.
On the matter of a redesign, we have two problems:
1. It is not clear that it is needed. Those claiming the need for
a redesign take it on faith that one is needed. This is akin to
ready-shoot-aim. A re-design effort makes sense only after two pre-
conditions are met:
a) new requirements are formulated and gain community consensus,
and
DKIM is a good start, provided SSP is scuttled. Constraints on From
address will be highly disruptive, impractical to obtain, and yet
easily circumvented by bad actors. Perhaps at some point email
readers and list-servers will accommodate a strategy where the From
address represents a component of the transport, rather than the
author of the message, but to what end?
Rather than depending upon super human vision, or the acquisition of
thousands of look-alike domains by the various institutions, a
cryptographic signature allows the recipient's email application to
register and uniquely recognize a prior correspondent. This source
recognition models the innate ability of humans to identify a unique
voice or a face. By highlighting recognized sources, attempts at
pretending to be one of these correspondents would be easily noticed
by the lack of highlighting.
The signature also allows the signing-domain to include a non-spoof-
able opaque-identifier that could be used to track the account used
to gain access without introducing yet another email-address. A
large portion of spam is from compromised systems. Providing third-
parties a low cost solution to tracking such systems would be a
positive step at overcoming this significant problem. For example,
there are many services that offer a free system scrub, but the
account in trouble must be notified. This type of opaque-identifier
would also allow the recipient's email application to detect intra-
domain spoofing without any administration and verification of
specific authorizations of who can use what email-address. Email-
address freedom and independence can be retained using this approach.
The heuristic I use for considering system-wide responses to spam,
and the like, is to ask whether the feature would be good to have,
even if abuses were not a major problem. Hence, current abuses
serve merely as motivators.
Being able to recognize a prior correspondent should represent a
desirable feature independent of the role this could play at abating
abuse. Source recognition also allows blocking the account, without
expecting a miscreant to cooperate and always use the same email-
address.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
|
|