ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] anti-forgery technologies (was: Email Postage)

2008-11-15 18:10:56
from [Rich Kulawiec] [Permanent Link] 
On Fri, Nov 14, 2008 at 07:51:16PM -0800, David Wall wrote:

Rather than devise such a new scheme, think about why SenderID, SPF,  
DomainKeys and plain old S/MIME have not taken off.  These are all open  
standards, free to implement and thus should be attractive.

Yet they are not implemented.  Proving who the sender is would be huge  


Ah, but we can already do so *without* these technologies -- in the
sense that matters -- and we cannot do so *with* these technologies --
in the sense that doesn't.

Let me explain that rather cryptic statement.

If 1.2.3.4 connects to my mail server, then 1.2.3.4 *is the sender* --
or perhaps, more precisely, the sending-system.  Whowever does the
care and feeding of the host at 1.2.3.4 is ultimately responsible
for whatever abuse comes across that connection.  That might include
postmasters, system administrators, network engineers, etc. -- obviously
every situation is different.  But clearly that connection occurs
on *somebody's* watch.

And that's the part that we can do today, without any of these
technologies.  We've been doing it for decades, and we've learned
that holding people accountable based on it works very well.
(We've also learned that not holding people accountable is often
seen as tacit assent to further abuse.)

What we can't do is identify the user.  But this doesn't matter
to any of us *out here*: that's an internal matter for 1.2.3.4's
keepers to work out, and if they're at all competent, their own
logs will *possibly* identify the user responsible for whatever-it-is.

And I say *possibly* because with a few hundred million fully-owned
systems out there, we have to give the possibility that it's not
the user the logs make it appear to be who's actually responsible,
but only the user's system.  And note that even *with* any of these
technologies, there's no help distinguishing these two possibilities
from each other: an attacker fully in control of the user's system
can do anything that the user can do.

If we want these technologies to actually be useful, we're going
to have to do something about retaking those few hundred million
systems and keeping them from being re-owned.  Having observed
this over the past half-decade or so, my sense is (a) nothing
in the least bit effective is being done and (b) I see no signs
that this will change any time soon.

---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Email Postage (was Re: FeedBack loops), Franck Martin
Next by Date:  Re: [Asrg] Email Postage (was Re: FeedBack loops), Barry Shein
Previous by Thread:  Re: [Asrg] Email Postage (was Re: FeedBack loops), Franck Martin
Next by Thread:  Re: [Asrg] FeedBack loops, Jose Celestino
Indexes:  [Date] [Thread] [Top] [All Lists]