ietf-asrg
[Top] [All Lists]

Re: [Asrg] Email Postage (was Re: FeedBack loops)

2008-11-16 17:16:26

On November 15, 2008 at 21:40 rsk(_at_)gsp(_dot_)org (Rich Kulawiec) wrote:
On Sat, Nov 15, 2008 at 08:07:34PM -0500, Barry Shein wrote:
I see. You haven't the slightest idea how such a system might work
(first paragraph), but you're very certain about its flaws (second
paragraph).

Yes, I'm quite certain.  I don't *need* to know the details of how such
a system might work in order to recognize that the current security
situation will allow it to be undercut the moment abusers decide
it's worth their time and trouble.

Wow, what a globally negative attitude. Maybe this needs addressing?

As far as I know SSL hasn't been cracked directly. There's been quite
a bit of social engineering (e.g., phishing) but that's not quite what
I'd call "cracked" and although some progress can and will be made on
that it's still kinda like letting someone in your house because they
claim they're from the gas company w/o checking credentials carefully.

So anything as hardened as web SSL certs is probably a
counter-example, no?

I suppose it leads to what level of success can be considered
reasonable progress?

For example, a lot of spam is designed to get by spamassassin and its
bayesian filters, but that does that mean spamassassin and bayesian
filters should be abandoned, or should never have happened?

-- 
        -Barry Shein

The World              | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Login: Nationwide
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg