ietf-asrg
[Top] [All Lists]

Re: [Asrg] attention bonds, was Email Postage

2008-11-25 11:47:04
On Tue, Nov 25, 2008 at 09:11:47AM -0600, mathew wrote:
A few hundred million fully-compromised systems.

So, how come SSL hasn't been hacked around?

Why should anyone bother?  If the goal is, for example, to send spam,
then it's not necessary.  If the goal is to steal end-users' credentials
or credit card numbers or whatever, then a keystroke logger will suffice.
If the goal is to read the contents of the end-users' disk volumes
(for whatever purpose) then just reading them will do.


 Any proposal like this
must also be accompanied by a viable plan to un-compromise those systems
and keep them that way.  Otherwise it's dead on arrival.

In that case, all proposals are dead on arrival and we may as well shut down
this list.

No, there are plenty of other ideas (and implemented systems) which do not
rely on the presumed integrity of those end-user systems.


Since the definition of spam, for me, is what I say it is [...]

That is not the correct definition of spam.  The correct definition
of spam (in the context of SMTP) is "unsolicited bulk email".


Not if they forge it from your friends' systems, which of course they
have long since demonstrated that they can do at will.

The last time I received spam sent by a friend's system was... never. I'm
sure it happens, but the fact that it does isn't a consideration as far as
*I* am concerned.

If you are going to propose a global solution, then you must take account
global problems.  You should also not presume that spammers will sit back
and do nothing if/when it's deployed -- they're already demonstrated the
ability to respond rapidly and undercut poorly-thought-out ideas and
implementations.  So one of the questions that should occur to you
is *why* spammers, having that ability well in hand, have largely not
bothered to exercise it...thus far.


And again, you're raising a hurdle it's impossible to pass. If you assume
that a system can only be acceptable if it cannot be bypassed by
compromising systems, then no system is going to be acceptable.

In the case of end-user systems, yes.  No proposed anti-spam methodology
can rely on the integrity of end-user systems, because we are all well
aware (or should be) that they are already compromised in enormous numbers,
with more becoming so every day.  (Conversely, any that *does* rely
on that presumed integrity is very brittle, and will be completely
undercut whenever it pleases spammers to do so.)

Note please: "end-user systems".  I think there's at least a fighting
chance of securing non-end-user systems by judicious choice of operating
system, configuration, etc.


---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg