On Tue, Jun 23, 2009 at 12:14:30AM +0200, Claudio Telmon wrote:
The attacker can collect the tokens provided to the system owner in
order to communicate with other people. It will then be able to send
spam to the owner's correspondents. These, in turn, can see that spam
arrives with the tokens they provided to the system owner, inform the
system owner about this fact and invalidate the tokens.
This is unworkable for multiple reasons, not the least of which of scale:
as of a few years ago, there were at least a hundred million compromised
systems, and the number today is certainly much higher. There's no
good way to inform the former owners of those systems, there's no reason
to believe that they'll see the notification (especially if automated,
since the new owners of those systems can prevent them from seeing it),
there's no way to stop those systems from emitting bogus notifications,
the recipients' systems may themselves be compromised, etc. Not to
mention it's a LOT of work for everyone to keep track of all these tokens.
Any proposal (not just anti-spam) which depends on the presumption that
end-user systems are secure or securable is dead-on-arrival *until*
the zombie problem is solved, and there is at the moment nothing at all
happening to indicate that problem is even being seriously addressed,
let alone "solved".
---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg