ietf-mailsig
[Top] [All Lists]

Re: Replay attacks and ISP business models

2005-08-07 18:13:36

wayne wrote:
Are you seriously suggesting not worrying about the replay attack
until it is widespread?

Widespread is different than seen in the wild. At this point,
there's no evidence that I'm aware of that it's been seen
in the wild. I wouldn't expect it for quite some time --
why would they bother right now? A lot can happen between
then and now, so I'm not sure that proceeding way down _any_
one line of defense is all that wise.

                                       For one, it's not
clear that if domains -- in an effort to maintain their
reputation -- start spam-filtering their outbound mail,
you'd reduce the effectiveness of the so-called replay
attack by about 2 orders of magnitude. It seems to me that
it's pretty likely that they'll find something else to do
if that scenario plays out.



I don't see how filtering their outbound will help much in preventing
the reply attack.

It doesn't prevent it, it just makes it less likely to be
a viable vector: if 99% of your spam campaign is not leaving
the outbound ISP, my guess is that you're going to look for
other distribution mechanisms. We're already seeing a shift
on that anyway, right? With zombies, right?

I really like the formulation I heard here: a lot of the
utility of signing is in just getting spammers and other
miscreants to attack somebody else instead of me. Eventually
we may be able to close the noose, but until then I'd just
assume at least they not sully my name.

                Mike

<Prev in Thread] Current Thread [Next in Thread>