In response to the various threads on authenticated email...
Yes, there is a value to authentication, even weak authentication. The vast
majority of spam uses a forged origin address, according to our measurements
and those of the FTC. By forged origin address I mean it was sent without
any form of authorization by the domain owner.
Call this what you like, but this is considered a serious problem by the
ISPs and they are planning to take action to stop it. In particular there is
no reason why hotmail should accept tens of millions of posts with forged
headers purporting to come from Yahoo and vice versa.
Authentication is not weak, it is merely one part of the access control
problem. You also require authorization. Everyone proposing AuthN schemes
knows that.
Of course email is a longstanding infrastructure and members of the ietf
tend to think that their use of the infrastructure is the one that matters.
Before you get too worked up however, consider the following facts:
1) End users hate spam
2) ISPs are going to change the protocols to fix it
3) The side effects of existing spam filters and blacklists are terrible
In case you don't believe 3, take a look at the history of faction fights
between the blacklists. Listing each other was popular sport for a while.
Organizations such as move.on have been blacklisted as a result of campaigns
by their opponents who would sign up for the list then report it as spam.
We see the same thing with checksum based schemes. One of the participants
in the ASRG list reports as spam all email sent by other members he has
attacked in the flame wars he keeps starting.
What we are talking about here is authentication as a means of bypassing
spam filters. Nobody is should simply reject email for not having an RMX or
any other authentication mechanism.
What will happen is that the spam filter will change the estimate
of spam probability in response to the presence of valid RMX, the
presence of invalid RMX and abscence of RMX.
So if an email purports to be from hotmail.com we might have the following
probabilities:
A) Comes from RMX IP address 5% probability spam
B) Does not come from RMX IP address 95% probability spam
C) RMX not available 50% probability spam
In case A the probability is probably low enough to simply whitelist (note
this is assuming that the spam filtering is stateful in the extreeme and the
probability for bozo.com with RMX might be 50%, exactly the same for no
RMX).
Case B is not quite high enough to reject (5% false positive rate is
unacceptable). But the threshold for rejection on content inspection would
be much lower, we only need to be about 90% sure it is spam to reject at an
acceptably low false positive rate, for case C we would have to be 99.5%
sure it is not spam to reject with the same level of accuracy.
Of course you probably expect me to say something about digital certificates
and PKI as well.
PGP is Pretty Good Privacy, the web of trust design becomes somewhat
unwieldy when you try to deal with authentication. It becomes tractable if
you change the model to a key centric PKI such as XKMS which is a standards
based evolution of the PGP Key server model. Once you get to that stage
however you have a PKI and the functional equivalent of CAs...
There are a couple of problems applying S/MIME/PGP and SSL cryptography to
address the spam problem.
Message level enhancements such as S/MIME have been designed to work
end-to-end. They have significant impact on the mail transport and they
authenticate individual users rather than domains. This is good if you want
to authenticate end users, but that is more granularity and hence expense
than the spam problem requires.
SSL and STARTTLS allow encryption and authentication of the Internet hop of
the mail process. this is a partial solution but fails in cases such as mail
forwarding and in particular mailing lists. So some adjustment may well
prove necessary there, although that is a detail.
The reason that digital certificates are going to be needed is that the mail
sender wants to have confidence that their messages are going to get
through. People can construct schemes with PGP if they like, and many
members of the IETF will have great fun using them, that is not a commercial
threat I am going to spend much time worrying about. Before Moore's law
another Moore gave his name to the Moore Bound, a lower bound on the
diameter of a graph. Strong trust in large graphs requires nodes of high
degree, in the PKIX world they are called CAs.
I don't see any problem with multiple CAs either. With SSL certificates some
people think that any certificate that is recognised by the browser is OK.
So there might be an advantage to going to a Bucket-shop CA whose
authentication procedure is no more than checking that your credit card
payment clears (yes they do exist).
With spam however the spam senders are going to start to try to acquire
credentials to send spam. So zero-authentication CAs are going to be the
first targets. Getting a certificate from a CA with strong authentication
procedures is going to be much more costly - particularly if there is
legislation and even more so if the credentials are considered disposable.
The comparison to think of is with business registration. There is little to
stop a crook registering one crooked business. However it is very hard to
register a hundred crooked businesses a day.
Another point to consider is that the identity certificate is only the start
of the process. Other credentials can be layered on top of a certificate.
For example a 'trusted sender' type credential might be layered over a
digital certificate, possibly comming from an entirely different source. So
you might have a CA saying 'I have authenticated Alice by process XYZ' and
an auditor saying 'I have determined Alice is an unmitigated spammer'.
Phill