ietf
[Top] [All Lists]

Re: authenticated email

2003-06-04 11:46:46
Stephen Sprunk writes:
Thus spake "Michael Thomas" <mat(_at_)cisco(_dot_)com>
It depends on what you mean by signing. Signing a message in and
of itself ought not hurt anything modulo software bugs, etc. But the
real question is what does the receiving program (MTA, MUA) do
with that signature? At the very least it could verify the signature,
but then what? If it doesn't verify do you drop it? (transitive trust
comes into play, but most likely). Does it do anything beyond that?

Well, if you use a score-based anti-spam system, the lack of a signature
could "cost" a message a few points, but that's  about it.

Or signed, uncost it.
 
The root problem here is we're trying to define an authentication system
without also defining the authorization or accounting systems to use it.

One could obviously start envisioning servers with
known spammer keys, etc. Some have mentioned
whitelists but blacklists seem also possible so
far as they'd go. This isn't actually much
different than current practices, afterall.

I'd love to have somebody refute my personal and
completely unobjective observation that most
spammers (like virii hackers) are not very smart.
It's quite obvious that djinning up new key pairs
would be pretty simple (if relatively CPU
intensive), but look at the lag time between where
the current crop of filters are and the spam
that's sophiciticated enough to get around it. My
filters seem to catch -- even now -- about 80% at
least, and I haven't even upgraded spamassasin to
the Baysian version. Could the interval between
prevalence of signatures and spammers getting wise
to both needing to sign and needing to djinn up
lots of keys buy enough time to keep one step
ahead? My feeling is that it might. And I'd think
there would be huge economic incentives to move to
the next step before or as that starts to happen.

Let me ask something in return: do you think that
just the act of signing mail -- with no trust
roots implied -- could help?

It does, at least until spammers start signing their email too.

Does my signature on this message make you trust it more than, say, the ten
ads you got this morning for Viagra?  Why or why not?

Well, that's the implicit question. If the vast
majority of mail were signed -- with or without
trust roots -- would we be better off than the
current state of affairs? That is, could something
that hasn't been invented or utilized today be
possible if mail were simply signed? There's an
obvious bootstrap problem with all of this, and if
there were some marginal value of to what an MTA
or MUA could do *without* any messy trust issues
mandatory, then maybe the network effect might
allow more and more sophisticated schemes to
emerge.

                Mike



<Prev in Thread] Current Thread [Next in Thread>