Re: move to second stage, Re: Principles of Spam-abatement
2004-03-14 21:27:54
Ed,
Thank you for the wealth of information. I forwarded this message to the
SMTP-VERIFY subgroup of the ASRG where the current discussion of the
"web of trust" is taking place so we can evaluate the information (the
archive can be found at
http://news.gmane.org/gmane.ietf.asrg.smtpverify/). If you or anyone
else wants to join that list, let me know off-list (its a closed list
with about 30 members, separate from the main ASRG list).
I will get back to you once we digested your paper.
Yakov
Ed Gerck wrote:
Yakov Shafranovich wrote:
Go ahead - I am looking for any kind of solutions that the IETF can take
on in order to reduce the problem. Many solutions have been revolving
around trust - but in the world where a computer can be easily hijacked,
trust becomes harder to maintain.
Trust is the problem [1]. What you mention below is a valid way to
induce trust, namely by relying on trusted introducers (for trusted
*and* distrusted MTAs). The question of qualifying the trusted
introducers themselves is also qualitatively handled in the model you
summarize. One thing that is missing is what I call the trusted
witnesses, which are also necessary to induce trust [2].
Trusted introducers and trusted witnesses allow you to build two
open-ended trust chains for every action, the witness chain providing
the assurances ("how did we get here?") that led to action (including
the action itself) while the introducer chain ("where do we go from
here?") provides the assurances both for a continuation of that action
and for other actions that may need assurances stemming from it.
One example of what the ASRG has been looking at is a distributed web of
reputation. Each MTAs or domain can publish a list of MTAs that it
knows, including basic statistics on how long the MTA has been sending
mail, average volume, etc. In addition to that basic information, you
can also publish additional information such as "I think this is a
spammer because SpamAssasin detects 99% of all email from that MTA as
spam", etc. The basic statistical information can be used to detect
zombies and the extended information can be used to allow like-thinking
domains to make joint decisions. The question of how much difference
this would make is up for debate, and there are questions of how a new
MTA can be introduced into the system, "rule of the mob", etc.
Seeing this as a web of trust would seem to clarify the issues you mention
and point out what's missing. Relying on reputation alone (and not also on
current behavior, etc.) can lead to race conditions, bait-and-switch,
spoofing, laggard reactions, and a host of other threats that are easily
exploitable. BTW, if reputation alone would be a solution, eBay customers
would not have so many problems with online auctions -- the Federal Trade
Commission says it receives more complaints about Internet auction fraud
than any other online scam. Internet auctions accounted for 48 percent of
all Internet fraud complaints filed with the commission in 2003 (1/26/04
article by Brian Krebs on eBay Feedback Forgers).
Comments?
Cheers,
Ed Gerck
[1] Understanding human trust is exactly what brought me to that great
IT question in 1997: how can I trust a set of bytes? My answer provided
a framework that has been useful in the field of information security.
The answer also provides a framework for understanding human trust
(as expected fulfillment of behavior) and bridging trust between humans
and machines (as qualified information based on factors independent of
that information). The original reference is
http://nma.com/mcg-mirror/trustdef.htm
-- please google for "gerck trust" to find applications and comments
by others.
[2] An example is described in
http://nma.com/papers/e2e-security.htm#TR
"...under the principle that every action needs both a trusted
introducer and a trusted witness. We call this principle the
Trust Induction Principle."
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Principles of Spam-abatement, (continued)
- Re: Principles of Spam-abatement, Paul Vixie
- Re: Principles of Spam-abatement, Yakov Shafranovich
- Re: Principles of Spam-abatement, Vernon Schryver
- Re: Principles of Spam-abatement, Dave Crocker
- Re: Principles of Spam-abatement, Yakov Shafranovich
- move to second stage, Re: Principles of Spam-abatement, Ed Gerck
- Re: move to second stage, Re: Principles of Spam-abatement, Einar Stefferud
- Re: move to second stage, Re: Principles of Spam-abatement, Yakov Shafranovich
- Re: move to second stage, Re: Principles of Spam-abatement, Yakov Shafranovich
- Re: move to second stage, Re: Principles of Spam-abatement, Ed Gerck
- Re: move to second stage, Re: Principles of Spam-abatement,
Yakov Shafranovich <=
- Re: move to second stage, Re: Principles of Spam-abatement, Ed Gerck
- Re: move to second stage, Re: Principles of Spam-abatement, Yakov Shafranovich
- Re: move to second stage, Re: Principles of Spam-abatement, Ed Gerck
- Re: move to second stage, Re: Principles of Spam-abatement, Eric A. Hall
- Re: move to second stage, Re: Principles of Spam-abatement, Dean Anderson
- Re: Principles of Spam-abatement, Dean Anderson
- Re: Principles of Spam-abatement, Yakov Shafranovich
- The right to refuse, was: Re: Principles of Spam-abatement, Iljitsch van Beijnum
- Re: Principles of Spam-abatement, Paul Vixie
- Re: Principles of Spam-abatement, Iljitsch van Beijnum
|
|
|