From: Tony Finch [mailto:dot(_at_)dotat(_dot_)at]
Usenet did not escape spam. Spammy usenet servers were not
reliably cut off - certainly the trust relationships between
server operators did not provide an effective way to stop
spam. Your last sentence above is the reason why: keeping
legitimate communication working is more important than the
inconvenience of spam.
That coupled with the difficulty of separating the legitimate communication
from the spam.
In USENET and BGP the trust relationships are only bilateral hop by hop. So I
am vulnerable if anyone I connect either directly or indirectly connects to a
spammer.
In other words USENET is a perimeter security model with 100,000 plus
independently administered entry points. It it any wonder that it has
essentially collapsed? (my ISP no longer provides NNTP as base service and this
is now the norm).
There is no accountabilty.
You can apply the same logic at the level of BGP routing:
there are trust relationships between networks, some of which
are clean and some of which are infested with criminals. The
latter spoil it for the rest of us but they are still not cut off.
Which is why the first step in securing BGP has to be to provide credentials
that allow route advertisements to be tracked to source.
Again, there is no real accountability.
For a third example of reluctance to punish the innocent,
look at the hatred directed at DNS blacklists that
deliberately block people who are unlucky enough to be too
close in network space to spammers.
The problem there was the blacklists demanded others be held accountable but
refused to be held accountable themselves. They would arbitrarily blacklist
sites and then refuse to unblock them. Some openly boasted of using 'collateral
damage', holding innocent parties hostage as a means of creating leverage to
cause an IS to comply with an arbitrary policy unliaterally set by the
blacklister.
This time there was accountability but the system itself was not sustainable
because the guardians of accountability were not accountable.
Given this, your proposed architecture is just as vulnerable
to botnets as the open SMTP architecture. There are always
going to be enough admins who don't cut off infected machines
and who also have enough legitimate customers that their
upstreams won't cut the whole network off. This will be
enough to poison the well.
Agreed, unless someone can propose a different architectural principle I see no
reason to expect an entirely new Internet architecture to perform any
differently than the existing one.
Accountability is a new or at least unachieved architectural principle. As Dave
Crocker points out there is no reason to create a new SMTP (and by extension
new DNS, new BGP) unless one has first shown why the new proposal cannot be
achieved as an extension or modification of the existing.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf