mail-ng
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [mail-ng] Anonimity and cost [was] Re: Why are we here? What are our goals?

2004-01-29 22:49:31
from [Yakov Shafranovich] [Permanent Link] 

Hector Santos wrote:

2)  On contact,  we now have the client access control considerations.

This is where we are struck with.  You tend to believe that machine checking
is all that is required.  I say YES but I also believe that an untrusted
session (anonymous access) also needs authenticate the sender of the data as
well.
The "sender" here, who are you referring to? The originating human user, the originating MUA or the originating MTA? 


Lets consider the utopian solution where we have a central authority system
where all systems must use.  Both clients and servers must register to be
part of the backbone.   In this case, we solve the problem.  No?

Obviously, I think most people do not what a central authority system.

So how much of a deviation from a central authority system can be borrowed
to help address the problem and not give us this "big brother" scare?

This is area we need to get together to decide "how much" are we willing to
consider.
If you consider the network consisting of nodes operating by different ISPs, why isn't tracing the ISP sufficient? Lets say if a zombie machine is sitting out somewhere spewing DDOS packets, isn't identifying the ISP usually sufficient to stop the abuse? The same way, ISPs can be relayed upon to take care of their own MTAs and if they don't, the mail-ng system can account for that with rate limiting or some other mechanism. One of the big problems today is that ISPs are not willing to cooperate with each other in regards to spam, and we must account for "rogue" elements in the mail-ng system as well. 


Is it feasible to suggest that all senders must "sign up" with the receiver
host before it is allowed to send?  Something like an auto-signup concept
for the purpose of tracing and auditing?
Wouldn't that mean that you would have to sign up with every single receiver? Doesn't that mean that the sender's records are spread all over the Net? 

Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Why are both drug addicts and computer aficionados both called users?" (Clifford Stoll) 
-------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [mail-ng+paul-answer] Mailing List, J-F C. (Jefsey) Morfin
Next by Date:  Re: Why are we here? What are our goals?, Hector Santos
Previous by Thread:  Re: [mail-ng] Anonimity and cost [was] Re: Why are we here? What are our goals?, Hector Santos
Next by Thread:  Re: [mail-ng] Anonimity and cost [was] Re: Why are we here? What are our goals?, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]