North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Clueless service restrictions (was RE: Anti-spam System Idea)

  • From: Alex Bligh
  • Date: Wed Feb 18 04:51:26 2004

Tony,

--On 17 February 2004 17:27 -0800 Tony Hain <[email protected]> wrote:

Clearly I misinterpreted your comments; sorry for reading other parts of
the thread into your intent. The bottom line is the lack of a -scalable-
trust infrastructure. You are arguing here that the technically inclined
could select from a list of partial trust options and achieve 'close
enough'. While that is true, Joe-sixpack wouldn't bother even if he could
figure out how. Whatever trust infrastructure that comes into existence
for the mass market has to appear to be seamless, even if it is
technically constructed from multiple parts.
What I am thinking of takes the policy decision at the "end" MTA level,
i.e. the MTA closest to the user receiving the mail. That could be
a techy user on a DSL line. In the case of Joe-Sixpack, it would be whoever
runs POP/IMAP for him. If he runs an MTA without any of this stuff, he
is left where he is now (i.e. gets all mail).

Steve Bellovin suggested earlier that identity based approaches wouldn't
work. While I agree having the identity won't solve the problems by
itself, it does provide a key that the rest of the legal system can start
to work with. False identities are common in the real world, so their
existence in the electronic world is not really any different.
I am not sure you need to go as far as verifiable individual identities for
each sender/user; however, you may need to go as far as being able to
verify identities of MTAs - at least the first one that claims "I have
received this from someone for whom I am prepared to deal with the abuse
consequences".

I guess I
am looking at this from the opposite side the two of you appear to be,
rather than requiring authorization to send, irrefutable identity should
be used to deny receipt after proven abuse.
I am using authorization to permit/deny *receipt* (not sending). Clearly
if enough people deny unauthenticated receipt then in practice it does
imply one needs to authenticate sending. Whether you deny receipt after
proven abuse, or only accept receipt on proven identity is just a policy
decision in the hands of the mail-system-admin as to what they do with
the "don't know" case.

I think this is getting (further) OT for NANOG & I should just write
something up.

Alex