On Sun, Mar 07, 2004 at 01:26:47AM +1300, Peter Gutmann wrote:
Eugen Leitl <eugen@leitl.org> writes:
"A way that works" would involve passphrase-locked keyrings, and forgetful MUAs (this mutt only caches the passphrase for a preset time).
"A way that works *in theory* would involve ...". The chances of any vendor
of mass-market software shipping an MUA where the user has to enter a
No, that was a definition. I made no statement about how users take to passphrases, and vendors implementing this unwelcome feature. Works well for me, though. password
just to send mail are approximately... zero.
I agree. It doesn't mean signing (whether in MUA or MTA level) is useless. Only a tiny fraction of all systems is compromised, and if those systems use signed mail blocking them is actually easier (generating new keys on an 0wn3d machine introduces extra degrees of complication, and limits the rate of mail sent). If this is adopted on a large scale, nonsigned mail would automatically increase the spam scoring function, further speeding adoption.
Filtering for signed/vs. unsigned mail doesn't make sense, authenticating and whitelisting known senders by digital signature makes very good sense.
In that case you can just filter by sender IP address or something (anything) that's simpler than requiring a PKI. Again though, that's just another
Parsing headers is problematic, and signatures work at user, not at IP level (there are public mail services which serve millions of users with just a few IPs). You can as well sign at MTA level, if users are authenticated, and each of them has a signature.
variant of the "Build a big wall" dream. In order to have perimeter security
you first need a perimeter. If the spammer you're trying to defend against is your own mother (because she clicked on an attachment you sent her, it says so in the From: address, that's actually a spam-bot), you don't have a
Every exploitable system will be exploited, if a sufficient incentive is present. You can't get around the fact that we need to modify the infrastructure. Specifically for spam, facultative strong authentication is a part of a solution (there is no single solution, because it's a complex, adaptive problem). perimeter.
All you have is a big pile of Manchurian candidates waiting to bite you.
When I get virus mail from someone who has my email in my address book, it would be nice if that mail was signed, so I could contact her, and tell her she has a problem. Facultative strong authentication doesn't nuke anonynimity. It does shift it into darker, seedier corners of communication, though. Which is only natural: trolls thrive on anonymity, giving it a bad rap. Which is why we need a nym supporting infrastructure. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]