Update on mail bombing threats--not so funny

Vadim Antonov avg at pluris.com
Fri Jan 10 20:45:44 UTC 1997


I told it many times already that the freedom of speech includes
not only right to speak but also right not to listen.

Internet is very good at the first part; and woefully indaequate
at the second.

Can it be fixed?  Of course.  But the first step in filtering out
those who are trying to push their unwanted speech on us is to
make sure they won't pretend to be somebody whose words we'd
want to listen to.

So -- the problem has two aspects: the first is authentication,
the second is defense against flooding attacks.   They are
closely related, but not identical.

The source address verification is powerful enough to get flood
attacks stopped.  It is still not enough to get rid of unwanted

The second line of defense should be digital signatures on messages,
certified by some authorities (what is "authority" depends on your
personal point of view -- you're free to choose whom to believe)
which to a some extent make sure that signatures correspond to
physical people.   Then you can just stop accepting any unsigned
mail (note that a reputable anonymous remailer would also check
signatures on incoming messages; and substitute them with its own).

There's no magic technology involved; this is just the problem of
how to actually implement it.  Until we do that we all live in
danger of having our name smeared if some jerk decides he's pissed
and posts some nazi propaganda, or threats, with a reputable person's
e-mail address.  I already was an antisemite, and an agent of KGB,
thank you very much.

Now, how about doing the right thing: make the NANOG list the
first one to require signed messages?  Somebody has to start.

- --vadim

Version: 2.6


More information about the NANOG mailing list