Clueless service restrictions (was RE: Anti-spam System Idea)

• Previous message (by thread): Clueless service restrictions (was RE: Anti-spam System Idea)
• Next message (by thread): Clueless service restrictions (was RE: Anti-spam System Idea)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tony,

--On 17 February 2004 17:27 -0800 Tony Hain <alh-ietf at tndh.net> wrote:

> Clearly I misinterpreted your comments; sorry for reading other parts of
> the thread into your intent. The bottom line is the lack of a -scalable-
> trust infrastructure. You are arguing here that the technically inclined
> could select from a list of partial trust options and achieve 'close
> enough'. While that is true, Joe-sixpack wouldn't bother even if he could
> figure out how. Whatever trust infrastructure that comes into existence
> for the mass market has to appear to be seamless, even if it is
> technically constructed from multiple parts.

What I am thinking of takes the policy decision at the "end" MTA level,
i.e. the MTA closest to the user receiving the mail. That could be
a techy user on a DSL line. In the case of Joe-Sixpack, it would be whoever
runs POP/IMAP for him. If he runs an MTA without any of this stuff, he
is left where he is now (i.e. gets all mail).

> Steve Bellovin suggested earlier that identity based approaches wouldn't
> work. While I agree having the identity won't solve the problems by
> itself, it does provide a key that the rest of the legal system can start
> to work with. False identities are common in the real world, so their
> existence in the electronic world is not really any different.

I am not sure you need to go as far as verifiable individual identities for
each sender/user; however, you may need to go as far as being able to
verify identities of MTAs - at least the first one that claims "I have
received this from someone for whom I am prepared to deal with the abuse
consequences".

> I guess I
> am looking at this from the opposite side the two of you appear to be,
> rather than requiring authorization to send, irrefutable identity should
> be used to deny receipt after proven abuse.

I am using authorization to permit/deny *receipt* (not sending). Clearly
if enough people deny unauthenticated receipt then in practice it does
imply one needs to authenticate sending. Whether you deny receipt after
proven abuse, or only accept receipt on proven identity is just a policy
decision in the hands of the mail-system-admin as to what they do with
the "don't know" case.

I think this is getting (further) OT for NANOG & I should just write
something up.

Alex

• Previous message (by thread): Clueless service restrictions (was RE: Anti-spam System Idea)
• Next message (by thread): Clueless service restrictions (was RE: Anti-spam System Idea)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]