botnets: web servers, end-systems and Vint Cerf [LONG, sorry]

• Previous message (by thread): botnets: web servers, end-systems and Vint Cerf [LONG, sorry]
• Next message (by thread): botnets: web servers, end-systems and Vint Cerf [LONG, sorry]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I look forward to your paper on "the end to end concept, and 
> why it doesn't 
> apply to email" ;)

Clearly the answer is that it never has applied to email in the pasts.
Hosts don't email each other, people do. People have always relied on
Internet postmaster services to enable Internet email. Given that we
have already thrown out the end-to-end concept from day one, why must we
maintain such a brain-dead flat architecture. People who wanted the
end-to-end concept used to use "talk" on UNIX and Windows popup messages
until recently. Now, even those people have shifted to a hierarchical
architecture of instant-messaging servers.

> I'm not convinced there is an email architecture problem of 
> relevance to the 
> discussion. People mistake a security problem for its most 
> visible symptoms. 

There is more than one security problem here. A well-thought-out email
architecture will only address one of those security problems.

> The SMTP based email system has many faults, but it seems 
> only mildly stressed 
> under the onslaught of millions of hosts attempting to 
> subvert it. 

It depends where you measure that stress. The decline of Internet email
mindshare in favour of IM and Web forums indicates to me that it is
severely stressed at the user level.

> We may need a trust system to deal with identity within the 
> existing email 
> architecture, 

Bingo!

> but I see no reason why that need be 
> hierarchical, indeed 
> attempts to build such hierarchical systems have often failed 
> to gather a 
> critical mass, but peer to peer trust systems have worked 
> fine for decades 
> for highly sensitive types of data.

Peer-to-peer is a form of hierarchy. If you decide to trust X, Y, and Z
and also trust all the hosts that X, Y and Z trust, then you have a
trust hierarchy carved out of the peer-to-peer space. So if I trust AOL,
Earthlink and Verizon, and I also trust all those trusted by these
three, then you can't talk to my mail server until you arrange trust
with me, or with one of the three trusted mail systems. Fact is that the
email architecture does not include any form of trust and things like
Sender-ID and DKIM are only bandaids that don't solve the problem and
introduce additional insecurities.

Additionally, if we can introduce hierarchy into the mail flow, we also
introduce points at which cost-based models of spam prevention can be
tried. If you can pay a penny a message to guarantee that your mail gets
delivered quickly, bypassing any spam-filtering checkpoints, then that
is something that the majority of users would buy into and the money
provides grease for the wheels of the system, making it worthwhile to do
things like set up an email peering agreement.

Let's face it, the Internet of the early 90's is gone. It won't be
coming back either. The challenge now is to operate a network that is
capable of being *THE* global communications infrastructure. If the
public Internet doesn't adapt to this job, then other networks will
leverage the IETF's technology to do so.

--Michael Dillon

• Previous message (by thread): botnets: web servers, end-systems and Vint Cerf [LONG, sorry]
• Next message (by thread): botnets: web servers, end-systems and Vint Cerf [LONG, sorry]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]