the O(N^2) problem

Rich Kulawiec rsk at gsp.org
Mon Apr 14 14:24:37 UTC 2008


On Mon, Apr 14, 2008 at 01:41:50PM +0000, Edward B. DREGER wrote:
> When one accepts an email[*], one wishes for some sort of _a priori_
> information regarding message trustworthiness.  DKIM can vouch for
> message authenticity, but not trust.  

At the moment, this problem can't be solved on an Internet scale, because
there are on the order of 10e8 fully-compromised systems out there.  Many
different estimates have been proferred over the years; the most recent
I've seen is from Rick Wesson at Support Intelligence, who offered 40%
as his guesstimate; if there are 800M systems on the 'net, that'd be about
320M.  But the exact number is unknowable and in some sense unimportant:
the difference between 128M and 172M doesn't matter for the purpose of
this discussion.  And I believe there is widespread concurrence that
whatever the number is, it's going up.

The new owners of those systems can do anything with them they want,
including forging (and cryptographically signing) outbound mail messages
using any SMTP authorization credentials present on it, or any SMTP access
implied by its network location(s).  (They can also, if they wish, arrange
to conceal incoming replies to this traffic from the former owners.)

Until that problem's solved (and I don't see any solution for it on
the horizon) then it will undercut any number of interesting approaches
worthy of significant discussion, not just this one.  It's the elephant
in the room, and until it's banished, it will keep getting in the way.

---Rsk




More information about the NANOG mailing list