is it time to make the list moderated? :) .--------------------------------------------------------- | Aaron Beck, Internetworking Engineer. E: aaronb@mpl.net | Meridian Partners Limited. We Simply Do More. http://www.mpl.net `------------------------------------------------------------------
is it time to make the list moderated? :)
No. But it is time to start rejecting messages which are not PGP-signed with a registered key.
Thats going to be fun. Might as well unsubscribe now so save the extra hassle posting. Alex -- +--------------------------------------------------------------------+ | Alex Kinch Network Operations | | alexk@ftech.net / +44 468 892 492 Frontier Internet Services | +--------------------------------------------------------------------+
That's something I would ABSOLUTELY support. On Tue, Nov 18, 1997 at 01:57:32PM -0800, Vadim Antonov wrote:
Aaron Beck wrote:
is it time to make the list moderated? :)
No. But it is time to start rejecting messages which are not PGP-signed with a registered key.
--vadim
On Wed, Nov 19, 1997 at 11:54:15AM -0500, Dorn Hetzel wrote:
That's something I would ABSOLUTELY support.
On Tue, Nov 18, 1997 at 01:57:32PM -0800, Vadim Antonov wrote:
Aaron Beck wrote:
is it time to make the list moderated? :)
No. But it is time to start rejecting messages which are not PGP-signed with a registered key.
--vadim
Hmmm.... now that's an interesting idea. I don't know if my key is registered, but I have no problem with doing so if necessary.... (I believe that Dorn did certify it some time ago :-) -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly to FULL DS-3 Service | NEW! K56Flex support on ALL modems Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
The problem with this is that the denial of service attack just moves. Hostile parties just start sending bogus signed messages, (i.e. formatted random numbers), and it is very costly for the mail exploder to check the signatures, and they shut down the list server, by this. One day perhaps in 2007, we may be able to exchange cryptographicly signed messages, and trust the systems we use, but there are still a number of problems to solve before you should think about doing that. (Anytime it cost the attacker less than the victim, particuarlly when its several orders of magnitude difference, these attack will continue and the protocols to avoid them are complex and not generally understood, although a lot of the TCP syn attack stuff, will apply, i.e. compressed state, selective discard, etc.) In message <19971119103745.03601@Mars.Mcs.Net>, Karl Denninger writes:
On Wed, Nov 19, 1997 at 11:54:15AM -0500, Dorn Hetzel wrote:
That's something I would ABSOLUTELY support.
On Tue, Nov 18, 1997 at 01:57:32PM -0800, Vadim Antonov wrote:
Aaron Beck wrote:
is it time to make the list moderated? :)
No. But it is time to start rejecting messages which are not PGP-signed with a registered key.
--vadim
Hmmm.... now that's an interesting idea. I don't know if my key is registered, but I have no problem with doing so if necessary.... (I believe that Dorn did certify it some time ago :-)
--- Jeremy Porter, Freeside Communications, Inc. jerry@fc.net PO BOX 80315 Austin, Tx 78708 | 1-800-968-8750 | 512-458-9810 http://www.fc.net
I don't think performance is an issue. My alpha (F.ROOT-SERVERS.NET) is not among the fastest machines Digital makes, but it can verify hundreds of PGP signatures per second (assuming an even distribution of sizes from 1K to 10K.) I also don't think random signatures are a problem. The right way to approach this is that if a message submitter is not in the relay's web of trust -- which means any NANOG member can "sign up" any new NANOG member -- then it dies on the floor. I think there are plenty of people here willing to donate the time and the machinery for this, but the question remains: is MERIT willing to put it in place and let the volunteers run it?
On Nov 19, Paul A Vixie <paul@vix.com> wrote:
I think there are plenty of people here willing to donate the time and the machinery for this, but the question remains: is MERIT willing to put it in place and let the volunteers run it?
And if not, is MERIT willing to close this list, and accept a list housed elsewhere as the "official" NANOG mailing list? The NANOG organizers at MERIT are as close to in charge as we get around here, so it really is up to them.... ********************************************************* J.D. Falk voice: +1-650-482-2840 Supervisor, Network Operations fax: +1-650-482-2844 PRIORI NETWORKS, INC. http://www.priori.net "The People You Know. The People You Trust." *********************************************************
participants (8)
-
Aaron Beck -
Alex Kinch -
Dorn Hetzel -
J.D. Falk -
Jeremy Porter -
Karl Denninger -
Paul A Vixie -
Vadim Antonov