Re: the O(N^2) problem
I received an off-list request: "Could you clarify what precisely you are trying to secure?" I fear that perhaps I am still too vague. When one accepts an email[*], one wishes for some sort of _a priori_ information regarding message trustworthiness. DKIM can vouch for message authenticity, but not trust. (A valid DKIM signature shows that selected headers/content have not been forged, but does not vouch for content.) If I receive email from someone I trust, there's a good chance it's something I want. If from someone who someone I trust trusts, there's still a good chance. As the chain lengthens, trust becomes a bit dicier. What I propose is orthogonal to DKIM. I've also been asked to set up a separate mailing list. I'll do that, and stop pollu^H^H^H^H^Htrying to elaborate on NANOG. [*] Discussion limited to one example, but could be expanded. Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
On Mon, Apr 14, 2008 at 01:41:50PM +0000, Edward B. DREGER wrote:
When one accepts an email[*], one wishes for some sort of _a priori_ information regarding message trustworthiness. DKIM can vouch for message authenticity, but not trust.
At the moment, this problem can't be solved on an Internet scale, because there are on the order of 10e8 fully-compromised systems out there. Many different estimates have been proferred over the years; the most recent I've seen is from Rick Wesson at Support Intelligence, who offered 40% as his guesstimate; if there are 800M systems on the 'net, that'd be about 320M. But the exact number is unknowable and in some sense unimportant: the difference between 128M and 172M doesn't matter for the purpose of this discussion. And I believe there is widespread concurrence that whatever the number is, it's going up. The new owners of those systems can do anything with them they want, including forging (and cryptographically signing) outbound mail messages using any SMTP authorization credentials present on it, or any SMTP access implied by its network location(s). (They can also, if they wish, arrange to conceal incoming replies to this traffic from the former owners.) Until that problem's solved (and I don't see any solution for it on the horizon) then it will undercut any number of interesting approaches worthy of significant discussion, not just this one. It's the elephant in the room, and until it's banished, it will keep getting in the way. ---Rsk
participants (2)
-
Edward B. DREGER -
Rich Kulawiec