The problem with both of your arguments is in the assumption that a full set of keys needs to be maintained locally, or that a web of trust will solve the problem. While the web of trust idea works among a small set where people can trust someone to vouch for someone else, it doesn't scale. What are the liabilities for not removing the abuser from the web of trust? Who is actually responsible for making sure it happens? What is the recourse mechanism when revocation doesn't happen?
Like it or not, trust is a political issue, and something the IETF is particularly inept at dealing with. The only way this works at scale is to have well established international legal process involved in the key infrastructure. There may be technology issues involved in making signature checking a <=1 click process, but without the appropriate political infrastructure in place, there is no value in doing that work. It is time for the IETF to move past the adolescent petty BS, and involve the ITU in developing a workable PKI, from both the technical and political perspectives. Tony > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert > G. Brown > Sent: Friday, February 20, 2004 6:32 AM > To: Iljitsch van Beijnum > Cc: Vernon Schryver; [EMAIL PROTECTED] > Subject: Re: How Not To Filter Spam > > On Fri, 20 Feb 2004, Iljitsch van Beijnum wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 20-feb-04, at 2:15, Vernon Schryver wrote: > > > > > That sounds like the old "authentication solves spam" hope. It was > > > wrong before SMTP-AUTH and it is still wrong. > > > > Guess what, it is impossible to "solve" spam the same way it is > > impossible to "solve" burglary. At least with authentication you get to > > have whitelists that work. If you get a message with my email address > > in the "from" line it could be from anyone. If it is signed with my PGP > > key you know it came from me personally or someone went through a LOT > > of trouble to get access to my private key and the key phrase. > > > > The usefulness of authentication could be further extended by building > > a web of trust where people vouch for the fact that others aren't > > spammers. Obviously spammers will slip through from time to time, but > > anyone who spams or keeps vouching for spammers will be removed from > > the web of trust. But even if this part doesn't work authentication is > > still useful. > > It is useful only if you only get mail from a small, closed group of > people, almost by definition, as I think Vernon and others have pointed > out. I get mail from complete strangers all the time -- I'm a "known > expert" on at least one of the lists that I'm on and random people mail > me for advice and free technical consults. I also have extensive > physics teaching resources up on the web and get email from random > students all over the country. I have a couple of GPL projects in use > by various people that I don't know, and get random mail from the > unknown users. I get mail from friends of friends, from relatives who > are completely clueless about technology in general and who would run > screaming at the very mention of the words "electronic signature" or > "encryption" (unless of course it were integrated into Microsoft > Outlook). Most of this is mail that I could care less about being > signed -- I wouldn't bother to validate the signature at all if it were > and there was ANY WORK AT ALL involved in doing so. > > Nobody is arguing that electronic signatures aren't useful. Of course > they are. So are bulletproof vests, armored cars, and bars on windows. > So are armed couriers who carry messages in booby trapped briefcases > handcuffed to their wrists. They are useful when your body, your money, > your house are in a very hazardous environment or there is something of > great value at stake. They are just very >>expensive<< measures, in > both money and human time and hassle. In some cases, expense and hassle > or not, they don't work. Bars on windows are all very well but not when > somebody kicks in your door, copies your key when the car is in the > shop, or when there is a fire and you need to get out of a window or > die. And they're ugly. > > This is all about cost-benefit and the realities of the messy, chaotic, > ignorant world of mail users the world around. In nearly all cases the > cost-benefit of signing or encrypting all messages and maintaining > strict, reliable lists of ALL your correspondants' keys is > overwhelmingly negative. The work involved vastly exceeds the work > required to merely delete spam that makes it through ordinary > intelligent filters, and the filters don't require any sort of massive > database of keys that would probably neither succeed in its purpose or > scale if it were built. > > Even when it isn't obviously negative -- for example when I'd very much > like to be able to send in grades at Duke via email, which is obviously > only possible if the messages are electronically signed, as this would > definitely save me a few minutes of work a semester -- surprise > surprise, turns out that the registrar's office wouldn't know an > electronic signature if one was dangled in front of their face, the > university has no centralized database set up for keys, if it DID have > such a database and the registrar's office DID understand electronic > signatures, it would still need mind-numbingly transparent tools for its > essentially untrained office staff to be able to read my email > containing grades and authenticate the signature. Number of clicks <= > 1. Training required = none. Signing and/or validating a signature to > anyone on campus, known or unknown, would have to be reduced to one > click (or none at all). We could do this but we don't. Why not? > > It is not because Duke is a "backwards institution" in terms of its IT > -- quite the contrary, I think we do rather well and have even won > awards that suggest that others agree. It is because the cost of > setting all of this up EVEN with (at this point) a decent campus wide IT > infrastructure, a SISS database from peoplesoft, and campus wide > authentication mechanisms and user-specific control over access to > database fields, the OPPORTUNITY COST of making all of this work is > greater than the cost of making me find a fax machine or walk the grades > over to the registrar's office. They might do it somedayfor other > reasons, but it is of limited utility in the grand scheme of things > relative to its cost for NEARLY ALL PURPOSES so it won't be soon. > > Now, if it is not going to happen right away in this relatively small, > relatively advanced technical environment because of a lack of apparent > cost-benefit at an institutional scale, how exactly is this going to > scale to the entire Internet? There one doesn't even have the > underlying universal kerberos-based authentication scheme (so that we > can know who is who from the point of view of accessing resources) or > integrated database (so a known individual can access data they are > entrusted with). And if one DID, what database is going to robustly > scale to 10^8 entries distributed globally, at what cost? And finally, > IF you built it, would it work or would somebody metaphorically just > kick your door down, copy or steal a key, or cut a hole through your > cheap wooden walls? Would you find yourself unable to see through your > windows for the bars and shutters and deprived of light and air from > outside, would you be unable to get out in case of a fire, would you > discover that your non-tech wife and kids can't figure out how to solve > the puzzle lock you installed on the front door and are forced to live > in a tent on the front lawn? These are metaphors, sure, but they are > pretty good ones. My wife, at least, has a hard time dealing with email > at all, given that she types with two fingers and is somewhat luddite in > her general world view, and she is CAPABLE relative to a lot of people > who manage to use email. > > Note that this is NOT ABOUT PROTOCOLS. As you have so aptly > demonstrated, it is entirely possible to sign messages already with open > source tools that are nearly universally available. NOTHING prevents > people from developing new tools and integrating existing tools to make > all of the above happen automagically and transparently except that > commercial vendors don't think that they'll make any money for it if > they do, and open source software developers (who WILL eventually solve > this problem without any sort of guidance) tend to be driven by at least > a degree of personal need. So far the tools have advanced to where a > computer expert can use them, and nobody has invested the energy to make > those tools idiot proof and fully integrated, although there are some > who are working on it. > > I'm not about to sign messages to this list because (lacking those > tools) it is a PITA to do so, nor do we have each other's key data so in > any event I cannot verify that this is actually from you or you from me. > We may never meet. I may not know anybody that you know that I would > trust to "sign your keys". This doesn't matter. WITHOUT keys, I trust > that I'm replying to mail that really is from you (whoever you are:-) > and am glad that we can communicate clearly and "reasonably" confidently > without the cumbersome burden of keys. We could even get to be quite > good friends without meeting and without key exchange (I certainly have > many good friends I only "know" from email exchanges). > > The only advantage of signed mail is for me to be sure that mail from > you is really from you. Lacking a universal and all-encompassing list > of keys of possible correspondants, however, I still have to look at all > my mail as I might get unsigned mail or mail from people that whose > signature I cannot validate or whose signature it is too much trouble to > validate. Furthermore, it is generally pretty obvious when mail from > people I DO "know" is really from those people -- my wetware neural > network is really, really good at reading their "signature" from what > they type, especially when I can look at headers, call them on the > phone, carry on a continued conversation with them if I am in any doubt. > I have a harder time recognizing people I know on the phone than I do in > an email message. > > Signed messages have a purpose that is worth the effort for a tiny > fraction of all email communications, under the same general conditions > as the metaphor of the briefcase and handcuffs above or when a real > signature would be appropriate. When information that MUST be kept > private is mailed, when data is mailed that MUST be validated against a > particular individual with legal force. If anything does drive the > development of a reasonably scalable (institutional level, at least) > electronic signature/encryption scheme it will likely be things like > HIPPA. Duke may not care much about protecting/validating my gradesheet > when there are simple alternative secure channels for its delivery, but > it is likely to be forced by federal law to care about > protecting/validating hospital data in transit, and the cost of hand > delivery and moving paper everywhere (which has security risks of its > own) is much higher. The nonlinear constraint of a federal mandate and > possibility of legal suit creates an opportunity cost advantage to > making signatures and encryptions work which, in turn, is likely to > drive real developers, both commercial and noncommercial, towards > engineering a real solution. Laws DO matter and CAN drive technical > innovation. > > rgb > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.4 (Darwin) > > > > iD8DBQFANdJTN+eEORsfxOYRAkk1AKCuNlZC3Te7VsC7UTiVcHu9CTGrBgCdFjAJ > > 5v4Y06Kl7UosCH6d9OJpvII= > > =eFuO > > -----END PGP SIGNATURE----- > > > > > > -- > Robert G. Brown http://www.phy.duke.edu/~rgb/ > Duke University Dept. of Physics, Box 90305 > Durham, N.C. 27708-0305 > Phone: 1-919-660-2567 Fax: 919-660-2525 email:[EMAIL PROTECTED] > >
