Op zondag 28 augustus 2005 00:31, schreef Tijl Houtbeckers: > On Sat, 27 Aug 2005 23:01:15 +0200, Sander Devrieze > <[EMAIL PROTECTED]> wrote: > > Hi Sander, I admit to not reading carefully enough that what you were > saying was actually in the context of the ideas you were suggesting.
np <snip> > Well, so what are you suggesting is a "whitelist" of certificate issuers > (simuliar to the root CAs). What would be the criteria for a "jabber CA" > to be on the whitelist? Will it be their responsibility to combat the spim > or will that be the responsibility of those they issue it to? Their task is to make it more expensive for spimmers. The system I am suggesting might need improvements of course. So they will be a small barreer (money or time to pay) for companies like Google or individuals to set up a Jabber server, but a huge barreer for people with bad intentions or people that are too lazy to keep their server up-to-date with the latest anti-spim features (as they will need to get every time a new certificate). Remark that when the "price" of a certificate is too low, the authority will lost his status of whilelisted certifier. So, also they will profit if they make it harder for spimmers to get a certificate, they might set up a blacklist of people that may not register, they might take legal actions against the spimmer (this will be probably only used by the commercial authorities),... So the system is like buying a stamp (with money or some time) before you can connect a server to the _public_ network. This stamp will be useable to send a unlimited set of good letters, but if you want to spim (or do not stay up-to-date with anti-spim features), your stamp will become invalid and you need a new one. If you are a hardcore spimmer, the authorities will become more suspicious against you, and so the price (price of the certificate, time, maybe even lawsuits) will become higher. Remark that all this will happen automatically, just like prices increase when demand increases and when supply decreases in economy. > If you choose the first, what will happen if a CA gets blacklisted? All > their certificates become invalid? (in other words it becomes pretty > pointless,it's just moving the problem up one level). Yes, that is the part that maybe needs changes. > If you go for the second, why not use existing certificates rather than > introducing a new top level? Existing ones cost money (verisign, etc.) > and/or effort (CAcert). You can even self sign and have others accept it > (that's effort too). Yes, I agree it is better to use existing authorities. As long as the system will be also open for other people that seems ok. E.g. assume there is an enthousiast community member that wants to be authority for home-brewn public Jabber servers, I don't think we should deny him: if he is suspicious enough before he give people a certificate, he will not loose his status of official issuer. > The point is, if you're just gonna introduce accountability there is no > point as long as our XMPP network itself has such low standards of anti > spim measures and spim related techology (eg. spim detection: I seriously > doubt any automated spam detection will work very well on spim). The authority might require you for example to fix or disable in band registration before it gives you a certificate. Another requirement might be that you deny access to your server from spimming people. Remember that a server will not be blacklisted immediately when some user of it starts spimming; it should be a structural spim problem: many spim and no actions from the server admin to solve the problem after other servers pointed the server to the problem. E.g. imagine that MSN and Google are on the public Jabber network, Google detects spim from MSN servers, Google contacts MSN in a private message to report the problem and claims damages if they not fix it before..., MSN do not solve the problem and do not pays the indemnifications, Google will report the spim problem to the authority, the authority will warn MSN that if it do not take actions that point 2.1 and 6.3 of the contract will become valid, Google also can make the spim problem public so that the press might solve the problem, finally the JSF Members (or some other instance), can decide to retract the license of the authority. The same can be applied for home-brewn Jabber servers but without all legal stuff (that depends on the authority you choose). So in general: the market will create a pressure on public servers to deny spimmers and it will encourage servers to innovate on anti-spim features and to provide us with improvements to the protocols regarding anti-spim. All this will require less actions from the JSF. > What > Google does is acountability at the user level (for Google Talk). And in > the case of email, they use technology (spam filtering). That doesn't mean > we can't do the same for Jabber *servers*, The system I suggest will result that Jabber servers from individuals will need to take anti-spim efforts and if they don't and are lazy, they will be dennied from the public network. This anti-spam efforts can be: * temporary disabling public registration * incorporating anti-spim features in their public registration * block the spimmers * contact server implementators to wishlist anti-spim features (or send patches) * contact the standards-jig list to wishlist protocol changes to fix issues that allow spim or to suggest new JEPs with anti-spam features * asking money for an account * punish spimmers harder > however in practise I think > that will lead to a "federation" model where handpicked servers are > whitelisted, All servers that are very hard for spimmers will resist in the public network. The servers that can't provide a good protection against spimmers, will die (cfr. Darwin ;-) ). > either at the individual level or in some orginazation. Not a > truly open model. > > So how could we make a truly open model? One possibility (as seen on this > list) are the developing trust relationships, and "sharing" these in a > FOAF like manner, or more effective spam fighting (cross server > blacklisting for example, like often done with email). > > A less touched approach is taking the accountability to the user level, in > a cross server fashion. I wouldn't like having to have an "account" of > some sort (or another form of proving I'm a human and that I will behave > on their server) on every server that I would have a friend on so I can do > S2S, I think it is enough if the server has a form to prove you are human during registration on the server. We can force admins doing this by the authorities system I suggest. If the admin do not prevent bots, he might get users sending spim and so he can loose his certificate to be allowed on the public network. <snip> > In short, I think introducing accountability for servera (by certificates > or another method) is overrated as a solution for combatting spim (or > spam). All it does is take the problem one level up (to servers) from > where it really comes (users), which seems fine till the spimmers come in > and suddenly a whole server gets blacklisted (and you see the problem also > propagates to the next level). Same when you take it yet another level > higher (whitelisting CAs). I don't agree. If the server admin takes actions to solve the spim, he *never* will loose his certificate. If he is blacklisted because he did nothing, he is punished as he will loose users. If it is a commercial server less users means less earnings. So it is the money that finally drives them to be very hard for spimmers and help us with techniques to fight spim. > The only real solution for a truly open network, where in reality you'll > have "good" servers and "bad" servers (signed or not!) is combatting spim > itself, by making sure it doesn't get send, and that when it does the user > doesn't see it. There's nothing wrong with letting the servers take part > of the work in doing that (that's the Jabber way after all) but since the > problem is at the user level ultimatly I think part of it will have to be > solved there. If you do it right "well behaving" users on decent secure > "trusted" servers will have little hassle, and servers/users with a worse > or more unknown reputation would have to go through more trouble. If you > start excluding them, how can you still call it an open network? It will be an open network with opt-in. The requirement for the opt-in is that you promis to not send spim to other servers. So it still will be fearly easy for me to set up my personal Jabber server and connect to the network. I only need to dissable public registration (also via a web form), and trust myself for not sending spim ;-) I agree it will be harder for public servers for the mass (with public registration) as we need to require them to fight spim. I agree that we might have less public servers made by enthusiastic members of the community left afterwards. But it might result in more servers of providers, companies, and instant messaging companies. So this small fee can make a killer feature for mass adoption of Jabber/XMPP...providers even might want to send email over XMPP... ;-) -- Mvg, Sander Devrieze. xmpp:[EMAIL PROTECTED] ( http://jabber.tk/ ) _______________________________________________ jdev mailing list jdev@jabber.org http://mail.jabber.org/mailman/listinfo/jdev
