RE: Certificate / CPS issues

[Haren Visavadia]

>OK, so what happens when someone else uses my address, perhaps using 
> my passport, captured from some mail sent by me to someone? 

> I think the term of art is "being Joe Jobbed".

> Every now and then,  I get a bounced report that claims something I
sent 
> is being returned, but it was not sent by me.  This "something" is
most 
>often spam sent to someone else.  Sometimes it contains a virus.
> Apparently this  is a trick to get me to open it.

The CA holds no warranty, making the certificate invalid in legal terms,
since they can not prove the certificate is yours.

Re: Certificate / CPS issues

[Anthony Atkielski]

> I hereby request the list management to remove
> Anthony's email address from the subscriber list,
> so as to not expose the IETF to liability.

Too late ... my incredibly valuable service mark has already been
distributed to the list many times in the headers of my messages.  Clearly
this dilutes the well-nigh awe-inspiring value of the mark and impacts the
staggering commercial value of my business.

> Hmm.. maybe that's not the right attitude, Anthony.

I agree.  But that's exactly what Habeas is trying to do.

> It's pretty clear that there's a fair-use exemption
> if you actually want to USE that domain name for anything.

Fair use doesn't apply to trademarks and service marks.

> Given that the song "Happy Birthday" was/is
> copyrighted ( don't know when it expires, especially
> after the whole Sonny Bono thing), I'd say that any haiku
> that the Habeas crew comes up with qualifies.

Not necessarily.  The Habeas haiku comes closer to a business form or
boilerplate text in a contract, which is not necessarily protected by
copyright.  Additionally, it's not clear that the appearance of the haiku in
(normally invisible) message headers is an infringement, even if it is
covered by copyright.

Overally, there are just too many questions in this case, and the intent to
pervert copyright law is patent.  It's difficult to quarrel with the
copyrightable nature of "Happy Birthday" and the infringing nature of
unauthorized performances; but it is easy to quarrel with Habeas' bizarre
distortion of IP law, and hopefully it would not hold up in court, as it
sets a bad precedent and would significantly chill freedom of speech if it
were upheld.

> And although you may find the creative use of the law
> distasteful, to state that their claims are 'invalid
> prima facie', you need to be able to show that they
> are in fact invalid.

The haiku in question is trivial, like the title of a book.  Additionally,
it is not published in the normal course of e-mail routing.  Users do not
see it, and simple transmission of the work is not necessarily infringement
(after all, the transmission of Web pages to your PC is not infringement,
either, and even caching of pages seems to be okay).  Just about every
principle of and behind copyright protection is being ignored by Habeas.

Odd that Habeas considers this okay, but if spammers went to the same
lengths to distort the law to their own ends, people would form lynch mobs.
I guess the law is great when it protects you, but bad when it protects
someone else, eh?

> Let's see... are the haiku original?  Do they
> meet the Bern Convention requirements for
> copyrightability?

Each message posted to this list is more subject to copyright than Habeas'
haiku.  In fact, the error messages I sent to domains that I reject in
sendmail are more validly protected by copyright than this haiku, and
domains that receive the messages and communicate them to end users are
infringing my copyright.  If that sounds absurd, keep in mind that it is no
more absurd than the ideas promoted by Habeas.

> Note that major companies have had *no* trouble
> enforcing copyright/trademark on slogans as short
> as "it's the real thing" or "you deserve a break today".

Actually, they do.  First of all, short phrases like this are not protected
by copyright; copyrighted works must be non-trivial.  And as trademarks,
they are protected only in narrow contexts (those that might lead to
confusion in the minds of consumers, or those that might dilute the value of
the marks for their proprietors).

> It may not be what the founding fathers had in
> mind in 1790, and it may not match what you *wish*
> it was, but it's how the *current* laws are held to read
> as of today.

No, they aren't.  See above.  Think about Xerox, Coke, and Aspirin, for
example.

> Barring a major judicial reversal (such as was
> attempted in Eldred), we're all stuck with the
> current laws as currently interpreted.

Habeas has not been tested, and there are no highly relevant guiding
precedents (I think).

> IANAL, but it looks to me like the Habeas crew is
> on fairly strong legal footing.

On the contrary, they appear to be treading on extremely thin ice.  But only
a legal test will say for sure.

> Also, they're not trying to stop spam directly.  They're
> providing two services:  (a) a header tag that you can use
> to filter your inbound mail for *NON*-spam, and (b) the
> chance for any spammers to spend enough money on legal
> fees to render it unprofitable.

And what if I consider unnecessary headers in my incoming e-mail as spam?
Then what?  Can I sue or prosecute Habeas?  If not, why not?  After all,
that application of law would be no less farfetched than Habeas' own
attempted application of IP law.

Re: Re[2]: Certificate / CPS issues

[Anthony Atkielski]

Richard writes:

> i might add that the CEO of Habeas, Anne Mitchell,
> is an actual lawyer.

So?  Is she the _only_ lawyer??

There are probably any number of lawyers who would enjoy eating Habeas for
breakfast.

> i am not familiar with Anthony's credentials in the
> field of law. casually throwing legal terms about
> does not impress.

Neither does distorting legal principles in an attempt to control spam.

> this email happens to have Habeas headers, so i presume
> that he will not see it if he is throwing such mail
> out the way he says he will.

I haven't started filtering on it, since Habeas really doesn't appear on the
radar to speak of.

Re: Certificate / CPS issues

[Anthony Atkielski]

Valdis writes:

> ... the biggest question is which spammer (if any)
> is willing to risk the lawsuit to find out.

There might be quite a few.  It might be easy to have Habeas' claims
invalidated, and it would be worthwhile to spammers to get that out of the
way.  Additionally, some organizations might back them, such as the DMA or
the ACLU.

> The same thing is going on currently over on the
> patent law side of the fence - companies will just
> fold and pay the licensing fees rather than fight
> an obviously bogus patent.

They aren't choosing between fighting and going out of business, though.
Would Habeas license its haiku to spammers?

Re: Engineering to deal with the social problem of spam

[Dave Crocker]

Tony,


TH> I would like to see the outcome of a bof be identification of an
TH> approach to globally verifiable authenticated email. I have no doubt
TH> there will be many gaps in our current tool set (starting with a
TH> deployable PKI), and a truck load of operational guidelines to develop.

What is wrong with PGP and/or S/MIME?

How do they fail to provide 'globally verifiable authenticated mail?"

How would something else be different?

Given 10 years of public key authenticated mail, why would something new
succeed?


d/
--
 Dave Crocker 
 Brandenburg InternetWorking 
 Sunnyvale, CA  USA , 

Habeas and spam

[Hallam-Baker, Phillip]

IANAL but I don't take the fact that habeas was founded by a lawyer to
indicate that their idea of copyright law is necessarily enforceable.
Lawyers are notoriously bad judges of their own cases. The guy running
EMarkettingAmerica thinks he can file a case on behalf of unspecified
plaintifs...

The copyright and trademark claims arround the Haiku are a stretch because
Habeas are trying to use one IP regime to achieve the object of another -
patent law. There is case law in the video games area that indicates you
can't use a copyright or trademark claim to make an access control system
closed.

But there is a pretty good argument that unauthorized use of the statement
'approved by Habeas' or similar is a mark. That is like a restaurant
claiming to have three Egon Ronay stars when it does not have any, it is a
pretty clear trademark case.

The Haiku thing might work and is pretty costless, but overall I doubt that
it is necessary. 

Re: Engineering to deal with the social problem of spam

[Paul Vixie]

> What is wrong with PGP and/or S/MIME?

both are unusable by average nontechnical personnel.  not just the daily
use but the initial setup and anything out of the ordinary requires too
much expertise, by far, for many of my current e-mail correspondants to
use.

both rely on nonpermuting gateways and forwarders.  as long as microsoft
outlook strips e-mail addresses out of forwarded e-mail, we're screwed.
as long as line wrapping, mime stripping/mangling, ascii->ebcdic->ascii
translations, and other foul arts are present in the world, neither s/mime
nor pgp can reach a wide enough population to create "the network effect"
whereby either one of them becomes useful, on average, to me or to others
who want them to be useful on average.

s/mime relies on the x.509 pks industry which in is turn based on the goal
of enriching a small number of ca's who have to pay for relationships to
browser/useragent vendors who then make the certs worthwhile.  that can't
scale and hasn't scaled, other than in the case of server certs.  no way
will the average user be willing to pay money for a personal cert signing
if the companies on the list have all spammed them.

> How do they fail to provide 'globally verifiable authenticated mail?"

by appealing only to small communities, they have never created enough
benefit for anyone, anywhere, ever, to be willing to say "if inbound mail
was not signed, just drop it, don't even store it in my inbox" which is
a slightly different question but more apropos to the issue of consensuality.

> How would something else be different?

by starting from the assumption that all successul communications must be
provably consensual, and by making the network agent (think "listening mta")
synchronous with user agent policy ("i don't want mail that isn't provably
beneficial to me, based on the sender's identity, on the trust path from
them to me, and on their authentic promises that this communication does not
have assymmetric benefit to the sender"), and by planning for universal
scalability (no way for thawte or verisign or even rsadsi to get monopoly
economic power or results from it).

> Given 10 years of public key authenticated mail, why would something new
> succeed?

because everything designed or deployed to date has been done by engineers
for engineers.  because this will be made to fit the full spectrum of the
global community, including those at the low end who want assymetric
benefit from nonconsensual communications, and those at the high end who
can't cope with mangled encodings or key rings or signatures.

because (e)smtp has run its course and its model (data model, security
model, you name the model) is bankrupt.  because holding onto it like it
was salvageable if only we could find a vaccine for the plague of spam
has limited the ambitions of all who have tread this path to date.

because the position of "trust broker" cannot be a tiered monopoly in a
system that has to have global scale, and the only people who can think
their way that far out of the loop think that "key signing parties" are
a reasonable alternative.



nevertheless you are still asking the wrong questions and i almost feel bad
for trying (above) to answer them.  don't ask "is this really necessary?" or
"why do we have to discard the current system?" but rather "how long will
the world population tolerate current and increasing levels of mangled or
nonconsensual communication?" and also "who will develop technology to meet
this gaping and obvious need?"

(i don't hold out much hope that ietf will do it, now that i think harder;
the current mix of scientists and vendors and loudmouths aren't sensitive
to the needs or aware of the nature of the broader spectrum of humanity
outside themselves and their current customers.  damn.  i guess i'm wasting
my time and yours on these rants.)
-- 
Paul Vixie

Re: Engineering to deal with the social problem of spam

[Paul Vixie]

> I would like to see the outcome of a bof be identification of an
> approach to globally verifiable authenticated email. I have no doubt
> there will be many gaps in our current tool set (starting with a
> deployable PKI), and a truck load of operational guidelines to develop.

"globally verifiable" isn't a useful condition.  "universally consensual"
is what the market is demanding.  don't make people pay in bandwidth to
receive noncredentialled traffic.  don't let there be a mix of credentialled
and noncredentialled traffic that a user has to spend a percentage of their
lifetime sorting.  if traffic isn't provably desireable by the recipient
then it ought not be transmittable.  if that proof turns out to be based on
false data then the trust path (possibly including one or more trust brokers)
should be poisoned against future falsity.

and in this bof, i suggest that gateways to the current system be shat upon
and never again considered.  when we move, we'll MOVE.
-- 
Paul Vixie

Re: Engineering to deal with the social problem of spam

[Eric A. Hall]

on 6/7/2003 1:40 PM Paul Vixie wrote:

> and in this bof, i suggest that gateways to the current system be shat
> upon and never again considered.  when we move, we'll MOVE.

That's not globally-applicable. Probably better to specify the gateway
tagging, and then ~Paul can reject mail that has the markers, while ~Sales
can devalue mail with those markers in their post-transfer filters.

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/

Re: Engineering to deal with the social problem of spam

[Daniel Senie]

At 03:28 PM 6/7/2003, Eric A. Hall wrote:

on 6/7/2003 1:40 PM Paul Vixie wrote:

> and in this bof, i suggest that gateways to the current system be shat
> upon and never again considered.  when we move, we'll MOVE.
That's not globally-applicable. Probably better to specify the gateway
tagging, and then ~Paul can reject mail that has the markers, while ~Sales
can devalue mail with those markers in their post-transfer filters.
Indeed, some level of gatewaying will likely be necessary for transition, 
and to accomodate intra-company use of embedded devices which transmit 
email alerts (e.g. UPSs, NAS boxes, etc.).

Re: Engineering to deal with the social problem of spam

[Vernon Schryver]

> From: Paul Vixie <[EMAIL PROTECTED]>

> ...
> "why do we have to discard the current system?" but rather "how long will
> the world population tolerate current and increasing levels of mangled or
> nonconsensual communication?" and also "who will develop technology to meet
> this gaping and obvious need?"
> ...

A contrary view that we have seen the crest of the flood of spam
can be argued:

  - spam filtering is a major selling point for all major ISPs,

  - the mass media is talking about spam filtering and spam, with ever
 decreasing sympathy for the "ethikal biznezmen" who are harmed by
 various anti-spam mechanisms, decreasing talk about evil, nasty
 vigilantes, and increasing sympathy for even abusive spam defenses.

  - there are some amazing legal attacks going on.  See for example
 "Legislators Call for Fix to Law Against Unsolicited E-Mails" in
 http://online.wsj.com/article/0,,SB105484626839598400,00.html
 (may require a subscription)

  - the DMA is getting its fingers squashed in some state do-not-call
 lists and the continuing federal DNC evolution.  See
http://www.the-dma.org/cgi/disppressrelease?article=444
http://www.the-dma.org/government/donotcalllists.shtml

  - since the start of the recent series of legal attacks on the worst
  spammers, I've seen a possible leveling off in the total number of
  streams of spam in the system.  The bend in the curve on 
  http://www.dcc-servers.net/dcc/graphs/db-size 
  coincident with the announcement of some legal attacks on spam
  might be an artifact or it might be real.

All of those could be coincidences or illusions, but all of them were
either conceivable or silly jokes 12 months ago.  It is possible that
people have had enough and aren't going to take it any more, much as
people in neighborhoods in some cities in Iraq reportedly decided
enough lawlessness was enough and took steps to control it.

Extrapolating from peaks of lawlessness in Iraq, the Balkans, Lebanon,
and elsewhere implies that the old system of a few, easily broken
locks and a few lightly armed police must be replaced with a full-up
prison state.  However, the local residents eventually decide to deal
with the worst problem makers one way (e.g. vigilantes) or another
(e.g. cooperating with old or external/U.N. civil authorities) and
the apparent need for extreme measures ebbs.  Sometimes, it takes
years for the residents to decide and overcome the problems including
external pressures, but eventually things get better and the old system
prevails.

In other words, Paul, are you sure you're not calling for an ashcroft?

Personally I'm equally convinced of the validity of both Paul's and
the view above.  I'm not convinced either is all or even most of the truth.


Vernon Schryver[EMAIL PROTECTED]

Re: Engineering to deal with the social problem of spam

[Spencer Dawkins]

Disclaimer: there are people who know more about e-mail than I
do, and some of them are on this list. But, to press on.

Ummm, I'm wondering... in my own naive way.

My memories of mail gateways involved SMTP-to-non-SMTP mail
gateways, and the ones I hung around existed because one network
didn't speak SMTP. I can't imagine that there's a meaningful
mail system deployed today that doesn't speak SMTP (even if it's
through a gateway).

Why wouldn't we have mail sending applications that spoke (I'm
making this up) SMTP and MT2, with different URL schemes
(mailto: for SMTP, mailtoauth: for MT2) associated with our
correspondents, let correspondents advertise both ways of being
reached on Vcards, etc., and not worry about gateways?

The idea would be that after I get my friends trained that they
can send me mail at mailtoauth:[EMAIL PROTECTED], and get
subscribed to my mailing lists with this address, I could move
away from mailto:[EMAIL PROTECTED] on my own schedule. If I
hope I never miss an unsolicited e-mail (from my high school
reunion group, for example), I might never move away. If I get
tired of looking at UBE in languages I don't have the privilege
of understanding, I might move away more quickly. But waiting
for the deployment of a gateway infrastructure wouldn't affect
my timeline, either way.

I know this is the dual-stack IPv6 migration strategy two
protocol stack levels higher - would that make any difference?

He asked naively, hoping that an MT2-to-SMTP gateway wouldn't be
necessary... isn't a lot of our mail munging the result of
gateways now?

Spencer

--- Daniel Senie <[EMAIL PROTECTED]> wrote:
> At 03:28 PM 6/7/2003, Eric A. Hall wrote:
> 
> >on 6/7/2003 1:40 PM Paul Vixie wrote:
> >
> > > and in this bof, i suggest that gateways to the current
> system be shat
> > > upon and never again considered.  when we move, we'll
> MOVE.
> >
> >That's not globally-applicable. Probably better to specify
> the gateway
> >tagging, and then ~Paul can reject mail that has the markers,
> while ~Sales
> >can devalue mail with those markers in their post-transfer
> filters.
> 
> Indeed, some level of gatewaying will likely be necessary for
> transition, 
> and to accomodate intra-company use of embedded devices which
> transmit 
> email alerts (e.g. UPSs, NAS boxes, etc.).
> 
> 
> ___
> This message was passed through
> [EMAIL PROTECTED], which is a sublist of
> [EMAIL PROTECTED] Not all messages are passed. Decisions on what
> to pass are made solely by Raffaele D'Albenzio.

Re: Engineering to deal with the social problem of spam

[Eric A. Hall]

on 6/7/2003 3:57 PM Spencer Dawkins wrote:

> Why wouldn't we have mail sending applications that spoke (I'm
> making this up) SMTP and MT2, with different URL schemes
> (mailto: for SMTP, mailtoauth: for MT2) associated with our
> correspondents, let correspondents advertise both ways of being
> reached on Vcards, etc., and not worry about gateways?

Let's separate those concepts.

First, regarding the need for gateways, people will use them no matter
what we say, since there will always be people with mixed installations,
people who need mail from both networks (eg, sales and support), and so
forth. If we dont specify the gateway behavior, the only predictable
outcome is that people will build them without guidance. If we specify
that they cannot be made, people will still make them, and without
guidance. Clearly, the only workable strategy is to specify them, and to
do so in such a way that folks like Paul can reject mail that ever
travelled across a legacy network (that's going to be tough in toto,
considering that MUAs will probably be built to use SMTP as the first-hop
service for a very long time to come).

As for the use of an alternate URI, those are used to tell the viewer
which protocol to use. In the case of outbound mail, it would effectively
be a way for the message recipient to tell the message sender that they
have to use MT2 for the first-hop of the message, which doesn't make a lot
of sense outside closed environments. Furthermore, what happened to the
message after the first-hop would be a result of the mail-routing
information in between the first and last hops, and would not necessarily
be determined by the protocol that the sender used for the first-hop. So,
URIs can't really be used to control the delivery path.

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/

The spam problem is political (Re: Engineering to deal with thesocial problem of spam)

[Marc Schneiders]

On Sat, 7 Jun 2003, at 13:57 [=GMT-0700], Spencer Dawkins wrote:

> Disclaimer: there are people who know more about e-mail than I
> do, and some of them are on this list.

I know absolutely nothing more than the bare minimum needed to keep
sendmail running (so far). That is no reason to stop reading.  If my
idea has some merit, you can stop the spam topic on this list.

Why do people not fill my snail mailbox with junk letters, leaflets?
Because (1) it costs money to print a leaflet and get it distributed.
Also (2) there are (where I live) laws and political deals with
advertizers, that make it a bad idea to use addresses from cd-roms, or
just deliver leaflets to all addresses (direct distribution). If my
mailbox says "NO" I should not get them. And the great thing is, the
Dutch police and justice system can get at those who don't play by the
rules.(*)

Spam costs nothing. Spam comes from all corners of the world, where
the Dutch police doesn't dare to go. And even if they would the Dutch
judges would say it is without their jurisduction. Spam can only be
fought through a worldwide police and justice system. This cannot by
achieved by an RFC. Send this problem to ICANN.

(*) I know that in theory people could evade being prosecuted in
Holland by sending advertizing letters, using illegal address
databases from Tuvalu and contact addresses for themselves in Libya.
But this doesn't happen.

Re: Engineering to deal with the social problem of spam

[Anthony Atkielski]

Dave writes:

> How do they fail to provide 'globally verifiable
> authenticated mail?"

Neither is universally supported.

Re: Habeas and spam

[Anthony Atkielski]

Phillip writes:

> IANAL but I don't take the fact that habeas was founded
> by a lawyer to indicate that their idea of copyright law
> is necessarily enforceable.

Agreed.  Probably 95% of all corporations are founded by lawyers.  That
doesn't mean that they'll always win in court, or even that they have sound
business ideas.

> But there is a pretty good argument that unauthorized
> use of the statement 'approved by Habeas' or similar
> is a mark.

It would have to demonstrably lead to confusion in the eyes of consumers or
dilute the value of the mark.  Since this mark would not even be visible to
consumers, it's hard to see how that could be argued in this case.

Re: Engineering to deal with the social problem of spam

[Paul Vixie]

> > > and in this bof, i suggest that gateways to the current system be shat
> > > upon and never again considered.  when we move, we'll MOVE.
> >
> >That's not globally-applicable.

yes, it is.

> >Probably better to specify the gateway tagging, ...

and we're going to convey trust and credence through a nontrusted system How?

> Indeed, some level of gatewaying will likely be necessary for transition, 

no, it's not.  i really mean it.

> and to accomodate intra-company use of embedded devices which transmit 
> email alerts (e.g. UPSs, NAS boxes, etc.).

let me explain what i mean, in case there's room for compromise.  ibcs will
have to be an end to end system.  there won't be MX RRs for RHS's, but 
rather SRV RRs for destinations -- almost exactly like SIP, i suspect.  so,
rather than the current logic of

($lhs, $rhs) = split /@/, $dest;
@mxset = &lookup($rhs, 'MX');
foreach $mx (sort { $a->prio <=> $b->prio } @mxset) {
return 1 if &try($mx->host, 25);
}
return 0;

we'll see logic of the form

(($srvname = $dest) ~= s/\./\\./go) ~= s/@/./;
@ibcsset = &lookup("_ibcs._tcp.$srvname", 'SRV');
foreach $srv (sort { $a->prio <=> $b->prio } @srvset) {
return 1 if &try($srv->host, $srv->port);
}
return 0;

this means any destination needs a SRV RR.  instead of cracking [EMAIL PROTECTED]
on the @ and looking for the MX RRset for vix.com, it'll get translated into
_ibcs._tcp.paul.vix.com and the SRV RRset will be used to find the possible
agents for this destination.

if smtp fallback is desired, it must be done in the sending user agent, who
upon not finding the SRV RR, could ask "try smtp instead?".  if there's a
NAT or firewall or gateway involved, then the submission protocol between
the user agent and local gateway has to have enough infowidth to express
these conditions and offer these choices.

the idea of an ibcs agent who nexthops through smtp is just right out, other
than because the user's own avatar decides to punch it through smtp to reach
a pager or something like that.

the idea of an smtp agent who can gain a sender's credentials in order to
make promises about mail that came from smtp and has to reach an ibcs
recipient is likewise nonsequitur.
-- 
Paul Vixie

Re: Engineering to deal with the social problem of spam

[Paul Vixie]

> In other words, Paul, are you sure you're not calling for an ashcroft?

completely.  i have met the enemy, and i have also met the potential enemy,
and i know that recipient privacy is nowhere on anybody's mind.  consider
what would happen if the ITU ever finished its debate about e164.arpa and
there a few hundred million voip-reachable phones (either IP to the station
or IP to the central office and analog to the station).  all it would take
a telemarketer is a simple NAPTR/SRV sweep, with SYN-probe, to build a list
of tens of millions of reachable endpoints.  ten racks of linux PC's later,
we'd all be getting round the clock robotic calls from some telespamketer
with some viagra to sell.

i need ibcs to make it possible to keep doing what i used to do in e-mail,
but more importantly i need the "ashcroft" you speak of in order to gain
confidence about SIP callers, or instant messenger or SMS senders.  right
now the security people call this "the PKI problem" and calling it that is
exactly what makes it unsolvable.  i sweartagod the next time i meet an
ivorytowermathtype who wants to tell me how hard something is, i'm just
going to .  We Know How To Do This!  not only that,
but We Know What The Market Demands!

note that brokered anonymity will still be possible.  knowing someone's
identity means knowing that they are somebody in particular, and not 
necessarily knowing their meatspace-corredpondance identity.  i'd be one
of many people who would set my acceptance-filters to allow e-mail 
traffic based on transitive recourse toward a well-heeled trust broker
(who has much to lose if their clients misbehave), even if i might not
accept an e-commerce transaction from someone who didn't want me to know
their name and address in meatspace.

> Personally I'm equally convinced of the validity of both Paul's and the
> view above.  I'm not convinced either is all or even most of the truth.

i have faith in human nature.  if you build a world wide communications
system to make communications easier, It Will Be Used.  by the full
spectrum of humanity.  anybody who wants 1:1 odds against this should
just gimme yer money right now, because it's not even a fair bet.
-- 
Paul Vixie

Re: Certificate / CPS issues

[Valdis . Kletnieks]

On Sat, 07 Jun 2003 08:30:34 BST, Haren Visavadia <[EMAIL PROTECTED]>  said:
> The CA holds no warranty, making the certificate invalid in legal terms,
> since they can not prove the certificate is yours.

IANAL, but you better check with a lawyer on that one.  Depending where you
live, a digital signature *could* be binding even if it's invalid... Yes,
there's some broken legislation out there...

Also, remember that a signature merely proves the signed data and the
public key were accessible to a computational device at the same time.
This is a LONG stretch from actually meaning you signed it intentionally.
See Schneier's "Secrets and Lies", there's a whole chapter on this point,
or just wait till somebody you know gets nailed with the next Sobig/Nimda/Klez
or whatever, and ask if any of the mail they sent out was intentional. ;)



pgp0.pgp
Description: PGP signature

Re: The spam problem is political (Re: Engineering to deal with the social problem of spam)

[Anthony Atkielski]

Marc writes:

> Spam can only be fought through a worldwide
> police and justice system.

If so, that does not bode well for the future.  As far as I can remember,
_nothing_ has been successfully fought worldwide, except perhaps smallpox.

> This cannot by achieved by an RFC. Send this
> problem to ICANN.

ICANN can't do anything about it.

Re: Engineering to deal with the social problem of spam

[Anthony Atkielski]

Paul writes:

> if you build a world wide communications
> system to make communications easier, It
> Will Be Used.  by the full spectrum of humanity.

Then logically, the only way to exclude any part of that spectrum is to make
a communications system harder to use.  I'm not sure that making things
harder is a desirable goal.

Re: Engineering to deal with the social problem of spam

[Eric A. Hall]

on 6/7/2003 6:01 PM Paul Vixie wrote:

>>> Probably better to specify the gateway tagging, ...
> 
> and we're going to convey trust and credence through a nontrusted
> system How?

We can discover without question who the first MT2 system in the path was,
and (assuming that identity information is required, which I do) that
gateway will also have had to present identity information about the
sender. All rules, recommendations, and supportive integrity mechanisms
aside, those are going to be your primary actionable knobs.

Assume that somebody like AOL embraces this system for private transfers
with some other large-scale provider. They probably won't update all of
their submission services beforehand, but instead will just map their
existing authenticated submission services to this system. EG, they'll
see who a particular mail message is from, locate the appropriate user
certificate in their private directory, and feed that into the system.
This same model can hold true for private Exchange, GroupWise, or SMTP
AUTH submission services. All of these are examples of gateways that can
leverage authentication services to map a sender certificate, even if
those networks aren't running MT2 as the native service.

So the problem isn't with "gateways" it's with unauthenticated senders.
Simply put, messages won't make it to the next-hop inside the MT2 transfer
network UNLESS the gateway provides a user cert for the sender identity;
the next-hop would otherwise just reject the message.

Gateway rules (which weren't discussed in any of the above) can give you
more information to act on. For example, you can set your defenses higher
if you see remnants of more than one legacy Received header, or if there
are other characteristics you don't like. Obviously gateways are going to
be necessary, so it's really going to be a question of being able to apply
the right kind of heuristics.

> if smtp fallback is desired, it must be done in the sending user agent,
> who upon not finding the SRV RR, could ask "try smtp instead?".

Conversion in either direction could theoretically occur at any point.
What cannot easily happen is for any message to get past the first hop of
the MT2 network without having entered at a system which did not have
access to user credentials.

[not to Paul, who already gets it: On the subject of identity-tracking,
this subject is a non-starter. Folks can gather and use all of the
identities they want from any number of ISPs and mail services (you can
call yourself [EMAIL PROTECTED] and nobody will care as long as it
validates). This is, in the end, the same level of anonymity that is
available with SMTP today]

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/

Re: Engineering to deal with the social problem of spam

[Vernon Schryver]

> From: Paul Vixie <[EMAIL PROTECTED]>

> > In other words, Paul, are you sure you're not calling for an ashcroft?
>
> completely.  i have met the enemy, and i have also met the potential enemy,
> and i know that recipient privacy is nowhere on anybody's mind.  consider
> what would happen if the ITU ever finished its debate about e164.arpa and
> there a few hundred million voip-reachable phones (either IP to the station
> or IP to the central office and analog to the station).  all it would take
> a telemarketer is a simple NAPTR/SRV sweep, with SYN-probe, to build a list
> of tens of millions of reachable endpoints.  ten racks of linux PC's later,
> we'd all be getting round the clock robotic calls from some telespamketer
> with some viagra to sell.

I can't see enough difference between that rhetoric and the doomsday
scenarios of anthrax in cropdusting airplanes, "dirty nuclear" bombs,
and the rest of the conceivable catastrophes that rationalize locking
us up in our homes in front network TV.

You can't and shouldn't even try to engineer perfect safety from all
conceivable disasters.  Before getting excited about such a
viagra-VoIP bomb, think the likelihood of the first bombing, whether
it could happen a second time after the perpetrators of the first were
drawn and quartered, and whether the costs (not just in money) of
preventing the first detonation are worthwhile.


> i need ibcs to make it possible to keep doing what i used to do in e-mail,
> but more importantly i need the "ashcroft" you speak of in order to gain
> confidence about SIP callers, or instant messenger or SMS senders.  right
> ...

By an "ashcroft" I mean extremely costly (mostly not in money),
insufficiently or entirely unjustified, so called defenses against
potential disasters, where the defenses are of dubious or no real use
(e.g. the new airplane passenger screening) against the ostensible
potential disaster.

I don't understand enough of your notions to see whether I think it
would work or be worse than spam, but I have dark suspicions that they
would turn out like the new and forthcoming "defenses" against "terrorism"
(and "drugs," "child porn," etc.) from the U.S. DOD and DOJ.

Cassandra was right, but her proscription was only to send one woman
home to her lawful husband.


So how about turning down the heat a little and being more technically
specific about your replacement for the Internet?  Since that viagra-VoIP
bomb has nothing to do with SMTP, it seems you're talking about a far
bigger progject than "merely" replacing SMTP.


Vernon Schryver[EMAIL PROTECTED]

Re: Engineering to deal with the social problem of spam

[Paul Vixie]

> By an "ashcroft" I mean extremely costly (mostly not in money),
> insufficiently or entirely unjustified, so called defenses against
> potential disasters, where the defenses are of dubious or no real use
> (e.g. the new airplane passenger screening) against the ostensible
> potential disaster.

ah.  then that's not what i'm advocating.  i want the digital equivilent
of a peephole in my front door so i can ignore the doorbell if i don't
like what i see.  

> I don't understand enough of your notions to see whether I think it would
> work or be worse than spam, but I have dark suspicions that they would
> turn out like the new and forthcoming "defenses" against "terrorism" (and
> "drugs," "child porn," etc.) from the U.S. DOD and DOJ.

i believe, and have always believed, that all communications ought to be
mutually consensual.  that philosophy underlaid my initial thoughts about
both MAPS and DCC, and is part of my motive for trying to get DNSSEC deployed.

plenty, no, *many* are the humans who can reach me by digital
communications for whom my consent is seen as irrelevant (or worse.)  my
son has been receiving pornographic spam for five years, and he just now
turned twelve years old.  did you all who contributed to the creation of
e-mail as a media believe that it should be "rated R, no children under the
age of 17 admitted without a parent"?  for my part, i did not.

or consider the "e-mail appending" data miners, who believe that my consent
to receive a magazine by postal mail somehow implies my consent to receive
anything else that publishing conglomerate wants to send me by e-mail.  (one
is sender-paid, the other is not, and my consent cannot be implied.)

due to accidents of fate, the CIX.NET MX RR points at my personal server.
it turns out that there are now many millions of valid @COX.NET mailboxes,
and that through normal error rates i receive several dozen misaddressed
messages per day, usually several of them being microsoft passport ACK's
containing enough information for me to commit identity theft if i so
desired.  a lot of the mail is quite personal in nature, too.  is this
how we thought e-mail would grow up and meet its larger audience?  not me!

the current system is utterly laughable and if it were proposed apriori
it would be laughed out of the room.  that which was suitable for polite
early adopters in the R&E community is completely unsuiable for the full
global population, And This Should Come As No Surprise To Anybody.

> So how about turning down the heat a little and being more technically
> specific about your replacement for the Internet?  Since that viagra-VoIP
> bomb has nothing to do with SMTP, it seems you're talking about a far
> bigger progject than "merely" replacing SMTP.

here's the problem.  if we had end-to-end personal certificates that were
widely deployed and universally presented, it would become reasonable to
try to wire an smtp listener to reject all but certified traffic -- but
since pornospammers could and would acquire signed certificates, we'd
have to do some kind of pgp-like kevinbacon-like "degrees of separation"
logic to find out about trust.

it turns out both of those are missing.  and creating them is a bigger
problem than rewiring smtp would be.  and that once they exist they will
have equal applicability to IM/ICQ/SIP/etc.

as usual, i would be happiest if someone else would take this on: i'm Busy.
however, that's not why i don't write a detailed proposal.  my goal at the
moment is to discover whether the ietf possesses a "collective will" and
if so, whether it is "willing" to take on this much larger problem.  so far
the answer seems to be not just "no" but "hell no!"
-- 
Paul Vixie

Re: Engineering to deal with the social problem of spam

[Vernon Schryver]

> From: Paul Vixie <[EMAIL PROTECTED]>

> ...
> > So how about turning down the heat a little and being more technically
> > specific about your replacement for the Internet?  ..

> here's the problem.  if we had end-to-end personal certificates that were
> widely deployed and universally presented, it would become reasonable to
> try to wire an smtp listener to reject all but certified traffic -- but
> since pornospammers could and would acquire signed certificates, we'd
> have to do some kind of pgp-like kevinbacon-like "degrees of separation"
> logic to find out about trust.
>
> it turns out both of those are missing.  and creating them is a bigger
> problem than rewiring smtp would be.  and that once they exist they will
> have equal applicability to IM/ICQ/SIP/etc.
>
> as usual, i would be happiest if someone else would take this on: i'm Busy.
> however, that's not why i don't write a detailed proposal.  my goal at the
> moment is to discover whether the ietf possesses a "collective will" and
> if so, whether it is "willing" to take on this much larger problem.  so far
> the answer seems to be not just "no" but "hell no!"

Imagine if you will (since it's true), that I don't have any real idea
what you're talking about.  I understand only that you think that PKI
is hopelessly broken (golly gee, what a surprise) and that something
else easy and obvious (to you but not me) is The Solution.  Assume
(since it's also true) that I've lost track of the number of times
someone has announced Third/Forth/Fifth Generation Computing, Artificial
Intelligence, True Artificial Intelligence, For Sure This Time Really
True Artifical Intelligence, the Solution to the Von Neumann Bottleneck,
Real Computer Security, Really Real Computer and Network Security,
The Solution To Spam, and any and everthing else.  Many of those
announcements came from bright and sincere people who were only
overstating their points.

All I can see is the truth of your point that pornospammers could and
would acquire signed certificates, that each of us have a single digit
kevinbacon-like separation from any pornospammers, and that most of
us are closer to some pornospammer than to someone else we'd like to
hear from.

What do you expect me to do?  I won't answer your draft notice
"hell no I won't go!" but I'm not going to enlist until I have a
glimmer of where you're sailing and what's under the decks.


Vernon Schryver[EMAIL PROTECTED]

Re: Engineering to deal with the social problem of spam

[Theodore Ts'o]

On Sat, Jun 07, 2003 at 07:28:12AM -0700, Dave Crocker wrote:
> Tony,
> 
> 
> TH> I would like to see the outcome of a bof be identification of an
> TH> approach to globally verifiable authenticated email. I have no doubt
> TH> there will be many gaps in our current tool set (starting with a
> TH> deployable PKI), and a truck load of operational guidelines to develop.
> 
> What is wrong with PGP and/or S/MIME?
> 
> How do they fail to provide 'globally verifiable authenticated mail?"

Again, I'd like to repeat my observation that we don't need to provide
"globally verifiable authenticated mail" in order to solve the SPAM
problem.  Given the notable lack of success in setting up a global PKI
after more than decade of trying, assuming that this is a prerequisite
for solving the SPAM problem is merely setting ourselves up for failure.

Bare keys will do; consider a system where people keep a list of those
keys that they will accept mail.  If someone tries to send mail and
their key is not on the recipient's list, the mail is returned to them
until they can perform a Hashcash calculation consuming a non-trivial
amount of CPU time, at which point their key is placed on the
recipient's list, and the sender can retry to send the message.  If a
recipient receives SPAM, they simply drop the key of the sender from
their "ok-to-receive" list.

This avoids the whole requirement of binding identities to names via a
global system that everyone trusts, and it avoids the problem of
determining who to trust regarding whether someone is or isn't a
spammer.

I'm sure this isn't the only way to do things, but I'm also sure this
is far more practical than any scheme that requires a global PKI.  

- Ted