[15533] in cryptography@c2.net mail archive
Re: The future of security
daemon@ATHENA.MIT.EDU (Ben Laurie)
Wed Jun 2 09:16:08 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 02 Jun 2004 13:15:25 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: astiglic@okiok.com, iang@systemics.com, smb@research.att.com,
cryptography@metzdowd.com, rgb@enhyper.com
In-Reply-To: <E1BTjGY-0008OA-Ji@medusa01>
Peter Gutmann wrote:
> No they won't. All the ones I've seen are some variant on the "build a big
> wall around the Internet and only let the good guys in", which will never work
> because the Internet doesn't contain any definable inside and outside, only
> 800 million Manchurian candidates waiting to activate. For example
> MessageLabs recently reported that *two thirds* of all the spam it blocks is
> from infected PCs, with much of it coming from ADSL/cable modem IP pools.
> Given that these "spammers" are legitimate users, no amount of crypto will
> solve the problem. I did a talk on this recently where I claimed that various
> protocols designed to enforce this (Designated Mailers Protocol, Reverse Mail
> Exchanger, Sender Permitted From, etc etc) will buy at most 6-12 months, and
> the only dissent was from an anti-virus researcher who said it'd buy weeks and
> not months.
SPF will buy me one thing forever: I won't get email telling me I sent
people spam and viruses.
> The alternative proof-of-resource-consumption is little better,
> since it's not the spammers' resources that are being consumed.
Nevertheless these resources are limited, and better security would make
them more limited.
> There is one technological solution which would help things a bit, which is
> Microsoft implementing virus throttling in the Windows TCP stack. Like a
> firebreak, you can never prevent fires, but you can at least limit the damage
> when they do occur. Unfortunately I don't see this happening too soon, both
> because MS aren't exactly at the forefront of implementing security features
> (it took them how many years to add the most basic popup-blocking?), and
> because of liability issues - adding virus throttling would be an admission
> that Windows is a petri dish.
Duh. So viruses would fix the stack.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
