[130634] in North American Network Operators' Group
Re: New hijacking - Done via via good old-fashioned Identity Theft
daemon@ATHENA.MIT.EDU (Rich Kulawiec)
Wed Oct 6 23:12:46 2010
Date: Wed, 6 Oct 2010 23:12:24 -0400
From: Rich Kulawiec <rsk@gsp.org>
To: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.64.1010062158550.28873@a84-22-97-10.cb3rob.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Oct 06, 2010 at 10:14:27PM +0000, Sven Olaf Kamphuis wrote:
> (keep in mind, each sender gets a unique password from the receiver,
> this can be stored in the address book along with the email address
> itself).
I'd like to see the I-D which explains how this is going to work,
with particular attention to (a) how the passwords will be exchanged
without using email (b) how it's going to handle the O(N^2) scaling and
(c) how it's going to work in an environment with at least a hundred
million compromised systems -- that is, systems that are now owned by
the enemy, who thus also owns the contents of all the address books
stored on them...including all the passwords. I think once these
issues are addressed it will be only a small matter of implementation
to convince everyone to swiftly move to a different protocol for mail.
---rsk
