Slashdot Mirror

← Back to Stories (view on slashdot.org)

Revising the Internet Email Infrastructure

Posted by michael on from the starting-over dept.

Lauren Weinstein writes "People For Internet Responsibility (PFIR) today released a white paper aimed at starting discussion and work to fundamentally revamp Internet e-mail systems to control spam, forgeries, and a range of other problems, while empowering e-mail users rather than ISPs." Excellent start.

8 of 311 comments (clear)

  1. Yeah, Right by sqlrob · · Score: 3, Interesting

    So, how long has IPV6 been out? How much of the net is converted?

  2. PIT/PCA Questions by Hayzeus · · Score: 5, Interesting
    I may be wrong, but what, exactly, is to keep spammers from becoming their own PCA? Why can't they simply generate PITs willy-nilly?

    Sure, ISPs can block PITS from unsavory PCAs, but what stops spammers from creating new, bogus PCAs as needed? If there are only a few "recognized" PCAs, doesn't this tend to concentrate power into a relatively small set of entities?

    --

    Roving Web-Teleoperated Robot
  3. Like all PKI schemes... by stevens · · Score: 5, Interesting

    ...it lives and dies by the efficacy of the CAs. If the CAs suck, then the credentials they send with email mean nothing.

    I like the idea, but I wonder which sort of orgs are going to be their "PCAs"? ISPs pretty much allow any comer onto their network, so giving all users a cert wouldn't stop people from making temporary accounts for spam.

    Perhaps the ease with which MTAs could cut off CAs (like cutting off domains) would help give incentive to ISPs (or whoever is the PCA) to crack down on their customer base, but that strategy is only marginally successful today. Why would creds make this strategy any better?

    Perhaps MTAs would be harder to config as open relays, because authn is required. But what percent of spam comes through open relays? If it's a big percentage, then this may help.

    Has anyone analyzed this scenario? I'd like to hear some informed thoughts on what sort of email regime we could expect if this were implemented.

  4. Too Bad. by dracocat · · Score: 3, Interesting

    I disagree, migrating from SMTP would not be THAT difficult. Give it a 3 year phase in or whatever, and people WILL change.

    Would you change your e-mail system if it eliminated SPAM? Thats what I thought.

    Now... Its just too bad that this is being done by People For Internet Responsibility (PFIR). Can't a real organization tackle this? Wouldn't something like this have a much better chance for success if a standards board were doing the white paper? Who is going to implement a suggestion by PFIR. Really.

    Oh well...

  5. Re:This is a total dead end. by Xentax · · Score: 4, Interesting

    I dunno -- when I read the paper, one big group of candidates that came to mind as potential PCAs are those very same end-user ISPs.

    That is, when you sign up for dialup, or broadband, or whatever services your ISP provides, you'd get access to their mail server, *including* Pits certified by that ISP for any messages you send via their mailservers (given that you authenticate with them, something POP3 and IMAP already support, right?). It certainly keeps a fair amount of control and influence in the hands of that ISP, but it doesn't *preclude* alternatives, and it WOULD make it easier for those ISPs to follow good/friendly practices.

    That way, any other ISP/mail provider who is willing to receive emails from *YOUR* ISP would deliver your mail. Should your ISP get a reputation for harboring spammers or other miscreants, any given mail provider can choose to simply reject your ISP as a valid certifier (or subscribe to a RBL-equivalent watchdogging the various PCAs, perhaps).

    Obviously an ISP as your (or one of) your PCAs wouldn't be for everyone. Obviously there'd be a bit of a setup challenge, as far as getting various ISPs and other mail providers to recognize each other as valid PCAs. But those aren't insurmountable problems.

    In fact, it sounds a lot like the SSL certification system (probably no coincidence). Hierarchical PCAs would certainly be one way to organize the solution...

    Xentax

    --
    You shouldn't verb words.
  6. Re:PGP by OrenWolf · · Score: 3, Interesting

    If I look at the GnuPG AUTHORS file, I count exactly ten (10) people who have contributed to the code outside of people doing text translations.

    Exactly how many people coded PGP? Do you even know? Can you say it was *less than or equal to 10?* is 10 "lots" in your view?

    Your point would be valid if it were not for the now-well-known fact that most opensource projects *do* have a core development team of only a few people - as discussed in the recent Mozilla Roadmap.

    I submit my belief that GnuPG is authored by *less* people than PGP, and by your own theory, given that more eyes *see* the code, though less people actually *touch* it, it would be *more* secure than the closed-source PGP.

  7. Sorry, encryption isn't a solution for spam. by Greger47 · · Score: 3, Interesting

    From their webpage:

    A key aspect of the Tripoli environment is the concept of a third-party certified, encrypted authentication token that would be cryptographically linked with every e-mail message. Within the Tripoli architecture, this token is referred to by the acronym "PIT" (Payload Identity Token, henceforth referred to as "Pit") and is at the core of Tripoli.

    It is anticipated that all Pits considered acceptable by the vast majority of all Tripoli-compliant software user would be digitally signed by one or more designated, trustworthy, third-pary authorities who would be delegated the power to certify the validity of identity and other relevant information within Pits.

    This doesn't add anything that S/MIME or PGP singed mail doesn't alrady do. And it will fail for the same reasons, putting the public key infrastructure in place is prohibitive.

    It worked for https at the expense of creating the VeriSign tax, but the number of https enabled websites are few compared to the number of people using e-mail.

    Ofcourse, if we bend over and hand over our e-mail to VeriSign we might finally de-throne Bill as the richest guy around...

  8. Re:PGP by cperciva · · Score: 3, Interesting

    Because obviously, you never make mistakes.

    It is entirely possible that my code contains bugs. However, I wrote it with an awareness of modern attack methods, which cannot be said of a certain commonly used ssl library; further, my code does exactly what I need it to do, and no more. ASCII armor, ASN encoding, and other features are sometimes useful, but I don't need them; by not including those I cut out a range of possible bugs.

    C'mon, this is an old one. It's been proven again and again that exposing crypto code to peer review is the only way to know that it's safe.

    That's not true. "Many eyes" does not necessarily mean that bugs will be found -- many security holes are found years after they were introduced. A much better approach is formal proofs.

    That said, see that link just above this post? My code is there; feel free to examine it.

    --
    Tarsnap: Online backups for the truly paranoid