Date: Wed, 29 Sep 1999 00:43:42 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: jdn@acp.qiv.com (Jay Nelson) Cc: tlambert@primenet.com, chat@FreeBSD.ORG Subject: Re: On hub.freebsd.org refusing to talk to dialups Message-ID: <199909290043.RAA15943@usr07.primenet.com> In-Reply-To: <Pine.BSF.4.05.9909281814250.622-100000@acp.qiv.com> from "Jay Nelson" at Sep 28, 99 06:55:01 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> >That's "balkanization", as in the division of the balkan states > >between nations at the end of World War II to prevent reuinification > >and thus the potential of another Hitler. > > I understood the use of the word, but it's irrelevant to the internet > and the problem of spammers. I think you missed the point. This issue > is this: everyone of us _pays_ for our own connection the network. > While everyone has a right to speak, _no one_ has a right to not only > force me to listen, but to force me to pay for it as well. Granted, and you have the right to not listen to illegitimate traffic. I think it's stupid to say that traffic from a dialup server is definitionally illegitimate. I think it's much more reasonable to say that traffic from a dialup server with a valid, current certificate is legitimate. > >It's a cure which is often worse than the disease. We build networks > >to communicate, and then we hobble them because we are unwilling (or > >simply too lazy) to deploy appropriate technology to prevent them > >from being abused. > > We build networks to communicate as we choose. We don't spend the > money and effort so suzie@tits.com can dump junk on our machines > and enjoy the benefit of our investment. This isn't some damned > social love fest. Many of us are willing to prevent our networks > from being abused -- and we don't need fancy technology to do it. Non-"fancy" technology (are you aware when X.509 was standardized?) tends to tar everyone with the same brush. It's indiscrimant between diabolical offendors and legitimate users. Only an idiot shoots people to prevent them from drinking untreated water "for their own protection". Dynamic IP addresses are a legitimate cost control technology. In some areas of the world, i.e. Europe, they are mandatory, or close enough that it doesn't matter. > If that is what you consider "balkanization", then so be it. I see no > reason to be "unified" with _any_ source of spam. In fact, I would > submit that the spammers and skript kiddies have reasonably well > corrupted whatever the original design goals may have been. Actually, the implementation of technically inferior approaches to "solving" the problem is what has corrupted the original design goals, to with: to be able to survive a national or global catastrophe, and continue to function (i.e. the mail gets delivered). > The question now is: what do we do about it? We implement apropriate technology, and we speak up in public forums when "script kiddies" use "scripts" that are supposedly somehow morally superior due to their stopping abuse, while at the same time damaging the Internet. We get technical people who actually _know what the hell they are doing_ to implement technological soloutions that are designed to prevent pervision from their intended purpose. > >> Your credentials idea is more abominable than the spammers. It would, > >> in fact, be one more trackable datum that would surely be abused by > >> government pinheads with too much time on their hands. > > > >Nonsense. All it would say is that "This credential belongs to domain Y, > >which is not (yet) a known source of SPAM; this credential expores on > >date YYYY-MM-DD-HH-MM-SS". > > And, as you've nearly admitted in another mail, adds very little to > preventing abuse. It's equivalent to asking a burgler for his driver's > license before opening the door. No, it's equivalent to having him targeted in your sights, in case he is a burglar (as opposed to blowing his head off, in case he is a burglar, and checking after all the bodies in the room have stopped twitching). > Besides -- how is your credential notion any different than the RBL in > preventing abuse? If I've identified the machine responsible for > sending the abuse and can easily block it, what's the value of > verifying that the name I'm blocking is, in fact, the name that > I'm blocking? Because that name could move to a different IP address and SPAM you again. If you block by IP, then you have to do technologically stupid things, like assume the guilt of an entire class of IP addresses merely because they _might_ be abused without you knowing the true identity of the sender (something you didn't know because you implemented a technically inferior soloution based on an assumption of guilt). If, on the other hand, you have a certificate on hand, you can say "please revoke this certificate, and cost this SPAM'mer real money". This also makes it so you don't have to do stupid things like complain to an ISP, and have the complaint "handled" with "all due process", all the time the SPAM'mer is continuing to SPAM other people. Putting the control in the hands of a central authority (or authorities; you could choose to respect multiple certificate signatories; try to do an exclusion list with ORBS, the DUL, or the RBL) negates this latency, and negates the possiblity of a "rogue ISP" requiring multiple latencies to clean up after a SPAM. > >If the government wants this information, it can run "nslookup" > >against the RBL database, using any of the millions of machines the > >governemnt owns, after doing a "getpeername()". > > Hmm... again, you've missed the point. I doubt the govt cares about > the spammers;) Your point was that somehow, a certificate scheme requires an equation with personal identity, rather than merely DNS identity. This is the same mistake you are making when you try to equate an IP address with identity. At least domain name assignements are publically accessible. It is well known that MSNet use address blocks for which there are no reverse delegations back to them (for example). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909290043.RAA15943>