Date: Tue, 28 Sep 1999 22:43:46 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: brett@lariat.org (Brett Glass) Cc: tlambert@primenet.com, alk@pobox.com, gary@eyelab.psy.msu.edu, chat@FreeBSD.ORG Subject: Re: On hub.freebsd.org refusing to talk to dialups Message-ID: <199909282243.PAA12513@usr07.primenet.com> In-Reply-To: <4.2.0.58.19990924172733.047be8c0@localhost> from "Brett Glass" at Sep 24, 99 05:34:22 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Terry: > > In your message below, you express disapproval of both the DUL and > authentication. Unfortunately, the solution you DO propose does not > appear to solve the problem of hit-and-run attacks from throwaway > dial-up accounts (for which the ISP would need to provide > certificates -- or use its own and risk having it voided if someone > sent spam). Yes, you're right. Just as authentication with someone who intends to violate your acceptable use policy doesn't prevent the violation, it only allows you to take action against them to prevent additional abuse. > Many other questions arise, too, including: > > What authority issues the certificates? One contractually obligated to not issue certificates to SPAM'mers; someone who operates on the basis of looking data up in the RBL database, for example. > What if one is stolen? A legitimate user whose certificate is > stolen could lose vital mail. Yes, just as a legitimate company whose mail server is used as a relay can find themselves in the ORBS database. > People don't take the time to sign PGP keys now. Will they be willing > to go through the hassle of signing e-mail certificates? They will if the certification process is transparent for older servers, and automatic for newer ones. Newer servers would insist on having a valid certificate, and would only grudgingly allow you to operate without one (and then, you'll only be able to talk to people so long as the certificate authority would be willing to sign the certificate on your behalf). > For us, the DUL seems to work quite well; I, for one, have never lost > a legitimate e-mail because of it. And I watch the logs. The problem with the DUL is that it is biases against a technology, rather than being biased against those who would abuse it. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909282243.PAA12513>