Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Update on mail bombing threats--not so funny

  • From: Vadim Antonov
  • Date: Fri Jan 10 16:04:36 1997

-----BEGIN PGP SIGNED MESSAGE-----


I told it many times already that the freedom of speech includes
not only right to speak but also right not to listen.

Internet is very good at the first part; and woefully indaequate
at the second.

Can it be fixed?  Of course.  But the first step in filtering out
those who are trying to push their unwanted speech on us is to
make sure they won't pretend to be somebody whose words we'd
want to listen to.

So -- the problem has two aspects: the first is authentication,
the second is defense against flooding attacks.   They are
closely related, but not identical.

The source address verification is powerful enough to get flood
attacks stopped.  It is still not enough to get rid of unwanted
messages.

The second line of defense should be digital signatures on messages,
certified by some authorities (what is "authority" depends on your
personal point of view -- you're free to choose whom to believe)
which to a some extent make sure that signatures correspond to
physical people.   Then you can just stop accepting any unsigned
mail (note that a reputable anonymous remailer would also check
signatures on incoming messages; and substitute them with its own).

There's no magic technology involved; this is just the problem of
how to actually implement it.  Until we do that we all live in
danger of having our name smeared if some jerk decides he's pissed
and posts some nazi propaganda, or threats, with a reputable person's
e-mail address.  I already was an antisemite, and an agent of KGB,
thank you very much.

Now, how about doing the right thing: make the NANOG list the
first one to require signed messages?  Somebody has to start.

- --vadim


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBMtaqSEDODjim2XUVAQFuBwP+N7JhLLT7yFcF8Se7XvfRd9DOPceAa0U5
vvnjbCCEZpq8xWh6H7cMyq3vZdQeFzYnCC6007PQt4AyodJ8DQC77RLL72YthHzz
/ZWQdbS7xlJQxsUAFQiZprpeW6cAExRwIiPrKimjx96kvBvufFPeOtLjhV1Vpalo
o4e+DHJRGbY=
=EMOb
-----END PGP SIGNATURE-----
- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.