From: Dan Cross <cross@math.psu.edu>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] re: spam filtering fs
Date: Tue, 2 Sep 2003 12:08:32 -0400 [thread overview]
Message-ID: <200309021608.h82G8Wj21273@augusta.math.psu.edu> (raw)
In-Reply-To: Your message of "Tue, 02 Sep 2003 09:56:05 EDT." <3c71aba4e63ff62b9994dfa980885f02@plan9.bell-labs.com>
> Another way of achieving authentication for email is to implement and
> use S/MIME or PGP. I'm not sure either that or "import ... /mail" solves
> the computational cost of spam if the bad guys create invalid signatures,
> but it does make a white-list filter more effective.
I see the two as complimentary. Just because you're securing the contents
of the wagon by wrapping them in a patrol of the King's men-at-arms doesn't
mean you shouldn't also endeavor to clear out the highway robbers.
> Any volunteers to implement S/MIME for Plan 9? A couple of us here at
> Bell Labs have worked on it off and on, but there aren't enough free
> hands here to get it done promptly. Step one is to implement CMS (also
> known as PKCS#7 or rfc2315) starting from the ASN.1 goo in
> /sys/src/libsec/port/x509.c or, if you prefer, by porting an ASN.1
> compiler.
Help! I'm melting!
> By the way, I've happily used PGP for many years but decided that S/MIME
> was more likely to catch on because it is already moderately well
> supported by default in Outlook and Netscape/Mozilla.
I thought there was an effort to merge OpenPGP and S/MIME in some way?
S/MIME requires a lot of scaffolding to use effectively; PGP has a much
lower startup cost. That said, I'm not a big fan of either. Most
people don't need that level of privacy (despite what they may think,
no one's out to get them and the FBI could care less about their D&D
campaign plans). For cutting down on spam, this seems like cutting
butter with a chainsaw. A much simpler method would be to just put an
X- header with some sort of agreed upon token into one's email. Is it
secure? Not really, no, but it'll defeat 99% of the wannabes, and
that's a lot of bang for the buck. Of course, either would be nice to
have for other reasons (everyone knows the government *really is* out
to get Boyd, for instance...).
A way to exchange tokens: instead of doing it via email, generate an
image for an unknown user, put it on a public web server somewhere, and
send them a URL. Once they get there, have them send back a
description of the image and then send them a token. This defeats
auto-harvesters that are smart enough to send you back a reply to our
``send this string back if you're not a spammer'' token. This will
work for a while until the spammers start to implement image
recognition software.
- Dan C.
next prev parent reply other threads:[~2003-09-02 16:08 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1270037699@snellwilcox.com>
2003-09-01 15:45 ` steve.simon
2003-09-02 1:43 ` ron minnich
2003-09-02 1:53 ` boyd, rounin
2003-09-02 1:58 ` ron minnich
2003-09-02 2:04 ` Skip Tavakkolian
2003-09-02 2:15 ` boyd, rounin
2003-09-02 2:12 ` boyd, rounin
2003-09-02 2:00 ` boyd, rounin
2003-09-02 13:56 ` Eric Grosse
2003-09-02 16:08 ` Dan Cross [this message]
2003-09-02 21:28 ` boyd, rounin
2003-09-02 22:16 ` david presotto
2003-09-02 22:36 ` ron minnich
2003-09-03 0:59 ` Dan Cross
2003-09-03 1:50 ` Geoff Collyer
2003-09-03 3:35 ` Micah Stetson
2003-09-03 12:43 ` boyd, rounin
2003-09-03 12:41 ` boyd, rounin
2003-09-03 5:48 ` david presotto
2003-09-07 1:56 ` Dan Cross
2003-09-07 4:04 ` ron minnich
2003-09-07 5:34 ` Dan Cross
2003-09-07 8:51 ` boyd, rounin
2003-09-07 19:34 ` ron minnich
2003-09-07 12:35 ` David Presotto
2003-09-07 19:05 ` Dan Cross
2003-09-07 20:15 ` boyd, rounin
2003-09-08 2:22 ` Geoff Collyer
2003-09-08 5:21 ` Lucio De Re
2003-09-08 9:45 ` boyd, rounin
2003-09-03 12:37 ` boyd, rounin
2003-09-03 14:09 ` matt
2003-09-03 13:42 ` Russ Cox
2003-09-03 16:21 ` Dan Cross
2003-09-03 7:38 ` Fco.J.Ballesteros
2003-09-03 7:59 ` Lucio De Re
2003-09-03 8:24 ` Fco.J.Ballesteros
2003-09-03 12:03 ` boyd, rounin
2003-09-03 19:54 ` David Presotto
2003-09-03 21:26 ` boyd, rounin
2003-09-04 5:42 ` Lucio De Re
2003-09-04 6:15 ` George Michaelson
2003-09-04 6:10 ` Lucio De Re
2003-09-04 6:31 ` George Michaelson
2003-09-04 14:07 ` ron minnich
2003-09-03 14:27 ` ron minnich
2003-09-02 15:57 ` Dan Cross
2003-09-01 20:31 matt
2003-09-03 9:13 lucio
2003-09-03 10:09 ` Lyndon Nerenberg
2003-09-03 12:25 ` boyd, rounin
2003-09-04 4:57 ` Lucio De Re
2003-09-05 1:43 ` boyd, rounin
2003-09-05 1:52 ` David Presotto
2003-09-05 2:17 ` boyd, rounin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200309021608.h82G8Wj21273@augusta.math.psu.edu \
--to=cross@math.psu.edu \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).