From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu From: "Douglas A. Gwyn" Message-ID: <3F7492D1.C25B1060@null.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit References: , <0ab301c3837f$0acf0310$6400a8c0@dell01> Subject: Re: [9fans] ISP filtering - update Date: Mon, 29 Sep 2003 09:11:25 +0000 Topicbox-Message-UUID: 54de093a-eacc-11e9-9e20-41e7f4b1d025 Frankly, that only works to a limited degree, because the problem is that communicants in whom you initially have trust are being used as proxies by the virus; whatever authentication is done will have to accept what a proxy sends you. Full authentication might allow you to build an "ignore" list when you see you have received a virus from infected hosts, but you'll end up with millions of entries in that list, after you have flagged millions of pieces of spams. Not a solution. If the authentication was really good *and* absolutely required embedding of all source identities in an irrevocable way, one could at least nail down the identity of the *originator* of a virus; but even that doesn't work since the proxy *is* the originator. The only mechanism I know of that can overcome that problem (which is much like a "man in the middle" attack) is to use "capabilities" with absolute enforcement down to the lowest levels. Even then it seems that one could always simulate the hardware and in effect create fake hosts that *originate* on some proxy host, meaning that that is as far back as you could trace them. If you try to build a "ring of trust" a la PGP, the moment there is one breakage by anyone in the ring, the whole ring becomes infected and untrustworthy. Even replacing SMTP with a new protocol for which an official rule would be, no active enclosures, doesn't work, because Microsoft would go ahead and do as they have done in the past, namely tunnel active elements into their mail readers, making their hosts proxies for viruses. Perhaps trying to solve this problem via technology is much like trying to eliminate terrorists by killing mature ones rather than indoctrinating potential ones. I.e. the root cause is social, not technical, and since a good solution would need to deal with the cause, we need to better raise our youth so they aren't inclined to engage in such activity. Of course there would still be the professional terrorist and career criminal to deal with, but they started out as youth and formed their value systems then, for the most part, so that is still where we need to concentrate attention. I frankly don't think it's going to happen, thus this problem is never going to be solved.