From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <46abee0349bc972af8d87c15a1815507@plan9.bell-labs.com> From: David Presotto To: 9fans@cse.psu.edu Subject: Re: [9fans] re: spam filtering fs In-Reply-To: <200309070156.h871ucj14201@augusta.math.psu.edu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-ebihkelkqmezywsmcmunwftwuc" Date: Sun, 7 Sep 2003 08:35:59 -0400 Topicbox-Message-UUID: 2e307fe8-eacc-11e9-9e20-41e7f4b1d025 This is a multi-part message in MIME format. --upas-ebihkelkqmezywsmcmunwftwuc Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit You're going to have to derive a canonical form of the message so that you have something to sha1 that won't change as it traverses the network. Not hard, just need a definition. Something that includes the important headers (From:, Sender:, Reply-to:) and the body would be enough. You might want to worry about making cr-lf == lf. Then you need a way to add the signature. I'm happy with an S/MIME attachment but some people here hate S/MIME. Then you need a database of shared keys. If it were public key encryption, you could put the public half on a shared server but since these are secrets, we have to keep them to ourselves somewhere. Finally, you need a way to introduce yourself to someone and give them a token. This is always the hard part. PGP sort of solves it with trusted places to leave the public key and by passing notes that are fingerprints of the public keys. Of course, the easier you make this, the easier it is for the spammers to insert themselves. Anyways, by the time you're done, you've defined PGP. Why not use PGP? If you're trying to be simple, you don't need their encryption (which hardly anyone uses anyways) or their complicated rules for trust relationships. Then you have exactly what you're asking for and you stay compatible with some part of the world. --upas-ebihkelkqmezywsmcmunwftwuc Content-Type: message/rfc822 Content-Disposition: inline Received: from plan9.cs.bell-labs.com ([135.104.9.2]) by plan9; Sat Sep 6 21:57:27 EDT 2003 Received: from mail.cse.psu.edu ([130.203.4.6]) by plan9; Sat Sep 6 21:57:24 EDT 2003 Received: by mail.cse.psu.edu (CSE Mail Server, from userid 60001) id 5B15B19AF7; Sat, 6 Sep 2003 21:57:13 -0400 (EDT) Received: from psuvax1.cse.psu.edu (psuvax1.cse.psu.edu [130.203.16.6]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id F22B219AEE; Sat, 6 Sep 2003 21:57:08 -0400 (EDT) X-Original-To: 9fans@cse.psu.edu Delivered-To: 9fans@cse.psu.edu Received: by mail.cse.psu.edu (CSE Mail Server, from userid 60001) id 6AAC119AEC; Sat, 6 Sep 2003 21:56:40 -0400 (EDT) Received: from math.psu.edu (leibniz.math.psu.edu [146.186.130.2]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 87DD319AE0 for <9fans@cse.psu.edu>; Sat, 6 Sep 2003 21:56:39 -0400 (EDT) Received: from augusta.math.psu.edu (augusta.math.psu.edu [146.186.132.2]) by math.psu.edu (8.9.3/8.9.3) with ESMTP id VAA08561 for <9fans@cse.psu.edu>; Sat, 6 Sep 2003 21:56:39 -0400 (EDT) Received: from augusta.math.psu.edu (localhost [127.0.0.1]) by augusta.math.psu.edu (8.11.6+Sun/8.9.3) with ESMTP id h871ucj14201 for <9fans@cse.psu.edu>; Sat, 6 Sep 2003 21:56:38 -0400 (EDT) Message-Id: <200309070156.h871ucj14201@augusta.math.psu.edu> To: 9fans@cse.psu.edu Subject: Re: [9fans] re: spam filtering fs In-Reply-To: Your message of "Wed, 03 Sep 2003 01:48:45 EDT." <005f01c371df$0e59d5c0$2c9ce541@bl.belllabs.com> From: Dan Cross Sender: 9fans-admin@cse.psu.edu Errors-To: 9fans-admin@cse.psu.edu X-BeenThere: 9fans@cse.psu.edu X-Mailman-Version: 2.0.11 Precedence: bulk Reply-To: 9fans@cse.psu.edu List-Id: Fans of the OS Plan 9 from Bell Labs <9fans.cse.psu.edu> List-Archive: Date: Sat, 06 Sep 2003 21:56:38 -0400 X-Spam-Status: No, hits=-1.0 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Dave wrote: > I'ld rather not have to keep a secret and a counter for everyone I want to > exchange mail with. Messages get lost and reordered so at the very least > I need to accept some range of possible sha1ings. I also want to accept > mail from people I haven't talked to before but have proved to someone else > that they aren't spammers. I'm happier with the /mail idea than this one. Then I reiterate my second suggestion: [...] Or, and even simpler, take the token and sha it with the contents of the message. The token itself doesn't show up in any archives anywhere, and the scheme is immune to problems with bounces getting sequence numbers out of whack, and you get some modicum of integrity checking on the message itself. A way around the client problem is to build it into the MTA (but the MTA's on both sides have to support it). An alternative to this is to provide a nonce in the SMTP transaction or in header, and the result of the HMAC of the nonce keyedwith the secret shared between client and sender. We've already started doing things like this with the ESMTP AUTH stuff; MAL FROM: now has an ``AUTH'' parameter that can be hung off of it. We could add a NONCE field, too. RCPT TO: can take an AUTHSIG or something, which is some sort of signature on the nonce value. We could add an RFC822 style header called `Integrity: ' that contained the base64 encoding of both the nonce and the signature in the form, : (where is the hashing algorithm used for the HMAC construction). Ron had written: > yeah but ... I don't even want the data coming into my machine. Is that > covered too? I really want to get these spammers rejected instantly, > which is why i liked the file system idea. [Note: I really enjoyed Geoff's colorful description of the spam problem subsequent to my reply to this....] I've been thinking about this, and come to some conclusions. First, that one has to do whatever it is one decides to do within the context of SMTP or ESMTP. While importing a filesystem would be a nice, elegant solution, it's just not realistic. And the reason is that it's not us that's the problem, but everyone else, and everyone else is firmly mired in the religion of the Internet, which says that SMTP is the one true way to do mail. So, sucky though the protocol is, if you want to do something that has real impact in the next one to two years, you have to do it within the context of the pre-existing theology. I don't like it, but there it is. Anyway, given that, I really think the simplest way is to do is to append some sort of signature to a email in the SMTP transaction, but it doesn't have to be nearly as complex as PGP or S/MIME; something simpler is going to raise the bar sufficiently to thwart a lot of the spammers forever. Just doing an HMAC of a nonce, keyed with a shared token, is going to stop a lot of the garbage that currently filters through. - Dan C. --upas-ebihkelkqmezywsmcmunwftwuc--