Re: covert channel and noise -- was Re: proposal ...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Dean Anderson wrote:
> 
> A covert or sneaky channel is merely one in which the communication is
> //not authorized by the security model// It has nothing to do with
> readability or detectability. 

To be useful for its covert purposes, a covert channel should not be easily 
detectable as a covert channel -- in our case, spam should not be easily
detectable as spam.  Thus, it has to do with readability and detectability. 

That's why, as a matter of logic, we should agree that if the message can 
be detected/read by the intended recipient then it's not in a covert 
channel (anymore). This does not imply that if the message can NOT be detected/read by the intended recipient then there is NO covert channel.

> In yet other words: you whack-a-mole when you find one, but you can't say
> that there aren't any moles. It is not a game you can win. 

That's where we disagree -- if I can make it harder/slower for the other 
side to set up moles than it is for me to find them, I will win.

> We now have a legal process to use against abusers

someone must have said the same for anything we have a law for...
including theft...and yet we do find it useful to lock our cars, no?

In many residence areas, mailboxes have no key and anyone can open
them and insert rogue mail, bombs, etc. This is the same way that your
email address works today. Anyone can put email in your emailbox and,
if they're clever enough, spam filtering in your personal MUA or at the 
MTA will not help. You will receive spam. You say this is not a game
you can win... "there is little that can be done."

In some residence areas, however, mailboxes have no mail slot. The mailman 
has a key to the mailbox and needs to use it in order to insert mail. The 
box owner has another key and uses it to retrieve mail. This still does
not prevent you from receiving a letter laced with anthrax, but it
gives us a good metaphor for improving email: We need to be able to control 
receiving what is posted to us based on the trust/authorization we associate 
with the poster AND the message. In other words, if we have no reason to trust
the poster or the message, we should be able to impose a burden as high as we 
desire on the poster (including no burden).

The decision what to accept or reject should happen at the recipient's MTA 
(preferably) or MUA in interaction with the purported sender's MTA and MUA. Also, to be effective, this should not depend on a user's list of current  
v****a-like words. Providing a barrier for accepting email (i.e., a putting
a selective lock in your email box) is neither a legal issue nor an user 
issue -- is an IETF issue. By using suitable PK encryption for end-to-end 
email privacy (including crypto-puzzles), I suggested we can offer such 
spam burden at no added cost to the user.

I advance that in the old DARPANET days, spam protection was provided
by DARPA, because DARPA could locate and disconnect any user who abused 
the system, and everyone knew it. That's why there was no need to design
email in any other way than what is today, with open mail addresses. 
However, today, the Internet is an open system and there is no way to 
locate and effectively disconnect abusers. The abusers will just continue 
to route around, seeking zero friction to posting, until we put in place 
a better system just like the postal mail had to do, laws notwithstanding.

Cheers,
Ed Gerck


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]