Dean Anderson wrote: > > A covert or sneaky channel is merely one in which the communication is > //not authorized by the security model// It has nothing to do with > readability or detectability. To be useful for its covert purposes, a covert channel should not be easily detectable as a covert channel -- in our case, spam should not be easily detectable as spam. Thus, it has to do with readability and detectability. That's why, as a matter of logic, we should agree that if the message can be detected/read by the intended recipient then it's not in a covert channel (anymore). This does not imply that if the message can NOT be detected/read by the intended recipient then there is NO covert channel. > In yet other words: you whack-a-mole when you find one, but you can't say > that there aren't any moles. It is not a game you can win. That's where we disagree -- if I can make it harder/slower for the other side to set up moles than it is for me to find them, I will win. > We now have a legal process to use against abusers someone must have said the same for anything we have a law for... including theft...and yet we do find it useful to lock our cars, no? In many residence areas, mailboxes have no key and anyone can open them and insert rogue mail, bombs, etc. This is the same way that your email address works today. Anyone can put email in your emailbox and, if they're clever enough, spam filtering in your personal MUA or at the MTA will not help. You will receive spam. You say this is not a game you can win... "there is little that can be done." In some residence areas, however, mailboxes have no mail slot. The mailman has a key to the mailbox and needs to use it in order to insert mail. The box owner has another key and uses it to retrieve mail. This still does not prevent you from receiving a letter laced with anthrax, but it gives us a good metaphor for improving email: We need to be able to control receiving what is posted to us based on the trust/authorization we associate with the poster AND the message. In other words, if we have no reason to trust the poster or the message, we should be able to impose a burden as high as we desire on the poster (including no burden). The decision what to accept or reject should happen at the recipient's MTA (preferably) or MUA in interaction with the purported sender's MTA and MUA. Also, to be effective, this should not depend on a user's list of current v****a-like words. Providing a barrier for accepting email (i.e., a putting a selective lock in your email box) is neither a legal issue nor an user issue -- is an IETF issue. By using suitable PK encryption for end-to-end email privacy (including crypto-puzzles), I suggested we can offer such spam burden at no added cost to the user. I advance that in the old DARPANET days, spam protection was provided by DARPA, because DARPA could locate and disconnect any user who abused the system, and everyone knew it. That's why there was no need to design email in any other way than what is today, with open mail addresses. However, today, the Internet is an open system and there is no way to locate and effectively disconnect abusers. The abusers will just continue to route around, seeking zero friction to posting, until we put in place a better system just like the postal mail had to do, laws notwithstanding. Cheers, Ed Gerck