On Fri, 20 Feb 2004, Iljitsch van Beijnum wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 20-feb-04, at 2:15, Vernon Schryver wrote: > > > That sounds like the old "authentication solves spam" hope. It was > > wrong before SMTP-AUTH and it is still wrong. > > Guess what, it is impossible to "solve" spam the same way it is > impossible to "solve" burglary. At least with authentication you get to > have whitelists that work. If you get a message with my email address > in the "from" line it could be from anyone. If it is signed with my PGP > key you know it came from me personally or someone went through a LOT > of trouble to get access to my private key and the key phrase. > > The usefulness of authentication could be further extended by building > a web of trust where people vouch for the fact that others aren't > spammers. Obviously spammers will slip through from time to time, but > anyone who spams or keeps vouching for spammers will be removed from > the web of trust. But even if this part doesn't work authentication is > still useful. It is useful only if you only get mail from a small, closed group of people, almost by definition, as I think Vernon and others have pointed out. I get mail from complete strangers all the time -- I'm a "known expert" on at least one of the lists that I'm on and random people mail me for advice and free technical consults. I also have extensive physics teaching resources up on the web and get email from random students all over the country. I have a couple of GPL projects in use by various people that I don't know, and get random mail from the unknown users. I get mail from friends of friends, from relatives who are completely clueless about technology in general and who would run screaming at the very mention of the words "electronic signature" or "encryption" (unless of course it were integrated into Microsoft Outlook). Most of this is mail that I could care less about being signed -- I wouldn't bother to validate the signature at all if it were and there was ANY WORK AT ALL involved in doing so. Nobody is arguing that electronic signatures aren't useful. Of course they are. So are bulletproof vests, armored cars, and bars on windows. So are armed couriers who carry messages in booby trapped briefcases handcuffed to their wrists. They are useful when your body, your money, your house are in a very hazardous environment or there is something of great value at stake. They are just very >>expensive<< measures, in both money and human time and hassle. In some cases, expense and hassle or not, they don't work. Bars on windows are all very well but not when somebody kicks in your door, copies your key when the car is in the shop, or when there is a fire and you need to get out of a window or die. And they're ugly. This is all about cost-benefit and the realities of the messy, chaotic, ignorant world of mail users the world around. In nearly all cases the cost-benefit of signing or encrypting all messages and maintaining strict, reliable lists of ALL your correspondants' keys is overwhelmingly negative. The work involved vastly exceeds the work required to merely delete spam that makes it through ordinary intelligent filters, and the filters don't require any sort of massive database of keys that would probably neither succeed in its purpose or scale if it were built. Even when it isn't obviously negative -- for example when I'd very much like to be able to send in grades at Duke via email, which is obviously only possible if the messages are electronically signed, as this would definitely save me a few minutes of work a semester -- surprise surprise, turns out that the registrar's office wouldn't know an electronic signature if one was dangled in front of their face, the university has no centralized database set up for keys, if it DID have such a database and the registrar's office DID understand electronic signatures, it would still need mind-numbingly transparent tools for its essentially untrained office staff to be able to read my email containing grades and authenticate the signature. Number of clicks <= 1. Training required = none. Signing and/or validating a signature to anyone on campus, known or unknown, would have to be reduced to one click (or none at all). We could do this but we don't. Why not? It is not because Duke is a "backwards institution" in terms of its IT -- quite the contrary, I think we do rather well and have even won awards that suggest that others agree. It is because the cost of setting all of this up EVEN with (at this point) a decent campus wide IT infrastructure, a SISS database from peoplesoft, and campus wide authentication mechanisms and user-specific control over access to database fields, the OPPORTUNITY COST of making all of this work is greater than the cost of making me find a fax machine or walk the grades over to the registrar's office. They might do it somedayfor other reasons, but it is of limited utility in the grand scheme of things relative to its cost for NEARLY ALL PURPOSES so it won't be soon. Now, if it is not going to happen right away in this relatively small, relatively advanced technical environment because of a lack of apparent cost-benefit at an institutional scale, how exactly is this going to scale to the entire Internet? There one doesn't even have the underlying universal kerberos-based authentication scheme (so that we can know who is who from the point of view of accessing resources) or integrated database (so a known individual can access data they are entrusted with). And if one DID, what database is going to robustly scale to 10^8 entries distributed globally, at what cost? And finally, IF you built it, would it work or would somebody metaphorically just kick your door down, copy or steal a key, or cut a hole through your cheap wooden walls? Would you find yourself unable to see through your windows for the bars and shutters and deprived of light and air from outside, would you be unable to get out in case of a fire, would you discover that your non-tech wife and kids can't figure out how to solve the puzzle lock you installed on the front door and are forced to live in a tent on the front lawn? These are metaphors, sure, but they are pretty good ones. My wife, at least, has a hard time dealing with email at all, given that she types with two fingers and is somewhat luddite in her general world view, and she is CAPABLE relative to a lot of people who manage to use email. Note that this is NOT ABOUT PROTOCOLS. As you have so aptly demonstrated, it is entirely possible to sign messages already with open source tools that are nearly universally available. NOTHING prevents people from developing new tools and integrating existing tools to make all of the above happen automagically and transparently except that commercial vendors don't think that they'll make any money for it if they do, and open source software developers (who WILL eventually solve this problem without any sort of guidance) tend to be driven by at least a degree of personal need. So far the tools have advanced to where a computer expert can use them, and nobody has invested the energy to make those tools idiot proof and fully integrated, although there are some who are working on it. I'm not about to sign messages to this list because (lacking those tools) it is a PITA to do so, nor do we have each other's key data so in any event I cannot verify that this is actually from you or you from me. We may never meet. I may not know anybody that you know that I would trust to "sign your keys". This doesn't matter. WITHOUT keys, I trust that I'm replying to mail that really is from you (whoever you are:-) and am glad that we can communicate clearly and "reasonably" confidently without the cumbersome burden of keys. We could even get to be quite good friends without meeting and without key exchange (I certainly have many good friends I only "know" from email exchanges). The only advantage of signed mail is for me to be sure that mail from you is really from you. Lacking a universal and all-encompassing list of keys of possible correspondants, however, I still have to look at all my mail as I might get unsigned mail or mail from people that whose signature I cannot validate or whose signature it is too much trouble to validate. Furthermore, it is generally pretty obvious when mail from people I DO "know" is really from those people -- my wetware neural network is really, really good at reading their "signature" from what they type, especially when I can look at headers, call them on the phone, carry on a continued conversation with them if I am in any doubt. I have a harder time recognizing people I know on the phone than I do in an email message. Signed messages have a purpose that is worth the effort for a tiny fraction of all email communications, under the same general conditions as the metaphor of the briefcase and handcuffs above or when a real signature would be appropriate. When information that MUST be kept private is mailed, when data is mailed that MUST be validated against a particular individual with legal force. If anything does drive the development of a reasonably scalable (institutional level, at least) electronic signature/encryption scheme it will likely be things like HIPPA. Duke may not care much about protecting/validating my gradesheet when there are simple alternative secure channels for its delivery, but it is likely to be forced by federal law to care about protecting/validating hospital data in transit, and the cost of hand delivery and moving paper everywhere (which has security risks of its own) is much higher. The nonlinear constraint of a federal mandate and possibility of legal suit creates an opportunity cost advantage to making signatures and encryptions work which, in turn, is likely to drive real developers, both commercial and noncommercial, towards engineering a real solution. Laws DO matter and CAN drive technical innovation. rgb > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (Darwin) > > iD8DBQFANdJTN+eEORsfxOYRAkk1AKCuNlZC3Te7VsC7UTiVcHu9CTGrBgCdFjAJ > 5v4Y06Kl7UosCH6d9OJpvII= > =eFuO > -----END PGP SIGNATURE----- > > -- Robert G. Brown http://www.phy.duke.edu/~rgb/ Duke University Dept. of Physics, Box 90305 Durham, N.C. 27708-0305 Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb@xxxxxxxxxxxx