LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Protecting the infrastructure...

David Boyes <[log in to unmask]>

Sun, 9 Jul 1995 19:29:12 -0500

text/plain (56 lines)

I said:
> > Realistically, as the unwashed masses get net access, it's only going to
> > to get worse. Stopping it now is essential, while the problem is relatively
> > small. In a year, it's not going to be a small problem any more.
> David, may I ask you - you say stopping it now is essential; how is
> that?  Is there a way to stop it?
 
On reflection, there probably is no way to completely stop a
determined bozo from doing something he shouldn't; escalating
measures and countermeasures soon leads to doing nothing but
devising better mousetraps instead of improving things for the
legitimates. The main reason I think it's important to address
hardening the infrastructure against this sort of thing ASAP is
simply the sheer numbers of people it will have to serve in the
coming months and years.
 
Historically, the net population has been a tiny fragment of
society, generally well-educated, technologically literate, and
essentially rational. With the commercial online services like
AOL and Compuserve adding literally dozens of users each day --
and a population connecting that is generally not part of the
historical demographics -- the infrastructure has to take on the
role of protecting itself against misuse. Gentleman's agreements
are no longer sufficient -- software must be designed to offer
significant resistance to misuse. Eric's "spam detector" is a
very good beginning. Usenet news is probably the next likely
candidate to have some significant defensive programming applied
to it -- probably a similar method to what Eric has employed with
nontrivial checksums applied to articles, along with a complete
redesign of how moderated newsgroups are handled.
 
> I was thinking that if there were some (virtually) unbreakable encryption
> scheme to map each email address uniquely into a password number, then
> this number could be stored on the users account - non-readable by
> others.
 
A nice idea, but not deployable. Neither you or I control the end
user's machines, and it would require significant changes in the
network infrastructure, again, which we don't  -- and can't --
control. It also doesn't address the massive diversity of systems
connected to the global Internet -- and remember, it's got to
work everywhere.
 
The solution has to be in the network services, or, better yet,
in the network protocol suite itself. IPng has a strong
security/authentication service as part of the design, however
widespread deployment of IPng is still fairly distant, and still
doesn't address the peripheral connecting networks such as the
UUCP and NJE worlds, which will need to be addressed by gateway
software. LISTSERV is a major network service, and now can
protect itself fairly well, given appropriate network bandwidth
to allow propagation of the control information.
 
Now, if we can only convince the authors of C-News and get
something like this installed as widespread as possible...8-(.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM