[LINK] Minister warned on p*** filters
sjenkin at canb.auug.org.au
Tue Jan 1 19:08:46 EST 2008
Bernard Robertson-Dunn wrote on 1/1/08 2:50 PM:
> Minister warned on p*** filters Yuko Narushima January 1, 2008 SMH
It never ceases to amaze me, the Pollie attitude to P**n and 'Spam'
& it's friend, malware.
P**n is "bad, bad, bad" and Pollies show very high interest -
including policy & legislation.
Lots of angst & trashing around about eradicating something that
2,000+ years of writing/publishing shows can't be
controlled/legislated away. The physical publishing world & (cable)
TV show that the *only* effective is means of control is to
Same as tobacco. Never going to eradicate, only control.
Unless every page is 'classified' at source (meta-tags),
an unforgeable internet 'proof-of-age' card is created,
there are criminal penalties for subverting the system, forging
identities or mis-classifying pages,
there are no legal jurisdictions outside 'the system' [e.g. on the
*and* all browsers enforce 'the rules' - and browsers can't be
built/written to ignore them:
[I think that's a list of sufficient & necessary conditions],
Only then will there be the *technical* means to control, not
eradicate, 'restricted content'.
i.e. It's *impossible* to eliminate 'restricted content', and provably
Meanwhile, Spam & malware that rides on it, consumes vast amounts of
resource and via malware, damage.
Spam is a quadruple whammy:
- uses capacity of links & servers
- consumes PC resources in botnets
- wastes admin & firewall time/resources
- wastes recipients time/resources
Nobody has ever made a public case that 'spam' is beneficial to anyone
but the organised crime rings that enable it.
I'm even unconvinced that the suckers who try to peddle their wares
through spam make anything.
I'd also guess many sales are with card-fraud... [no information on that]
For me, this is a classic case of 'inversion' - the Pollies rail
against that which can't be controlled and is of limited impact, and
ignore a high-impact problem that could be controlled.
In the late-80's, "junk fax" was a real and growing problem.
It almost completely evaporated after a British case where the plaintiff
sued for the cost of the paper used... [can't find the reference]
There are now strong "junk fax" laws in the UK and USA.
'spam' *could* be eliminated via technical means, and in a reasonably
short time despite the many previous attempts/progams..
Or perhaps, because of them - what won't work is getting more clear.
Some reasons 'spam' continues to be a problem:
- "Walled gardens" don't work.
- No single approach is going to work.
- Like 'art', there is no universal definition and not everyone
considers all spam to be evil...
- SMTP over port 25 can never be 'spam free', even with schemes like
DomainKeys etc ... because:
- the sender identity can be spoofed trivially. it can't be
- any IP number can act as an MTA
- message headers can be spoofed trivially
- the original message content can't be verified.
- but probably because it is not illegal everywhere and
perpetrators are difficult to bring to book.
'spam' exists solely because of tassid assumptions made in 1980 (RFC 772)
[X.400 1984/88 made the same assumptions.]
They followed from years of uucp & Usenet experience:
- 'hosts' are controlled, and by responsible administrators
- Only trustworthy/certified UA & MTA programs are used.
- Only MTA's assign message headers. Spoofed headers from a malicious
UA will be discarded.
- All MTA's can be trusted. [Hosts that are MTA's can be authenticated]
- user identities cannot be forged. (breaking into an account is
- rogue users cannot access privileged functions - like send/recv on
These assumptions were all invalidated when the first DOS PC was
connected to the Internet.
The characteristics of any 'solution' to spam:
- there will always be unverified port 25 traffic.
It cannot be eliminated, but can be dropped by firewalls.
- An End-to-End solution is required for
- these two goals are incompatible.
- verified messages can be sent out to the 'port 25' addressees
- no perfect scheme exists to 'untaint' inbound 'port 25' messages
- The following are needed:
- positive user authentication - by UA and 1st-MTA
- non-spoofable message headers & verifiable content.
- only known/trusted MTA's allowed. eg. issued X.509 certs
- 1st-MTA rejection of invalid messages
- global identity revocation of rogue MTA's and users
- selectable sender identities
- user selectable network - trusted messaging or wild-wild-web
If all the elements in "junk e-mail" - originating machine, user
identify, 1st-MTA - can be definitively identified & owners traced, then
existing "spam" laws could be enforceable in the same way that "junk
fax" legislation has been highly successful.
And the results will be the same, even in a 'trusted messaging' world:
*Good*, but never perfect.
In Real Life, people are devious and always testing ways to make a quick
Caveat: There are already many tightly controlled messaging environments.
The rate of "junk messages" reduces with the tightness of control, the
severity of penalties and the formality of usage rules.
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA
sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the Link