[LINK] Minister warned on p*** filters

steve jenkin sjenkin at canb.auug.org.au
Tue Jan 1 19:08:46 AEDT 2008 

Bernard Robertson-Dunn wrote on 1/1/08 2:50 PM:
> Minister warned on p*** filters Yuko Narushima January 1, 2008 SMH
>
> http://www.smh.com.au/news/national/minister-warned-on-####-filters/2007/12/31/1198949746454.html
>
>
>
>
>
>

[LONG]

It never ceases to amaze me, the Pollie attitude to P**n and 'Spam'
& it's friend, malware.

P**n is "bad, bad, bad" and Pollies show very high interest -
including policy & legislation.

Lots of angst & trashing around about eradicating something that
2,000+ years of writing/publishing shows can't be
controlled/legislated away.  The physical publishing world & (cable)
TV show that the *only* effective is means of control is to
allow-but-license.
Same as tobacco. Never going to eradicate, only control.

Unless every page is 'classified' at source (meta-tags),
an unforgeable internet 'proof-of-age' card is created,
there are criminal penalties for subverting the system, forging
identities or mis-classifying pages,
there are no legal jurisdictions outside 'the system' [e.g. on the
high-seas],
*and* all browsers enforce 'the rules' - and browsers can't be
built/written to ignore them:
[I think that's a list of sufficient & necessary conditions],

Only then will there be the *technical* means to control, not
eradicate, 'restricted content'.
i.e. It's *impossible* to eliminate 'restricted content', and provably
so...


Meanwhile, Spam & malware that rides on it, consumes vast amounts of
resource and via malware, damage.
Spam is a quadruple whammy:
  - uses capacity of links & servers
 - consumes PC resources in botnets
 - wastes admin & firewall time/resources
 - wastes recipients time/resources

Nobody has ever made a public case that 'spam' is beneficial to anyone
but the organised crime rings that enable it.
I'm even unconvinced that the suckers who try to peddle their wares
through spam make anything.
I'd also guess many sales are with card-fraud... [no information on that]

For me, this is a classic case of 'inversion' - the Pollies rail
against that which can't be controlled and is of limited impact, and
ignore a high-impact problem that could be controlled.

In the late-80's, "junk fax" was a real and growing problem.
It almost completely evaporated after a British case where the plaintiff
sued for the cost of the paper used... [can't find the reference]
There are now strong "junk fax" laws in the UK and USA.


'spam' *could* be eliminated via technical means, and in a reasonably
short time despite the many previous attempts/progams..
Or perhaps, because of them - what won't work is getting more clear.

Some reasons 'spam' continues to be a problem:
 - "Walled gardens" don't work.
 - No single approach is going to work.
 - Like 'art', there is no universal definition and not everyone
   considers all spam to be evil...
 - SMTP over port 25 can never be 'spam free', even with schemes like
   DomainKeys etc ... because:
   - the sender identity can be spoofed trivially. it can't be
    positively authenticated/certified.
   - any IP number can act as an MTA
   - message headers can be spoofed trivially
   - the original message content can't be verified.
 - but probably because it is not illegal everywhere and
   perpetrators are difficult to bring to book.
 

'spam' exists solely because of tassid assumptions made in 1980 (RFC 772)
[X.400 1984/88 made the same assumptions.]
 They followed from years of uucp & Usenet experience:
 - 'hosts' are controlled, and by responsible administrators
 - Only trustworthy/certified UA & MTA programs are used.
 - Only MTA's assign message headers. Spoofed headers from a malicious
   UA will be discarded.
 - All MTA's can be trusted. [Hosts that are MTA's can be authenticated]
  - user identities cannot be forged. (breaking into an account is
   different)
 - rogue users cannot access privileged functions - like send/recv on
   port 25.
 
These assumptions were all invalidated when the first DOS PC was
connected to the Internet.


The characteristics of any 'solution' to spam:
 - there will always be unverified port 25 traffic.
   It cannot be eliminated, but can be dropped by firewalls.
 - An End-to-End solution is required for
   verified/authenticated messages.
 - these two goals are incompatible.
 - verified messages can be sent out to the 'port 25' addressees
 - no perfect scheme exists to 'untaint' inbound 'port 25' messages
 - The following are needed:
   - positive user authentication - by UA and 1st-MTA
   - non-spoofable message headers & verifiable content.
   - only known/trusted MTA's allowed. eg. issued X.509 certs
   - 1st-MTA rejection of invalid messages
   - global identity revocation of rogue MTA's and users
 - selectable sender identities
 - user selectable network - trusted messaging or wild-wild-web

If all the elements in "junk e-mail" - originating machine, user
identify, 1st-MTA - can be definitively identified & owners traced, then
existing "spam" laws could be enforceable in the same way that "junk
fax" legislation has been highly successful.


And the results will be the same, even in a 'trusted messaging' world:
    *Good*, but never perfect.

In Real Life, people are devious and always testing ways to make a quick
buck.

Caveat: There are already many tightly controlled messaging environments.
The rate of "junk messages" reduces with the tightness of control, the
severity of penalties and the formality of usage rules.


-- 
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin

More information about the Link mailing list