On Sun, 07 Jul 2002 17:19:40 -0700
Chuq Von Rospach <chuqui@plaidworks.com> wrote:
> On 7/7/02 12:37 PM, "J C Lawrence" <claw@kanga.nu> wrote:
>> Idealistic? Damned right, especially in these days of rampant mail
>> forgery.
> Of course, you now show yourself to be solving a symptom, not a
> problem, and you self-admit it. You ought to be working on fixing the
> issue of authenticating email addresses, because then a lot of these
> other problems come out in the wash.
Yeah, we've been down that road on this list and elsewhere. SMTP/TLS,
reverse auth, PKI infrastructures, yada yada. A whole lot gets solved
by providing mutual identity verification/authentication systems for
distributed systems even outside of mail. It is, simply, a hard
problem; technically, politically, and socially.
So, we band-aide.
> You just fishboned yourself to the KEY issue in your situation,
> whether you realize it or not. And the rest are symptoms of the larger
> problem.
Wouldn't be the first time. Heck, if correct targeting of causes were
all that's required we would have solved RTF, HTML, executable content,
privacy exposure, etc etc etc years ago.
> BTW, good luck. I've spent a number of evenings brainstorming this
> issue with really good geeks, and the problem simply gets more and
> more interesting, but not more solvable.
You too eh? I've had quite the coterie brainstorming this one getting
no further than, "Uhh, that's hard..." I'm hoping I can brainstorm it
down a bit more to the point of not totally sealing the door, but at
least making attempts to cross the threshold pretty damned obvious.
>> Unfortunately the line is not so clear.
> To you. Not to me.
> Stuff transmitted to the list that's dangerous needs to be
> neutered. To me, to put it bluntly, the issue of web bugs is pretty
> simple. If I find someone transmitting web bugs through one of my mail
> lists without permission, that person and domain is IP
> blackholed. Problem solved. There's no legitimate use for a normal
> user to be web-bugging email through a mail list they don't own -- so
> if I catch one, I will happily hang their head from a post on the wall
> next to the castle gate as an example to others. And that saves me the
> problem of trying to build technological solutions to a tough
> problem....
Problem:
Any content that is used to render a message that is also not local to
the message can be used retro-actively as a web bug. Doesn't really
matter what it is. Could be just the stationary settings, background
image, corporate logo, whatever.
It doesn't have to be a web bug at the time of posting. N weeks later
some twit can come along and just analyse their referrer etc logs etc to
effectively make it into a web bug -- all without the knowledge or
complicity of the original poster. Heck, it doesn't even have to be
someone in IS.
Yeah, the social hack you mention works. I run a similar social hack
control of commercialism on my main list with a similarly inclusive bald
threat. Its been quite effective. Even pointing vaguely in the general
direction of that screed has had sharp and salutary effects. I'd like
something a little closer to mechanically enforced, if only to make
cases of working around the controls explicitly obvious.
> And trust me, if someone tries it, someone on your list will be
> paranoid enough to catch it and tell you....
Quite possibly.
> Sometimes, you have to step back and realize that you can't out-geek
> everything. Sometimes, a public execution is the proper approach.
Yeah, been there, done that -- of all things for atrocious typoeing
(actually posting while drunk to be accurate). Quite snapped things
together in most remarkable ways outside of the general base typo rate
that all lists have.
<And no Shanon, that wasn't MUD-Dev. The MUD-Dev case (which was
otherwise identical) occurred in private>
A pillory can be a useful and educational thing.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Follow-Ups:
References:
|
|
