[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Replay attacks and ISP business models

To: "Michael Thomas" <mike@xxxxxxxx>, "John Levine" <johnl@xxxxxxxx>
Subject: RE: Replay attacks and ISP business models
From: "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>
Date: Sun, 7 Aug 2005 17:27:38 -0700
Cc: <ietf-mailsig@xxxxxxx>, <andy@xxxxxx>
List-archive: <http://www.imc.org/ietf-mailsig/mail-archive/>
List-id: <ietf-mailsig.imc.org>
List-unsubscribe: <mailto:ietf-mailsig-request@imc.org?body=unsubscribe>
Sender: owner-ietf-mailsig@xxxxxxxxxxxx
Thread-index: AcWbioDfIFnoPf8/SayshhCmkbysUgAI6J8w
Thread-topic: Replay attacks and ISP business models

> [mailto:owner-ietf-mailsig@xxxxxxxxxxxx] On Behalf Of Michael Thomas

> I agree. I think that the thing that really ought to
> be proven here is whether "replay" is a real threat or
> not. At this point, it is purely academic and I think we
> have a pretty spotty track record of determining what the 
> miscreants next steps will actually be.

You might. But actually the events of the past few years have been tracking some predictions pretty closely. 

Sure the bad guys will respond with a replay attack at some point, but as has already been explained at some length it is a softball attack that is not going to tax anti-spam schemes of any scale. 

The principle challenge in establishing a free anti-replay scheme is that generating the critical mass to redo DCC in an open fashion without the censorship issues is not really going to be possible until after the attack occurs. But by Web standards it is not a very difficult or complex collaboration.

I do NOT want to start on a standards effort for that area NOW because there is another area that is growing rapidly that might well provide some important and useful leverage. If you have been following blogspam you will know that comment and trackback spam are big issues for the blogosphere. Moreover the naīve DCC approach is an absolute non-starter in such a partisan environment.

While I do not want to prejudge the technology infrastructure that is applied to control blogspam it is pretty clear that the final solution will look something like a federated version of the slashdot moderation scheme. I don't at this point know if the federated identity scheme would be based on SAML, WS-Federation or something else entirely. Nor would I at this point take a stand insisting on a particular approach.

Although I am pretty confident that we can anticipate the attack profile for the next 2-3 years with reasonable accuracy I am not yet at a point where I would want to make any commitment to what the technology infrastructure for meeting that attack profile will be.

Follow-Ups:
- Re: Replay attacks and ISP business models
  - From: wayne

Prev by Date: Re: Replay attacks and ISP business models
Next by Date: RE: Replay attacks and ISP business models
Previous by thread: RE: Replay attacks and ISP business models
Next by thread: Re: Replay attacks and ISP business models
Index(es):
- Date
- Thread