[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hardening lists against spam attacks

To: [email protected]
Subject: Re: Hardening lists against spam attacks
From: Bill Frantz <[email protected]>
Date: Wed, 1 Jan 1997 20:57:51 -0800
In-Reply-To: <Pine.LNX.3.95L01at.970101003317.4077B-100000@homebox>
References: <[email protected]>
Sender: [email protected]

I guess from reading Scott McGuire's message I should have described the
posting procedure as well as the token issuing procedure.  Here is what you
do to post:

Poster writes the post and include the token in the required place
(wherever that turns out to be).  Poster encrypt the message with the
list's secret key and sends it to the list.  Majordomo decrypts the
message, checks the token, and if the token check passes, sends the
plaintext of the message to the list members.

Important points:

(1) You do not need a secret key to post.  This feature allows you to post
from machines where you don't want to store your secret key ring.
(2) List members do not need PGP, only posters.
(3) People who want to post who can't due to local policy (e.g. no PGP)
have choices:
 (a) Get a real ISP and machine and become a first class citizen.
 (b) Send the post to someone who can post via private mail, explain
     the situation and ask to have it posted.

The principle reason for using PGP for posting is to protect the token from
theft.  I don't know a single-message, one-way protocol where a person can
show possession of a token without reveling it.  If there is such a
protocol, then PGP is no longer required.

David Molnar asks:
>In any case, what bogeyman are we worried about, anyway? Pseudonyms? This
>list is already full of 'em. That's nothing new. Forged messages? If you
>trust anything you read on the Internet...well.. Privacy? It's a public
>mailing list, and one which I have long respected for its tradition of
>openness and inclusion.
><casts nervous glance>

The bogeyman is flooding attack which make the list server effectivity
unavailable.  I have tried to preserve all the features he lists.


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
[email protected] | Pakistan. - me             | Los Gatos, CA 95032, USA

References:
- Re: Hardening lists against spam attacks
  - From: "Scott V. McGuire" <[email protected]>

Prev by Date: Cash-Grabber-Reversal !!!
Next by Date: stupid remailer-ignorant stud3nt caught by NY polic3
Prev by thread: Re: Hardening lists against spam attacks
Next by thread: Hardening lists against spam attacks
Index(es):
- Date
- Thread