On Tue, Jul 11, 2000 at 04:18:28PM -0400, David Marshall wrote:
>
> * Requiring mail be encrypted to a list key. The CDR nodes decrypt it
> and send it out unencrypted. This will totally eliminate the kinds
> of attacks we've been experiencing. Unfortunately, poor integration
> of PGP with mailers causes problems.
I like that one. You can subscribe ("subscrive") and receive the list,
but if you can't figure out PGP, you can't post. It'd reduce the number
of clueless posts, increase the use of PGP (or whatever mail-encrypting
technology you want to use) and increase the amount of PGP-encoded cover
traf����������messages.
I'm sure that Jim will call it censorship though.
The other problem is that all CDR nodes would need to implement it, otherwise
the attacker simply uses the ones that don't.
[..]
> * Reject mail from [EMAIL PROTECTED] This will eliminate some of
> the problem, but only temporarily. Attackers will start spamming
> other CDRs.
That's already happening, in fact the number of spams to
the other CDR nodes vs. toad increased greatly after I and other
people mentioned on the list that filtering out cpunks mail from toad got
rid of most of the spam...
--
Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5
Security consulting: security models, reviews, protocols, crypto.
