RE: [Asrg] (no subject)

"Mark McCarron" <markmccarron_itt@hotmail.com> Tue, 01 July 2003 16:04 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05733 for <asrg-archive@odin.ietf.org>; Tue, 1 Jul 2003 12:04:50 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h61G4Px16540 for asrg-archive@odin.ietf.org; Tue, 1 Jul 2003 12:04:25 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XNcG-0004Ih-Sz for asrg-web-archive@optimus.ietf.org; Tue, 01 Jul 2003 12:04:24 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05721; Tue, 1 Jul 2003 12:04:19 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19XNcD-00060j-00; Tue, 01 Jul 2003 12:04:21 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19XNc8-00060g-00; Tue, 01 Jul 2003 12:04:16 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XNaw-00049B-J4; Tue, 01 Jul 2003 12:03:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XNad-00045h-6y for asrg@optimus.ietf.org; Tue, 01 Jul 2003 12:02:45 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05619 for <asrg@ietf.org>; Tue, 1 Jul 2003 12:02:38 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19XNaa-0005z4-00 for asrg@ietf.org; Tue, 01 Jul 2003 12:02:40 -0400
Received: from bay8-f77.bay8.hotmail.com ([64.4.27.77] helo=hotmail.com) by ietf-mx with esmtp (Exim 4.12) id 19XNaJ-0005yJ-00 for asrg@ietf.org; Tue, 01 Jul 2003 12:02:26 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 1 Jul 2003 09:00:46 -0700
Received: from 62.252.196.90 by by8fd.bay8.hotmail.msn.com with HTTP; Tue, 01 Jul 2003 16:00:44 GMT
X-Originating-IP: [62.252.196.90]
X-Originating-Email: [markmccarron_itt@hotmail.com]
From: Mark McCarron <markmccarron_itt@hotmail.com>
To: danny@apache.org, asrg@ietf.org
Subject: RE: [Asrg] (no subject)
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"
Message-ID: <BAY8-F77V2D1U46wgRs0001a8d0@hotmail.com>
X-OriginalArrivalTime: 01 Jul 2003 16:00:46.0203 (UTC) FILETIME=[EEC084B0:01C33FE9]
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 01 Jul 2003 16:00:44 +0000

Thanks for your comments.  My response are in the body of the message below. 
  This post relates to the 'GIEIS' system viewable here at:

http://homepage.ntlworld.com/giza.necropolis

Updates will be carried out this evening.

Mark McCarron.


>From: "Danny Angus" <danny@apache.org>
>To: "Mark McCarron" <markmccarron_itt@hotmail.com>,<asrg@ietf.org>
>Subject: RE: [Asrg] (no subject)
>Date: Tue, 1 Jul 2003 14:33:57 +0100
>
>Mark McCarron wrote:
>
> >  SMTP is a dying
> > protocol, imagine what it would be like in 10 years?
>
>Erm .. I don't think that is quite correct, surely?
>I know that IM is growing in popularity and I wouldn't be surprised if SMTP 
>was loosing "market share" but to describe what must be one of, if not the, 
>most widely used internet protocols as dying is preposterous.
>
>Perhaps you could back up your claim with evidence, I'd be happy to eat 
>humble pie if you're right.
>

Mark's Response:

SMTP is a dying protocol.  It was never designed to handle the current flow 
of email on the Internet nor provide the security for it.  As long as SMTP 
exists, spam, virus', worms and trojans will only grow on the Internet to an 
unbelievable level.  Every resolution has been attempted and failed.  Let me 
make this crystal clear for everyone, SMTP cannot EVER be secured.  We are 
rapidly coming to the point were email would be withdrawn completely.  This 
is not some idle threat, but a proposal seriously being considered.  Anyone 
who knows the technical side of SMTP, will tell you quite clearly that the 
protocol itself is to blame.  Spam accounts for 30% of all traffic on the 
Internet now, what percentage would it be in 10 years?


> > This will be easy enough.  There will be a period of transition.
> > Its not as
> > hard as everyone thinks.  I agree it will be a challange, but hey
> > come on,
> > its not rocket science.
>
>The science is not the hard bit, it is the cost. I'm sure we could come up 
>with a dozen really secure mail protocols from the expertise on this list 
>alone. Do you imagine that updates for every piece of mail software will be 
>made available free it might not be available at all for some systems if 
>you can't write it yourself, or that the admins who have to install and 
>manage it will do so without incurring cost?
>

Mark's Response:

As I stated before and you can try this for yourself, the cost of 
implementing 'GIEIS' would be exceeded by the loss to business by keeping 
the SMTP protocol.  Allow me to demonstrate this clearly for everyone.  
Yesterday, I calculated (at ciphertrust.com) that 1000 employees, earning an 
average of $15,000 per year, recieving 20 spam messages a day would result 
in losses of $31,250.  Now, America has approx.  300 Million inhabitants, 
lets say 2 thirds of the population are not affected by spam in the 
workplace.  That still leaves us with 100 Million who would be.  Now we'll 
assume that their average wage would be $15,000 per year (very reasonable 
assumption), if it cost 1000, $31,250, then it costs $31.25 per person, per 
year. $31.25 multiplied by 100 Million is $3,125,000,000 per year.  This is 
just for America alone.  'GIEIS' could absorb $1 Billion per year and still 
make business a substantial profit.  Oh, and one other point, I haven't even 
begun to add on the cost of virus', trojans, etc.  Therefore, 'GIEIS' has 
complete financial justificaton.

Also, a protocol alone can NEVER secure email.  That is impossible.  It 
needs an architecture such as 'GIEIS'.



>On a home user basis it may be trivial but in the wicked world of business 
>any such change would cost a packet, look at the cost of installing y2k 
>patches.
>


Mark's Response:

Yep, but it was done.



> > The system we tested it on was a private network, also, it wasn't
> > using the
> > full aspects of the 'GIEIS' design.  It was just a feasibility
> > test and it
> > responded well, in fact, 100%.
>
>100% of what? did you try to break it, did you try to fool it, what happens 
>to mail if you launch a DOS attack on the token server?

Mark's Response:

Dos (denial of service) does not work on every machine.  Proper security 
measures eliminate this threat.  Dry run 'GIEIS' for yourself, its 
unbreakable.


>
> > alone.  For those of you who remember MSN started out as an x.25 network
> > without any pop3 servers.  If I remember correctly they were a
> > form of IMAP
>
>AFAIK MSN used to provide SMTP "kick" whereby the act of logging into the 
>network provoked the SMTP server to attempt to deliver your mail to you. I 
>may be wrong though.

Mark's Response:

SMTP is an outgoing mail server not incoming.  I think your referring to the 
pop 3 server which would have been in 1998/1999.

Mark McCarron.

_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! 
http://www.msn.co.uk/messenger


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg