IETF Logo Mail Archive

Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter

Otmar Lendl <ol@bofh.priv.at> Fri, 22 February 2008 21:18 UTC

Return-Path: <rucus-bounces@ietf.org>
X-Original-To: ietfarch-rucus-archive@core3.amsl.com
Delivered-To: ietfarch-rucus-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5083A28C1D1; Fri, 22 Feb 2008 13:18:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.901
X-Spam-Level: *
X-Spam-Status: No, score=1.901 tagged_above=-999 required=5 tests=[AWL=-2.662, BAYES_00=-2.599, DRUGS_ERECTILE=1, DRUGS_ERECTILE_OBFU=1.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, MANGLED_VIAGRA=2.5, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lNZO73+ykmr6; Fri, 22 Feb 2008 13:18:51 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 741FC3A6866; Fri, 22 Feb 2008 13:18:51 -0800 (PST)
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 244A13A6866 for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 13:18:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q-hJj2ADXk-v for <rucus@core3.amsl.com>; Fri, 22 Feb 2008 13:18:50 -0800 (PST)
Received: from mail.bofh.priv.at (fardach.bofh.priv.at [88.198.34.164]) by core3.amsl.com (Postfix) with ESMTP id 359613A6819 for <rucus@ietf.org>; Fri, 22 Feb 2008 13:18:50 -0800 (PST)
Received: by mail.bofh.priv.at (Postfix, from userid 1000) id E104E4D605; Fri, 22 Feb 2008 22:18:44 +0100 (CET)
Date: Fri, 22 Feb 2008 22:18:44 +0100
From: Otmar Lendl <ol@bofh.priv.at>
To: rucus@ietf.org
Message-ID: <20080222211844.GC1983@bofh.priv.at>
References: <C3E0C78D.4346A%Quittek@nw.neclab.eu> <3A86FA4E-6D4A-43FE-B380-6676CD4BCD90@voxeo.com> <47BEB721.8040305@gmx.net> <5F6519BF2DE0404D99B7C75607FF76FF53DB8D@mx1.office>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <5F6519BF2DE0404D99B7C75607FF76FF53DB8D@mx1.office>
User-Agent: Mutt/1.5.13 (2006-08-11)
Subject: Re: [Rucus] [spitstop] Botnets, take 2... Re: Draft RUCUS charter
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <rucus.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rucus-bounces@ietf.org
Errors-To: rucus-bounces@ietf.org

On 2008/02/22 13:02, Saverio Niccolini <Saverio.Niccolini@nw.neclab.eu> wrote:
> 
> > Let's take an example:
> > When Henning's host is compromised and a bot is using 
> > Henning's account to send me spam then I would contact 
> > Henning (by using various ways) to tell him that something is 
> > wrong with his PC/phone/etc. I would not tell my VoIP 
> > provider that there is something wrong with Henning's account. 
> > Typically, this will lead to more problems rather than less 
> > -- such as no communication to Columbia University anymore 
> > because my VoIP provider just blocks all calls from that domain.
> > 
> > (Just to reflect my experience with email problems in the company....)
> 
> You do not contact Henning directly to tell him that something
> is wrong. You have to rely on your infrastructure to take the
> necessary countermeasures otherwise it is the anarchy...

No, not when strong identity is used. Just translate the scenario
to email: when I receive a PGP-signed mail (using a trusted key)
from a friend which contains a typical spam (V!ag_ra, 419, ...) then
I'll phone him up to tell him that he has a security problem.

> That is why exchanging reputation of identities (as perceived by
> end-users or domains) is an important building block.

Yes, it can be helpful to simplify the initial contact problem. 

Positive reputation is useful, negative one will just lead to
the spitter getting a new account.

> Such reputation system (one of the points of RFC 5039) can be built
> using mechanisms like feedbacks:
> http://tools.ietf.org/html/draft-niccolini-sipping-spam-feedback-00
> and spam scores:
> http://tools.ietf.org/html/draft-wing-sipping-spam-score-01
> of course there are privacy issues that apply (but this is 
> a problem of reputation systems as well) :-)

Another trouble here is that if you want worldwide calling based on
a reputation system, you also need a reputation system which is used
worldwide and not a plethora of these. 

Who will be trusted to run it?

/ol
-- 
-=-  Otmar Lendl  --  ol@bofh.priv.at  -=-
_______________________________________________
Rucus mailing list
Rucus@ietf.org
http://www.ietf.org/mailman/listinfo/rucus

v2.23.0 | Report a Bug | By Email