Data dissemination vs spam and phishing
By avalon on May 11, 2007
Recently a slashdot article pointed out that a video had been published of a talk presented by Van Jacobson (VJ header compression for modems, TCP congestion, etc) on where the future of the Internet lies and how it will be about data dissemintation.
The talk was quite interesting to listen into and it lays out an interesting future for networking and indeed I can see it heading in the direction he was alluding to, using said technologies except for one thing: nothing in what he presented will do away with spam or wipe out phishing attacks like he alluded to.
Simply being able to associate spam with a specific sender will not solve the problem. Spam is possible because it makes use of the design of email that allows anyone to send email to anyone else. Let me digress for a bit.
In essence, spam is just email from "someone else" that you don't want, be it about drugs, stocks or something else. In other countries around the world where access to the mailbox isn't restricted to the Government backed postoffice organisation, spam existed in another form before email - as junk mail. Letterboxes would be filled with pamphlets from Safeway, etc, telling us about their weekly specials. The real difference between that and spam via email is that printed material and having it delivered has a very definite cost associated with it.
So back to it. In VJ's talk, he explores what things might look like if we move to a data dissemination model, where I declare what I'm interested in and someone replies that I can authenticate. He seems to prefer a model of authentication that is similar to PGP's web of trust rather than something such as X.509 certificates. That's all well and good but it still doesn't cater for the problem that spam exploits: email makes it possible for people unknown to you to easily contact you and in the event that it was, it's highly likely that at some point the web of trust would include those sending spam. Now maybe for a lot of people, such as your mother or grandmother, this works - they're only really interested in receiving email from people they know (ie are inside their web of trust) but for those of us in the open source world where random people email us, this doesn't work.
Another topic that VJ mentioned this would defeat is phishing. I don't see how. Phishing exploits human naivity by presenting something to us that isn't what it says. Again, if you can limit who sends you email to be only those within your web of trust, fine, maybe you stand to benefit, but if you can't then there is none. Why?
If I digitally sign an email using a public key that links back into Verisign and put in it content that tells the user to go to some random page that looks like their bank, what would fail an automatic verification? And if you trust me to send you that, then what? What makes phishing possible is that it exploits the human brain believing something to be what it isn't - an illusion if you like. No amount of digital signing or verification of electronic content is going to be able to usurp the brain's power to decide that something is benign when it actually isn't. That most phishing attacks are delivered via spam implies that if you can stop spam then you can reduce phishing attacks.
Today I could eliminate spam/phishing style emails by simply saying only put email in my inbox if I say this email address is ok ahead of time or if I have sent the sender an email. This still leaves me open to forged email headers but it would cut down on the influx significantly and more importantly, it doesn't require a new paradigm for networking.