nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New hijacking - Done via via good old-fashioned Identity Theft

From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 6 Oct 2010 23:12:24 -0400
On Wed, Oct 06, 2010 at 10:14:27PM +0000, Sven Olaf Kamphuis wrote:

(keep in mind, each sender gets a unique password from the receiver,
this can be stored in the address book along with the email address
itself).


I'd like to see the I-D which explains how this is going to work,
with particular attention to (a) how the passwords will be exchanged
without using email (b) how it's going to handle the O(N^2) scaling and
(c) how it's going to work in an environment with at least a hundred
million compromised systems -- that is, systems that are now owned by
the enemy, who thus also owns the contents of all the address books
stored on them...including all the passwords.  I think once these
issues are addressed it will be only a small matter of implementation
to convince everyone to swiftly move to a different protocol for mail.

---rsk
Previous By Date Next
Previous By Thread Next

Current thread: