Actually the fundamentalism is not having such a great time on the net. Fundamentalism is a reaction against modernity, it is the people who are trying to turn the clock back. The noise they make is the result of desperation, not a sign of success.
Take the Christian Coalition. There is no real risk that they will return to the days when they could tell the networks to dump SOAP or face a boycott. Today the networks are far more afraid of Aravoisis than they are of the Christian fundies.
And the desperation of Rowan Williams is merely another sign of the same trend. The guy is so desperate he is looking to make common cause with other 'people of faith' despite the obvious fact that the principal tenet of their particular faith is to grind his faith into the dust.
Albatros @ 154
I don't think that the needs of government identification are as different from the needs of stopping email spam as you do, but only because the traditional approach to PKI does not work too well in its intended application domain either.
There are virtually no strictly hierarchical PKIs on the original PEM model in real world applications. Those that are are limited to very specific domains.
The web of trust model is also problematic at scale. Unless you have nodes of very high degree the minimum diameter of the trust graph becomes unacceptably large with millions of users due to the Moore bound. So what we actually use are hybrid models.
Oddly enough, it sounds as though you're suggesting that the best way to deal with spam is to pay somebody so they can 'do business' ... a practice that the mob was quite adept with.
Actually not, I was suggesting that most busineses can cope with the issue of spam quite happily signing their email with DKIM without third party accreditation of the signature key. That is what DKIM does.
The 'bias' I have here is that if TTP acccreditations are to be used they have to add value. They cannot be simply a toll imposed on the use of the protocol whether they add value or not.
VeriSign does not offer a product of this type. From a strategic point of view my only commercial interest is that the market makes a decision. The company can make money regardless of what the choice is, but there must be a choice.
As for who a 'legitimate' company is: any company that accepts accountability. So if they give a real name and address where process can be served they are probably not a bulk spammer. Bulk spammers who give their name and address should expect some communications from some lawyers I know.
But the bigger value of third party accreditation is if you want to block certain phishing attacks. IE you want to be certain the email is from the US government. I proposed this in 1996 and implemented it on the Whitehouse communications linker long before I joined VeriSign.
xeger @ 26: I don't think the problem is the choice of roots, it is the idea that the only form of authentication that is valid is ultra-high assurance.
In DKIM we essentially dispensed with the need for a traditional PKI with certificates and such. Its a key centric model on the XKMS model, not a Kohnfelder model. You stick your email signing key in your DNS zone as a TXT record, easy, over and done with.
Thats perfectly OK for many users and uses. It allows us to build a critical mass of DKIM signers and verifiers. Third Party Authentication then comes as a value add where the third party is on notice that they have to demonstrate value.
So for example, you get email from a company you have never heard of, they sign their mail. You have no reputation data for them, what do you do? Today the only real option is content filtering which is inevitably error prone. Or consult some third party accreditation provider which is expensive if you have to pay. Better to have the sender pay for an accreditation by an accreditation provider that can demonstrate a trustworthy track record.
If an email is sent by a legitimate company that is willing to disclose a real physical address where process can be served the chance that they are a spammer is very small. 98% of all the spam being pumped out today is being sent by hard core out and out criminals. There is very little grey.
Receivers can choose the trust providers they accept in this application by performance. If they deliver an accurate indication that accredited senders have a low probability of spam it will be easier to accept the mail they send. If they don't add value their credentials can be ignored.
Accountability must be 360 degrees to work. That includes trust providers.
Actually there have been some phishing attacks targeting the INS part of the DHS, some quite old. It isn't a very common lure but it is certainly used.
And the first ever spam to be called such was the infamous Canter and Seigal 'Green Card' lottery scam which asked $75 for a service worth at most $0. So attacking the INS might be considered the original Internet con, albeit (barely) legal.
The underlying problem here is that the Internet lacks an effective authentication infrastructure for email. We have protocols (S/MIME, DKIM) but have not yet established their use as the default mode of sending mail.
[Would write more but Mrs dotCrime Manifesto says that this is a comment not a book plug, if it was I would mention that The dotCrime Manifesto: How to Stop Internet Crime is now available from Amazon but as it isn't I won't.]
Remember the old electrician's trick.
Drill ONE hole, if you do not hit a stud insert a piece of stiffish wire and twirl it arround till you hit the stud.
Of course, best to do this with a plactic insulated piece of wire if you are working in an older house that has peg and ball electricity run in it.
We will have to start calling them the neo-conned.
Seriously folks it was common knowledge that Chalabai was a complete crook ever since he was convicted of embezzlement in Jordan. It was obvious to anyone not blinded by wishfull thinking that no Arab leader is going to ever going to support Israeli occupation of Palestine.
This whole episode reminds me of Stalin's shock and horror when he discovered Hitler had double-crossed him. The neo-conned believe that merely sounding tough is enough, Stalin was a mass murderer on the same scale as Hitler and Mao and he was still duped.
The Iranian connection was always suspected, but if Chalabai was actually an Iranian front from start to finish it shows an astonishing level of confidence on the part of Iran. Far from being intimidated by the neo-conned they must have been utterly contemptuous of Bush.
This is actually a completely different class of bug to the buffer overrun bugs that are often reported in Microsoft code (and are endemic in almost programs written in C or C++, including most of the Unix O/S).
There is a work arround for the spaces issue, so yes you can run rm -f / if you know how, so fix the damn thing before the work arround is more widely known (and don't bother asking me what it is you don't need to know).
Think that bad? I work for a security company. We buy another security company, guy working at company we just bought starts telling me about his tax fiddle.
Of course this might just be deliberately bad advice on the theory that his chances go up if he can persuade others to self destruct. Kind of like the advice that the plotters give to Malvolio in Twelth Night to wear his stockings cross gartered, a style that my lady hates.
Odd that this comes out of FSU, I had some strange things happen out of FSU a long time back. Seems to me to be the type of place where they don't exactly care about what their faculty get up to, so why would they care about mere employees?
This news just in... ABC will pre-empt the GOP convention this year to show instead Triumph of the Will
An ABC spokesperson said, "We thought of doing the usual thing but then we thought how much better to show the original?"
This is not the sort of thing a bunch of amateurs think up for themselves, but taking photographs is.
The lack of supervision is like the dog who did not bark. Why didn't the senior officers visit the prisons they were responsible for? The most obvious reason is that they knew what was going on and wanted to make sure nobody could accuse them of knowing.
I think that the reason they put Lt General weepie in charge is because they knew she was easily intimidated and could be kept out of the interogation wing. Replacing her with Miller appears to me to be another signal - the guards implicated know that Miller ran exactly the same regime at Gitmo, he is in it with them.
During the conservatives bleat over the ICC they made a big deal about US servicemen being brought up in front of it. One wonders what the situation would be now if any of the Ab Ghareb guards came up before the ICC. The Pentagon is still insisting that the contractors it hired are not subject to military justice and are therefore not subject to any justice at all. Kinda hard to insist on immunity from the ICC when the US refuses to put these criminals on trial.
I think this is the start of the scandal not the end. The first photos came out because the Pentagon tried to make 6 reserve soldiers carry the can. The father of one of them gave the photos to CBS through Hackworth (having first tried to give them to Bill O'Rielly).
I don't expect the administration to start arresting senior officers, they will start at the bottom, still clinging to the claim that this was an isolated incident. They will start off by charging some NCOs who make public the claim they were following orders. That will force the admin to charge junior officers who will turn on the seniors, and so on all the way up the chain of command.
The coverup won't work because everyone knows that a Kerry administration is a real possibility and they will have no reason at all to recognize the deals made by the previous admin. Its every man for himself.
The other videos will inevitably come out, as will the rapes and the coverups. It is now known that senior members of the administration were warned of the state of the prison long before any attempt was made to stop it.
The next step will be to ask Powell how many reports from the red cross etc. he received on the torture, how many times he warned Rumsfeld, Wolfowitz and of course Bush about them.
| Year | Number of comments posted |
|---|---|
| 2008 | 4 |
| 2007 | 2 |
| 2004 | 6 |
Total: 12 comments. View all these comments on a single page.
The most recent 20 comments posted to Making Light by Phill:
Show all comments by Phill.