R: R: R: [jdev] about spim techniques

Sander Devrieze s.devrieze at pandora.be
Sun Aug 28 04:29:51 CDT 2005


Op zondag 28 augustus 2005 00:31, schreef Tijl Houtbeckers:
> On Sat, 27 Aug 2005 23:01:15 +0200, Sander Devrieze
> <s.devrieze at pandora.be> wrote:
>
> Hi Sander, I admit to not reading carefully enough that what you were
> saying was actually in the context of the ideas you were suggesting.

np

<snip>
> Well, so what are you suggesting is a "whitelist" of certificate issuers
> (simuliar to the root CAs). What would be the criteria for a "jabber CA"
> to be on the whitelist? Will it be their responsibility to combat the spim
> or will that be the responsibility of those they issue it to?

Their task is to make it more expensive for spimmers. The system I am 
suggesting might need improvements of course. So they will be a small barreer 
(money or time to pay) for companies like Google or individuals to set up a 
Jabber server, but a huge barreer for people with bad intentions or people 
that are too lazy to keep their server up-to-date with the latest anti-spim 
features (as they will need to get every time a new certificate). Remark that 
when the "price" of a certificate is too low, the authority will lost his 
status of whilelisted certifier. So, also they will profit if they make it 
harder for spimmers to get a certificate, they might set up a blacklist of 
people that may not register, they might take legal actions against the 
spimmer (this will be probably only used by the commercial authorities),...

So the system is like buying a stamp (with money or some time) before you can 
connect a server to the _public_ network. This stamp will be useable to send 
a unlimited set of good letters, but if you want to spim (or do not stay 
up-to-date with anti-spim features), your stamp will become invalid and you 
need a new one. If you are a hardcore spimmer, the authorities will become 
more suspicious against you, and so the price (price of the certificate, 
time, maybe even lawsuits) will become higher. Remark that all this will 
happen automatically, just like prices increase when demand increases and 
when supply decreases in economy.

> If you choose the first, what will happen if a CA gets blacklisted? All
> their certificates become invalid? (in other words it becomes pretty
> pointless,it's just moving the problem up one level).

Yes, that is the part that maybe needs changes.

> If you go for the second, why not use existing certificates rather than
> introducing a new top level? Existing ones cost money (verisign, etc.)
> and/or effort (CAcert). You can even self sign and have others accept it
> (that's effort too).

Yes, I agree it is better to use existing authorities. As long as the system 
will be also open for other people that seems ok. E.g. assume there is an 
enthousiast community member that wants to be authority for home-brewn public 
Jabber servers, I don't think we should deny him: if he is suspicious enough 
before he give people a certificate, he will not loose his status of official 
issuer.

> The point is, if you're just gonna introduce accountability there is no
> point as long as our XMPP network itself has such low standards of anti
> spim measures and spim related techology (eg. spim detection: I seriously
> doubt any automated spam detection will work very well on spim).

The authority might require you for example to fix or disable in band 
registration before it gives you a certificate. Another requirement might be 
that you deny access to your server from spimming people. Remember that a 
server will not be blacklisted immediately when some user of it starts 
spimming; it should be a structural spim problem: many spim and no actions 
from the server admin to solve the problem after other servers pointed the 
server to the problem.

E.g. imagine that MSN and Google are on the public Jabber network, Google 
detects spim from MSN servers, Google contacts MSN in a private message to 
report the problem and claims damages if they not fix it before..., MSN do 
not solve the problem and do not pays the indemnifications, Google will 
report the spim problem to the authority, the authority will warn MSN that if 
it do not take actions that point 2.1 and 6.3 of the contract will become 
valid, Google also can make the spim problem public so that the press might 
solve the problem, finally the JSF Members (or some other instance), can 
decide to retract the license of the authority. The same can be applied for 
home-brewn Jabber servers but without all legal stuff (that depends on the 
authority you choose).

So in general: the market will create a pressure on public servers to deny 
spimmers and it will encourage servers to innovate on anti-spim features and 
to provide us with improvements to the protocols regarding anti-spim. All 
this will require less actions from the JSF.

> What 
> Google does is acountability at the user level (for Google Talk). And in
> the case of email, they use technology (spam filtering). That doesn't mean
> we can't do the same for Jabber *servers*,

The system I suggest will result that Jabber servers from individuals will 
need to take anti-spim efforts and if they don't and are lazy, they will be 
dennied from the public network. This anti-spam efforts can be:
* temporary disabling public registration
* incorporating anti-spim features in their public registration
* block the spimmers
* contact server implementators to wishlist anti-spim features (or send 
patches)
* contact the standards-jig list to wishlist protocol changes to fix issues 
that allow spim or to suggest new JEPs with anti-spam features
* asking money for an account
* punish spimmers harder

> however in practise I think 
> that will lead to a "federation" model where handpicked servers are
> whitelisted,

All servers that are very hard for spimmers will resist in the public network. 
The servers that can't provide a good protection against spimmers, will die 
(cfr. Darwin ;-) ).

> either at the individual level or in some orginazation. Not a 
> truly open model.
>
> So how could we make a truly open model? One possibility (as seen on this
> list) are the developing trust relationships, and "sharing" these in a
> FOAF like manner, or more effective spam fighting (cross server
> blacklisting for example, like often done with email).
>
> A less touched approach is taking the accountability to the user level, in
> a cross server fashion. I wouldn't like having to have an "account" of
> some sort (or another form of proving I'm a human and that I will behave
> on their server) on every server that I would have a friend on so I can do
> S2S,

I think it is enough if the server has a form to prove you are human during 
registration on the server. We can force admins doing this by the authorities 
system I suggest. If the admin do not prevent bots, he might get users 
sending spim and so he can loose his certificate to be allowed on the public 
network.

<snip>

> In short, I think introducing accountability for servera (by certificates
> or another method) is overrated as a solution for combatting spim (or
> spam). All it does is take the problem one level up (to servers) from
> where it really comes (users), which seems fine till the spimmers come in
> and suddenly a whole server gets blacklisted (and you see the problem also
> propagates to the next level). Same when you take it yet another level
> higher (whitelisting CAs).

I don't agree. If the server admin takes actions to solve the spim, he *never* 
will loose his certificate. If he is blacklisted because he did nothing, he 
is punished as he will loose users. If it is a commercial server less users 
means less earnings. So it is the money that finally drives them to be very 
hard for spimmers and help us with techniques to fight spim.

> The only real solution for a truly open network, where in reality you'll
> have "good" servers and "bad" servers (signed or not!) is combatting spim
> itself, by making sure it doesn't get send, and that when it does the user
> doesn't see it. There's nothing wrong with letting the servers take part
> of the work in doing that (that's the Jabber way after all) but since the
> problem is at the user level ultimatly I think part of it will have to be
> solved there. If you do it right "well behaving" users on decent secure
> "trusted" servers will have little hassle, and servers/users with a worse
> or more unknown reputation would have to go through more trouble. If you
> start excluding them, how can you still call it an open network?

It will be an open network with opt-in. The requirement for the opt-in is that 
you promis to not send spim to other servers. So it still will be fearly easy 
for me to set up my personal Jabber server and connect to the network. I only 
need to dissable public registration (also via a web form), and trust myself 
for not sending spim ;-)

I agree it will be harder for public servers for the mass (with public 
registration) as we need to require them to fight spim. I agree that we might 
have less public servers made by enthusiastic members of the community left 
afterwards. But it might result in more servers of providers, companies, and 
instant messaging companies. So this small fee can make a killer feature for 
mass adoption of Jabber/XMPP...providers even might want to send email over 
XMPP... ;-)

-- 
Mvg, Sander Devrieze.

xmpp:sander at devrieze.dyndns.org ( http://jabber.tk/ )



More information about the JDev mailing list