Re: FYI - IBM's open source secure MTA Mark S. Miller (markm@erights.org)
Wed, 16 Dec 1998 16:43:00 -0800

At 01:36 PM 12/16/98 , Bill Frantz wrote:
>[-] Either I didn't express myself well, or Jim misunderstood. Protecting
>against denial of service attacks is hard. E, to its discredit, doesn't
>even try.
>
>... E fills the authentication holes and adds
>privacy. As far as I can tell, vmailer doesn't do either privacy or
>authentication, but it does do denial of service.

For simplicity, I'm going to phrase the following in first person, as if I was the main creator of E and its influential ancestors, which is most certainly not true!! However, I need to speak of the perspective from which they were created, and I don't wish to speak for anyone but myself.

E deals with authentication and privacy, first, because I knew it was possible to solve these problems, and second, because I was able to figure out how to solve them. On both of these, E does not step into an unwinnable arms race, except that of cryptography vs cryptanalysis. Of all arms races in computer security, only in this race do we have confidence that the good guys have a sustainable exponential upper hand.

E does not deal with denial-of-service because I've never heard a case that this was possible on open networks, and the "solutions" I've heard sound instead like unwinnable arms races. If that's right, I'd rather spend my time on winnable battles. However, if that's wrong, please let us know! Are there general principles for being safe against denial of service on open networks? It sounds like this email system may embody some principles we can learn from. Would such solutions be something that can be modularly added later?

	Cheers,
	--MarkM