Re: Bug#207300: tmda: Challenge-response is fundamentally broken
On Wed, Aug 27, 2003 at 07:49:27PM +0100, Colin Watson wrote:
> On Wed, Aug 27, 2003 at 12:30:07PM -0400, Joey Hess wrote:
> > Adam McKenna wrote:
> > > The arguments are facile and specious, I do not intend to waste my
> > > precious time responding to them.
>
> That's a shame. I don't believe Karsten to be in the habit of putting
> forward specious arguments.
Well, let's see, I'll try to be brief:
#0, #1, #2 and #11 are basically opinion and rhetoric. Karsten has stated
that he has a 'religious' objection to CR, and I'm not willing to have a
debate about it. I've already noted some of the places that Karsten can go
if he wants a debate.
#3 blames CR for actions taken by an ISP (IOW, user configuration error).
#4 claims that CR is less effective without giving any empirical data to back
up that claim.
#5 claims a high false positive rate without giving any empirical data to
back up that claim.
#6 singles out CR for a DOS attack that all autoresponders and vacation
programs, as well as some MTA's are vulnerable to. In addition, the effect
of such an attack would still identify the original sending machine through
the headers of the quoted message, so it would basically be equivalent to
mailbombing someone from your own machine.
#7 does not apply to TMDA
#8 does not really make any sense at all. It seems like he is saying that
spammers might start to send out fake confirmation requests in order to
harvest e-mail addresses. This seems far-fetched at best.
#9 just sounds like a threat.
#10 blames CR for user configuration errors (failing to set up a proper
whitelist)
--Adam
--
Adam McKenna <adam@debian.org> <adam@flounder.net>
Reply to: