Re: Bug#207300: tmda: Challenge-response is fundamentally broken

To: debian-devel@lists.debian.org, 207300@bugs.debian.org
Subject: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
From: Craig Sanders <cas@taz.net.au>
Date: Fri, 29 Aug 2003 15:48:13 +1000
Message-id: <[🔎] 20030829054813.GG31668@taz.net.au>
Mail-followup-to: debian-devel@lists.debian.org, 207300@bugs.debian.org
In-reply-to: <[🔎] 20030828152122.GI6771@flounder.net>
References: <[🔎] uiun0dv1n94.fsf@echo.linpro.no> <[🔎] 20030827113736.GB17793@riva.ucam.org> <[🔎] 20030827151241.GK28955@flounder.net> <[🔎] 20030827163007.GE29269@dragon.kitenet.net> <[🔎] 20030827184927.GA22393@riva.ucam.org> <[🔎] 20030827203453.GS28955@flounder.net> <[🔎] 20030828113525.GA28835@guildenstern.dyndns.org> <[🔎] 20030828152122.GI6771@flounder.net>

On Thu, Aug 28, 2003 at 08:21:22AM -0700, Adam McKenna wrote:
> On Thu, Aug 28, 2003 at 12:35:25PM +0100, Karsten M. Self wrote:
> > #2, Misplaced burden, is the reason for the 'grave' severity.
> 
> People have a right to ask that unkown people that e-mail them confirm the
> e-mail.  

the point that you keep on missing is that TMDA and similar programs send
"confirmation" emails to innocent third-parties who did *NOT* send an email.

TMDA and all C-R systems are broken-by-design, just as many stupid end-user
"autoresponders" and AV-scanners that send notifications back to the forged
sender address are broken-by-design.

such software is too brain-damaged to use.  there is more than enough spam,
viruses and other garbage clogging SMTP servers around the world without making
things worse by using programs which falsely claim to be part of the solution.

junk like this does not solve the problem, it is not part of the solution - it
just amplifies the original problem: every virus or spam with forged headers
results in even more "confirmation" and/or "notification" messages being sent
in response.

in short, it is automated spamware that contributes to denial of service
attacks.

craig

Reply to:

Follow-Ups:
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Adam McKenna <adam@flounder.net>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Brian May <bam@debian.org>

References:
- Re: tmda: Challenge-response is fundamentally broken
  - From: Tore Anderson <tore@linpro.no>
- Re: tmda: Challenge-response is fundamentally broken
  - From: Colin Watson <cjwatson@debian.org>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Adam McKenna <adam@flounder.net>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Joey Hess <joeyh@debian.org>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Colin Watson <cjwatson@debian.org>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Adam McKenna <adam@flounder.net>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: "Karsten M. Self" <kmself@ix.netcom.com>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Adam McKenna <adam@flounder.net>

Prev by Date: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
Next by Date: Re: libraries being removed from the archive
Previous by thread: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
Next by thread: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
Index(es):
- Date
- Thread