Insecurity by design

Bobbi makes a good point here.

The only real way to make the internet safe would be to go back and start from first principles, designing security in from the get-go.  Nothing about the underlying infrastructure was originally designed to be secure; security has always been a kludge draped on top of it by afterthought.  Simply encrypting the data portion of a TCP/IP packet isn’t sufficient; virtual private networks aren’t sufficient; longer and longer encryption keys aren’t the answer.  The network itself — which was probably perfectly secure when it was just the ARPANET and access (via leased lines) was limited to the military, academia, and a few corporations with a reason to be there (like BBN) — is simply not sufficiently secure for today’s all-access world, and isn’t going to be without a first-principles revamp.

I’ll speak for what I know personally — the email business.  Simple Mail Transport Protocol, first described in RFC821 in 1982 — 35 years ago! — was never a secure protocol, which is how it gets abused these days by spammers.*  All the attempts over the past 20+ years** to graft security on top of it either have been abject failures, have required major investment in poorly-thought-out SMTP firewall appliances, or have not received sufficient buy-in from major players.*** To wit:

  • DomainKeys is essentially being abandoned by its biggest proponent (and original creator), Yahoo.
  • DKIM is a joke, because the major players keep changing the rules.
  • SenderID and SPF are difficult to configure and require constant oversight as networks grow.
  • Blacklist and greylist maintainers are primarily reactive rather than proactive, and the rate of spurious blacklisting is unacceptably high.
  • Anti-spam packages like SpamAssassin are horribly complex, with rulesets you could spend a lifetime tweaking and still throw too many false positives.
  • Some firewall packages/appliances take it upon themselves to click every link in an email to check it for malicious content, which causes legitimate single-use links to fail (or worse, to cause things to actually happen that the recipient might not want to happen, like approving queued messages on a moderated mailing list) when the recipient receives the message. (Yes, Palo Alto Networks, I’m looking at YOU.)

I’ve been in the email business for close to a quarter-century, and I honestly don’t see how the spamming problem can truly be fixed short of building a completely new, secure-by-design infrastructure paralleling SMTP, and then demanding that everyone switch to it within a defined time frame or be cut off from the mail network.  And yes, using it will probably have to cost money, because the real way to hit spammers in the feels is to stop letting them use the mail system for free.

None of this actually solves the underlying problem of a creaking infrastructure that wasn’t designed to be secure in the first place, by the way. So the same is probably true of the whole TCP/IP network.  Eventually someone (probably the military, although I think they are already there with their combat systems) will get the bright idea to create a secure-by-design packet-switched network and the insecure one we have will go away.


* I include phishers and other email abusers in that designation for simplicity’s sake.

** Since the original “Green Card Spam” that got BITNET users up in arms when it leaked through USENET cross-connects into LISTSERV® mailing lists running on IBM mainframes worldwide.

*** AOL, Google, Yahoo!, TimeWarner, Comcast, Microsoft, etc. And more than not providing buy-in for various secure email schemes, these companies constantly make unilateral, unannounced, and incompatible changes to their anti-spam suites that violate existing protocol, meaning if you get your mail through one of them, you’re likely losing some mail that you’d probably prefer to be receiving.  Imagine being in my shoes and having to deal on Monday morning with thousands of legitimate emails bouncing back from, say, AOL after they break, er, change their filtering on Friday night.  And people wonder why I’m talking about retiring at 62.

Comment on Facebook