Re: FYI: Are you still looking for an excuse to block executable attachments?

From: Ames, Neil (NAmes_at_ANTEON.COM)
Date: 01/27/04

  • Next message: http-equiv_at_excite.com: "GOOROO CROSSING: File Spoofing Internet Explorer 6"
    Date:         Tue, 27 Jan 2004 11:52:01 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Russ and Nick,
       I like Russ' idea of stripping the attachments, restricting them to approved receivers, scanning them, and providing the link to the stuff in the e-mail. That doesn't break the infrastructure for delivering important documents and information--the elimination of which is just another DoS. The way to use signed and/or encrypted mail, to accept the "unbidden" stuff that we want assured is not spam, is to sprinkle trusted CA's in the mix. We all have a vested interest in this, and it's overdue. I just checked and Verisign's "Digital IDs for Secure E-mail " cost $15 per year. The cost of a user's certificate seems cheaper than pretty much any clean-up, probably cheaper than any spam filter, and offers a whole category of additional capabilities. (Heck, we could end up with a real PK infrastructure and eliminate passwords in the process.) We could filter out any mail that is not signed by a certificate issued by a trusted CAs. Were we all to get together and set a deadline for that (maybe Ray Tomlinson's birthday, in 2005) we could end up with web of trust, and trust-based applications, that would be much harder to subvert for spam or anything else. This seems like an opportunity. Maybe the CEAS is the place to press these old efforts forward and solve not just an e-mail problem. How hard can this be???
     
     
    Thank you,
     
    Fritz Ames
     
     


  • Next message: http-equiv_at_excite.com: "GOOROO CROSSING: File Spoofing Internet Explorer 6"