Monday, March 28, 2005

VoIP Progress Can't Come at the Expense of Security

'Most people agree that e-mail spam is out of control. But since the e-mail network isn’t governed by a central authority for identifying and authenticating its users, there’s nothing that can be done about it. A massive shift in thinking is required in order to implement a solution that can eliminate spam—an all-participants-required authentication scheme of some sort. That means, in order to send an e-mail, you have to be who you claim to be.

Lots of proposals have been bandied about. Some rely upon extensions to the DNS system. This is the approach I prefer. That is, if you want to originate mail from a certain domain, you must provide an authentication token that’s congruent with the domain’s public key or security certificate. Suddenly, e-mail will be harder to use. Microsoft’s response has been to propose an elaborate, reactive solution that is more inclusive of SMTP’s software legacy. But in the long term, if we want to be free of spam, the system is going to need an overhaul, not an overlay.'
Source: VoIP Progress Can’t Come at the Expense of Security


Post a Comment

<< Home