Trust is a Precursor to Net Services

MAAWG coalition unites operators in seeking to shift the odds.

When people want to tell me what theyre against, I usually counter by asking what theyre for. Only in politics can we say that "the enemy of my enemy is my friend": in technology, its much more difficult to find compatible friendships when the only common ground is a shared dislike.

Unsolicited commercial e-mail, or "spam" if you prefer, is a perfect example. We may all agree that were against its abuse, and there are any number of ways to control the problem, but each of them threatens someones distinctive view of what the Internet and e-mail ought to be able to do. A sender-pays system limits the important role of e-mail in consumer activism and political speech. A "white list" system of accepted senders prevents legitimate new market entrants from reaching potential willing customers. A "black list" system of known e-mail abusers triggers a costly arms race involving spammers, service providers, IT hardware and software providers and enterprise e-mail administrators.

What makes a solution much more urgent is the evolution of Internet traffic beyond the model of publishing pages and sending person-to-person messages. Device-to-device and process-to-process communication must rest on a trustworthy foundation that limits traffic to what we wish to receive, or at least provides accountability for the effects of what we knowingly or unknowingly accept.

The Internet as application platform is both more powerful and less observable than the Internet as faculty lunchroom, as this formerly academic network was once described.

Given that complexity and urgency, Im willing to go along with the "what were against" approach of the Messaging Anti-Abuse Working Group whose formation was announced in Boston last week. I spoke with Dale Malik, director of Communications Product Development for BellSouth, and with Rich Wong (general manager of messaging applications) and Omar Tellez (senior director of product development) at Openwave, representing two of MAAWGs 22 member ISPs and messaging services companies that collectively represent 80 million Internet users. We quickly converged on two key ideas: the nature of trust on the network, and the importance of reliable identification.

"Identification is an absolute baseline requirement," said Malik, but this doesnt mean the end of anonymity where thats an important part of what the Internet provides. He went on to add, "at the network operator level, not at the end user level." He compared Internet messaging to existing telecommunication industry arrangements: "In the telephony world, we have inter-carrier exchange agreements. Things like cellphone roaming have been effectively resolved, and I think we have the intellectual capital to resolve these things in similar ways," he predicted.

Openwaves Wong compared security for Internet messaging to the current practices applied in air travel. "If youre flying in from Canada, I dont ask for your fingerprint," he observed; "if youre flying in from [some other countries], I might. If were able to prevent identity forgery, or IP spoofing, so that I know whos attempting a connection with me, then I can place that party in one of my concentric circles of trust: I can apply policy against good guys and bad guys and everyone in between. I can apply expensive techniques against the ten per cent of the stream thats likely to be a problem, without wasting that expense against the twenty per cent or more of the traffic thats highly trustworthy," Wong concluded.

In Web services protocols today, security is not a gaping hole, but neither is it a core component of the services proposition. During a recent round-table discussion of Web services with key industry players and analysts, consultant Doug Kaye of RDS Strategies LLC observed that "if you control the authentication mechanisms on all ends of the system, then securitys going to be in pretty good shape rather quickly. If you have to go into an environment where you have to deal with security policies that are controlled by multiple organizations, thats not doable today in Web services"--that is, he added, not without moving beyond the boundaries of open standards.

Authentication remains a weak point in other aspects of network operation as well, exemplified by the January 9th advisory concerning an authentication loophole in Cisco Personal Assistant. Developers targeting the .Net framework have many powerful tools at their disposal, but it requires some effort to master them. Other potentially secure platforms like Apples Mac OS X are maturing quickly with the aid of third-party enhancements like CryptoCard Corp.s Crypto-Server X, recipient of best-of-show honors at this months MacWorld Expo.

With identification schemes moving to the next level of reliability and transparency, said Openwaves Wong, service operators will have the same edge as crack teams of blackjack players, like the team from MIT thats profiled in the book, "Bringing Down the House." With network operators knowing each other and being able to associate connections and traffic with levels of trust, said Wong, "people can play into high-probability situations." Not perfect solutions, but a dramatic shifting of the odds in favor of legitimate users of the network--because todays near-ignorance of whos doing what is one enemy that we all share.

What fatal flaws would you reject in an anti-spam solution?