Re: [Asrg] seeking comments on new RMX article
Hadmut Danisch <hadmut@danisch.de> Tue, 06 May 2003 16:19 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA28224 for <asrg-archive@odin.ietf.org>; Tue, 6 May 2003 12:19:37 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h46GSAT05603 for asrg-archive@odin.ietf.org; Tue, 6 May 2003 12:28:10 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h46GSA805600 for <asrg-web-archive@optimus.ietf.org>; Tue, 6 May 2003 12:28:10 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA28214; Tue, 6 May 2003 12:19:07 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19D5Bo-0000Kw-00; Tue, 06 May 2003 12:21:12 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19D5Bn-0000Kt-00; Tue, 06 May 2003 12:21:11 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h46GQ5805496; Tue, 6 May 2003 12:26:05 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h46GPZ805471 for <asrg@optimus.ietf.org>; Tue, 6 May 2003 12:25:35 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA28010 for <asrg@ietf.org>; Tue, 6 May 2003 12:16:31 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19D59I-0000K4-00 for asrg@ietf.org; Tue, 06 May 2003 12:18:36 -0400
Received: from sklave3.rackland.de ([213.133.101.23]) by ietf-mx with esmtp (Exim 4.12) id 19D59H-0000K1-00 for asrg@ietf.org; Tue, 06 May 2003 12:18:35 -0400
Received: from sodom (uucp@localhost) by sklave3.rackland.de (8.12.9/8.12.9/Debian-1) with BSMTP id h46GJM7T019288; Tue, 6 May 2003 18:19:22 +0200
Received: (from hadmut@localhost) by sodom.home.danisch.de (8.12.9/8.12.9/Debian-1) id h46GJ39Z001564; Tue, 6 May 2003 18:19:03 +0200
From: Hadmut Danisch <hadmut@danisch.de>
To: Dave Crocker <dcrocker@brandenburg.com>
Cc: asrg@ietf.org
Subject: Re: [Asrg] seeking comments on new RMX article
Message-ID: <20030506161903.GA1469@danisch.de>
References: <Pine.LNX.4.44.0305051946590.11255-100000@tamale.caltech.edu> <200305060550.h465olHn011387@calcite.rhyolite.com> <2335175049.20030506075958@brandenburg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <2335175049.20030506075958@brandenburg.com>
User-Agent: Mutt/1.4i
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 06 May 2003 18:19:03 +0200
On Tue, May 06, 2003 at 07:59:58AM -0700, Dave Crocker wrote: > ps. It strikes me that the RMX proposal is conceptually similar to the > old IDENT specification which purported to offer wonderful security but > was soundly rejected by the security community. No, you completely missed the point and you still don't understand how RMX works. IDENT was useless, because the peer machine itself gives any random answer. IDENT was useful as long as there were a few big UNIX and VMS machines where hundreds of users logged in but hadn't have root access. Today we are in the personal computer and Windows age, where everyone is his own admin and can reply anything he wants. Since the IDENT query is directed to exactly where the TCP connection came from, you are asking the attacker "what's your name". Obviously, if the attacker uses a wrong sender address for SMTP, he won't give a better answer for IDENT. That's why IDENT became useless. In contrast, RMX doesn't ask the sending MTA, which could be the attacker, but a third party, which can be relied on since the query path doesn't depend on the incoming SMTP connection. Again, please inform yourself before posting. Wouldn't it be a good idea to take a few minutes and read the RMX draft before going on with flaming? Hadmut _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Sauer, Damon
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Daniel Feenberg
- [Asrg] RMX and Privacy Yakov Shafranovich
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article Daniel Feenberg
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article David Walker
- [Asrg] Misunderstandings... Alan DeKok
- [RANT] RE: [Asrg] seeking comments on new RMX art… Sauer, Damon
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article Damian Gerow
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] RMX and Privacy Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Damian Gerow
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Steven F Siirila
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Claus Assmann
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- [Asrg] Is there anything good enough? Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Barry Shein
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- RE: [Asrg] seeking comments on new RMX article Yakov Shafranovich
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Eric Brunner-Williams in Portland Maine
- [Asrg] RMX example Hadmut Danisch
- [Asrg] Willfull and intentional misunderstandings Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Bob Atkinson
- Re: [Asrg] Willfull and intentional misunderstand… Dave Crocker
- Re: [Asrg] Willfull and intentional misunderstand… Michael Rubel
- Re: [Asrg] Willfull and intentional misunderstand… Damian Gerow
- Re: [Asrg] Willfull and intentional misunderstand… Dave Crocker
- Re: [Asrg] Is there anything good enough? Barry Shein
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] Willfull and intentional misunderstand… Damian Gerow
- Re: [Asrg] seeking comments on new RMX article Barry Shein
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] Willfull and intentional misunderstand… Barry Shein
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Bob Atkinson
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Bob Atkinson
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Yakov Shafranovich
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] Willfull and intentional misunderstand… Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Yakov Shafranovich
- Re: [Asrg] Willfull and intentional misunderstand… Hadmut Danisch
- Re: [Asrg] rhetoric style Hadmut Danisch
- Re: [Asrg] rhetoric style Jon Kyme
- Re: [Asrg] rhetoric style J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Kee Hinckley
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] rhetoric style Ken Hirsch
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Consent (was Re: [Asrg] seeking comments on new R… Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- Re: Consent (was Re: [Asrg] seeking comments on n… J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: Consent (was Re: [Asrg] seeking comments on n… Alan DeKok
- Re: [Asrg] Is there anything good enough? - Spoof… Barry Shein
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- RE: [Asrg] seeking comments on new RMX article Hallam-Baker, Phillip
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- RE: [Asrg] Willfull and intentional misunderstand… Tom Thomson
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [MLIST] Re: [Asrg] Is there anything good eno… David Walker
- Re: [Asrg] Willfull and intentional misunderstand… Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Hallam-Baker, Phillip
- Re: [Asrg] Is there anything good enough? - Spoof… Mike Rubel
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article waltdnes
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- RE: [Asrg] seeking comments on new RMX article Tom Thomson