IETF Logo Mail Archive

RE: [Asrg] Introduction and another idea

Kee Hinckley <nazgul@somewhere.com> Sat, 21 June 2003 17:28 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA11312 for <asrg-archive@odin.ietf.org>; Sat, 21 Jun 2003 13:28:35 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5LHS9A15920 for asrg-archive@odin.ietf.org; Sat, 21 Jun 2003 13:28:09 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Tm9p-00048h-Fb for asrg-web-archive@optimus.ietf.org; Sat, 21 Jun 2003 13:28:09 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA11286; Sat, 21 Jun 2003 13:28:04 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Tm9n-0000IT-00; Sat, 21 Jun 2003 13:28:07 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Tm9m-0000IM-00; Sat, 21 Jun 2003 13:28:06 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Tm9h-00044R-G2; Sat, 21 Jun 2003 13:28:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Tm8l-000448-KH for asrg@optimus.ietf.org; Sat, 21 Jun 2003 13:27:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA11275 for <Asrg@ietf.org>; Sat, 21 Jun 2003 13:26:59 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Tm8j-0000ID-00 for Asrg@ietf.org; Sat, 21 Jun 2003 13:27:01 -0400
Received: from www.somewhere.com ([66.92.72.194] helo=somewhere.com) by ietf-mx with esmtp (Exim 4.12) id 19Tm8i-0000I9-00 for Asrg@ietf.org; Sat, 21 Jun 2003 13:27:00 -0400
Received: from [66.92.72.194] (account nazgul HELO [192.168.1.104]) by somewhere.com (CommuniGate Pro SMTP 3.5.7) with ESMTP-TLS id 2471149; Sat, 21 Jun 2003 13:26:57 -0400
Mime-Version: 1.0
X-Sender: nazgul@somewhere.com@pop.messagefire.com
Message-Id: <p06001709bb1a28b1011b@[192.168.1.104]>
In-Reply-To: <B0000024128@nts1.terabites.com>
References: <B0000024128@nts1.terabites.com>
To: gep2@terabites.com
From: Kee Hinckley <nazgul@somewhere.com>
Subject: RE: [Asrg] Introduction and another idea
Cc: bob@wyman.us, Asrg@ietf.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sat, 21 Jun 2003 11:30:14 -0400

At 5:26 PM -0500 6/20/03, gep2@terabites.com wrote:
>It's not "useful" to recipients who have no way of dealing with those
>attachments.   And those are the folks who you're saying should find them,
>unwanted, in their E-mail inboxes just because the sender has this 
>geeky feeling
>that they're somehow "cool".

I typically sign all my email.  The only reason I'm not now is 
because I'm waiting for a new version of the plugin.  This has 
nothing to do with "cool".  It has to do with being able to verify 
what I actually said.  Whether the recipient has the necessary 
software is irrelevant.  They have the message, and should it be 
necessary, they (or anyone else) can verify that it came from me.

But of course the most critical thing here you are missing in Bob's 
message is the issue of verification.  You keep talking about "first 
time" as though it means something.  One of the major issues 
discussed on this group is the question of how you identify a person. 
It's something you need to do for whitelisting.  And it's something 
that virtually every proposal on this list depends on to one extent 
or another.  Your proposal depends on it too.  If a large number of 
systems on the internet start depending on whitelisting, then 
spammers will start seeking out ways of sending you email from 
addresses that you have probably whitelisted.  The whole point of a 
signature is to attach an unforgeable identity to a message.  In fact 
the most useful time to have that identity nailed down *is* the first 
time you receive a message.  By ruling that out, you have opened a 
hole in the security of your solution, and the spammers will happily 
walk right into it if they have nowhere else to go.

(For discussions of how spammers could (and do) find out who you have 
white-listed, search the archives.)

-- 
Kee Hinckley
http://www.messagefire.com/          Anti-Spam Service for your POP Account
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email