IETF Logo Mail Archive

RE: [Asrg] 6. Proposals - Challenge/response - CRI

"Eric Dean" <eric@purespeed.com> Thu, 21 August 2003 14:57 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08816 for <asrg-archive@odin.ietf.org>; Thu, 21 Aug 2003 10:57:33 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pqs5-0002OK-BF for asrg-archive@odin.ietf.org; Thu, 21 Aug 2003 10:57:09 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7LEv5Di009188 for asrg-archive@odin.ietf.org; Thu, 21 Aug 2003 10:57:05 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pqs5-0002O7-71 for asrg-web-archive@optimus.ietf.org; Thu, 21 Aug 2003 10:57:05 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08796; Thu, 21 Aug 2003 10:56:58 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19pqs2-0004E0-00; Thu, 21 Aug 2003 10:57:02 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19pqs2-0004Dw-00; Thu, 21 Aug 2003 10:57:02 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pqr4-0002Iw-TM; Thu, 21 Aug 2003 10:56:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pqqT-0002IO-Aj for asrg@optimus.ietf.org; Thu, 21 Aug 2003 10:55:26 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08741 for <asrg@ietf.org>; Thu, 21 Aug 2003 10:55:18 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19pqqQ-0004CY-00 for asrg@ietf.org; Thu, 21 Aug 2003 10:55:22 -0400
Received: from relay.purespeed.com ([63.210.22.4]) by ietf-mx with esmtp (Exim 4.12) id 19pqqQ-0004CV-00 for asrg@ietf.org; Thu, 21 Aug 2003 10:55:22 -0400
Received: from sohonotebook (ip68-98-157-216.nv.nv.cox.net [68.98.157.216]) by relay.purespeed.com (Postfix Relay Hub) with ESMTP id 8AE06180EE; Thu, 21 Aug 2003 10:40:54 -0400 (EDT)
From: Eric Dean <eric@purespeed.com>
To: 'david nicol' <whatever@davidnicol.com>, "'Deven T. Corzine'" <deven@ties.org>
Cc: 'Yakov Shafranovich' <research@solidmatrix.com>, 'Andrew Akehurst' <A.D.Akehurst-99@student.lboro.ac.uk>, asrg@ietf.org
Subject: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Message-ID: <00a201c367f4$2cc33e60$0a01a8c0@sohonotebook>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
In-Reply-To: <1061420903.1185.4.camel@plaza.davidnicol.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Thu, 21 Aug 2003 10:54:51 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

I'm not sure that we have to approve anything...we just have to have a
protocol provide capabilities for interoperability..we don't have to
select a method..but rather design a protocol that will accommodate.

> -----Original Message-----
> From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org] On Behalf Of
david
> nicol
> Sent: Wednesday, August 20, 2003 7:12 PM
> To: Deven T. Corzine
> Cc: Yakov Shafranovich; Andrew Akehurst; asrg@ietf.org
> Subject: Re: [Asrg] 6. Proposals - Challenge/response - CRI
> 
> On Wed, 2003-08-20 at 12:42, Deven T. Corzine wrote:
> 
> > > > > I think the only really significant semantic suggestion I'm
making
> > > > > is that a hash of the body of a message should be included to
> > > > > prevent forgeries of level-two systems.
> > >
> > > That has been mentioned before and is a pretty good idea. It also
> > > alleviates some privacy concerns since the originating MTA/MUA
does
> not
> > > have to store copies of messages, but can store MD5 hashes
instead.
> >
> > Using a hash is an obvious thing to do, but it begs the question of
> exactly
> > what you're hashing.  You can't safely hash the entire message
because
> the
> > headers change on every hop, at least for Received: lines.  Other
> headers
> > might be mangled or normalized as well.  You can ignore the header,
but
> it
> > would be good to validate parts of it.  Even if you just hash the
body,
> you
> > have to be concerned about the message being mangled by intermediate
> MTAs.
> 
> 
> I imagine one would hash all the MIME parts together.  Or do whatever
> GPG does with a MIME message.  This but has been solved, there is only
> to select an approach and approve it.
> 
> 
> 
> --
> David Nicol / If at first you don't succeed, use a bigger hammer.
>                                         http://gallaghersmash.com
> 
> 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email