Re: [Asrg] C/R Framework

Yakov Shafranovich <research@solidmatrix.com> Thu, 15 May 2003 15:58 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA13396 for <asrg-archive@odin.ietf.org>; Thu, 15 May 2003 11:58:56 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4FFQ0f10339 for asrg-archive@odin.ietf.org; Thu, 15 May 2003 11:26:00 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FFQ0B10336 for <asrg-web-archive@optimus.ietf.org>; Thu, 15 May 2003 11:26:00 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA13286; Thu, 15 May 2003 11:58:25 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19GL9Y-0000Kt-00; Thu, 15 May 2003 12:00:20 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19GL9X-0000Kq-00; Thu, 15 May 2003 12:00:19 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FFL6B10102; Thu, 15 May 2003 11:21:06 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FFKJB10052 for <asrg@optimus.ietf.org>; Thu, 15 May 2003 11:20:19 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA13048 for <asrg@ietf.org>; Thu, 15 May 2003 11:52:45 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19GL43-0000IM-00 for asrg@ietf.org; Thu, 15 May 2003 11:54:39 -0400
Received: from 000-253-545.area7.spcsdns.net ([68.27.230.54] helo=68.27.230.54 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19GL41-0000IH-00 for asrg@ietf.org; Thu, 15 May 2003 11:54:38 -0400
Message-Id: <5.2.0.9.2.20030515115340.00bafae8@std5.imagineis.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
To: asrg@ietf.org
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: Re: [Asrg] C/R Framework
In-Reply-To: <E19GFWa-0006OG-00@argon.connect.org.uk>
References: <MBEKIIAKLDHKMLNFJODBMEPDFCAA.eric@purespeed.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
X-GCMulti: 1
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 15 May 2003 11:55:32 -0400

At 10:59 AM 5/15/2003 +0100, Jon Kyme wrote:

> > of
> > My intent is to throw something down on the table that's at
> > least wrong and allow for an exchange of ideas regarding how to proceed
> > if
> > at all.
> >
> >
><quote>
>Privacy
>Concerns exist regarding data collection of correspondences between certain
>senders and recipients however such information is available in most
>mailing systems
></quote>
>
>Well, that's just a red rag to *some* bulls :-)
>
>I don't think that asserting that the same concerns apply to *other*
>systems
>adequately addresses concerns applying to *these* systems. Plus also - it's
>not strictly true, since the *necessarily* long life of this data in a C/R
>system has implications.

There are several privacy concerns - the whitelist primarily. Also, if the 
challenge message contains the receivers email address that might be a 
problem too. As I mentioned before, perhaps we should not store plain email 
addresses - but some form of checksum or something. Even though that is 
susceptible to dictionary attacks, the attacker must know what he is 
looking for. This will at least protect against people snooping at messages.

---------------------------------------------------------------------------------------------------
Yakov Shafranovich / <research@solidmatrix.com>
SolidMatrix Research, a division of SolidMatrix Technologies, Inc.
---------------------------------------------------------------------------------------------------
"One who watches the wind will never sow, and one who keeps his eyes on
the clouds will never reap" (Ecclesiastes 11:4)
---------------------------------------------------------------------------------------------------  

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg