RE: [Asrg] 6. Proposals - Challenge/response - CRI
"Eric Dean" <eric@purespeed.com> Wed, 20 August 2003 20:18 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA07862 for <asrg-archive@odin.ietf.org>; Wed, 20 Aug 2003 16:18:13 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pZOv-0002uq-9A for asrg-archive@odin.ietf.org; Wed, 20 Aug 2003 16:17:49 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7KKHn7P011204 for asrg-archive@odin.ietf.org; Wed, 20 Aug 2003 16:17:49 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pZOv-0002ud-63 for asrg-web-archive@optimus.ietf.org; Wed, 20 Aug 2003 16:17:49 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA07824; Wed, 20 Aug 2003 16:17:42 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19pZOt-0007CU-00; Wed, 20 Aug 2003 16:17:47 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19pZOs-0007CR-00; Wed, 20 Aug 2003 16:17:46 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pZO9-0002mp-LK; Wed, 20 Aug 2003 16:17:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pZNH-0002cZ-QC for asrg@optimus.ietf.org; Wed, 20 Aug 2003 16:16:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA07710 for <asrg@ietf.org>; Wed, 20 Aug 2003 16:16:01 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19pZNG-00079z-00 for asrg@ietf.org; Wed, 20 Aug 2003 16:16:06 -0400
Received: from relay.purespeed.com ([63.210.22.4]) by ietf-mx with esmtp (Exim 4.12) id 19pZNF-00079o-00 for asrg@ietf.org; Wed, 20 Aug 2003 16:16:05 -0400
Received: from sohonotebook (ip68-98-157-216.nv.nv.cox.net [68.98.157.216]) by relay.purespeed.com (Postfix Relay Hub) with ESMTP id B12971819D; Wed, 20 Aug 2003 15:58:49 -0400 (EDT)
From: Eric Dean <eric@purespeed.com>
To: "'Deven T. Corzine'" <deven@ties.org>, 'Yakov Shafranovich' <research@solidmatrix.com>
Cc: 'Andrew Akehurst' <A.D.Akehurst-99@student.lboro.ac.uk>, asrg@ietf.org
Subject: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Message-ID: <001401c36757$6ea7c410$0a01a8c0@sohonotebook>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <Pine.LNX.4.33.0308201326060.25117-100000@escher.ties.org>
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Wed, 20 Aug 2003 16:12:51 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Yes considering many CR systems use CR URLs such as http://cr.foo.com/?sender=joe@foo.com&rcpt=sue@bar.com There's a lot of room for improvement. > -----Original Message----- > From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org] On Behalf Of Deven > T. Corzine > Sent: Wednesday, August 20, 2003 1:42 PM > To: Yakov Shafranovich > Cc: Andrew Akehurst; asrg@ietf.org > Subject: Re: [Asrg] 6. Proposals - Challenge/response - CRI > > On Wed, 20 Aug 2003, Yakov Shafranovich wrote: > > > > > I think the only really significant semantic suggestion I'm making > > > > is that a hash of the body of a message should be included to > > > > prevent forgeries of level-two systems. > > > > That has been mentioned before and is a pretty good idea. It also > > alleviates some privacy concerns since the originating MTA/MUA does not > > have to store copies of messages, but can store MD5 hashes instead. > > Using a hash is an obvious thing to do, but it begs the question of > exactly > what you're hashing. You can't safely hash the entire message because the > headers change on every hop, at least for Received: lines. Other headers > might be mangled or normalized as well. You can ignore the header, but it > would be good to validate parts of it. Even if you just hash the body, > you > have to be concerned about the message being mangled by intermediate MTAs. > > Now, you could Base64-encode the content to protect it against mangling, > but that renders the plaintext of the message unreadable. You could strip > out all characters but the ones used for Base64 encoding, and hash that. > Perhaps quoted-printable encoding would be another semi-readable option. > > PGP has to deal with this issue for "clear-signed" messages -- how does it > address this issue? (Or does it depend on the body not getting mangled to > be able to verify the signature?) > > Of course, another option is to simply use PGP. This seems the obvious > answer for mailing lists -- the mailing list should clear-sign all valid > messages with a private key used only for that mailing list, and have the > user whitelist that PGP key (perhaps by keeping a copy signed with their > own PGP key?) -- then no spammer could forge messages appearing to be from > that mailing list... > > Deven > > > _______________________________________________ > Asrg mailing list > Asrg@ietf.org > https://www1.ietf.org/mailman/listinfo/asrg _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- Re: [Asrg] 6. Proposals - Challenge/response - CRI John Fenley
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Deven T. Corzine
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean