RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
William Leibzon <william@completewhois.com> Fri, 21 May 2004 07:58 UTC
Received: from optimus.ietf.org (www.iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA13341 for <asrg-archive@odin.ietf.org>; Fri, 21 May 2004 03:58:47 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BR4rH-0007FC-03 for asrg-archive@odin.ietf.org; Fri, 21 May 2004 03:54:25 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4L7sM3c027841 for asrg-archive@odin.ietf.org; Fri, 21 May 2004 03:54:22 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BR4mO-00062Y-Ef for asrg-web-archive@optimus.ietf.org; Fri, 21 May 2004 03:49:20 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA13044 for <asrg-web-archive@ietf.org>; Fri, 21 May 2004 03:49:18 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BR4mL-00001A-UZ for asrg-web-archive@ietf.org; Fri, 21 May 2004 03:49:18 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BR4lL-0007iE-00 for asrg-web-archive@ietf.org; Fri, 21 May 2004 03:48:16 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BR4lD-0007c2-00 for asrg-web-archive@ietf.org; Fri, 21 May 2004 03:48:08 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BR4ca-0003vf-Vl; Fri, 21 May 2004 03:39:12 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BR4V0-0001yf-VK for asrg@optimus.ietf.org; Fri, 21 May 2004 03:31:22 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA12423 for <asrg@ietf.org>; Fri, 21 May 2004 03:31:20 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BR4Uy-0005Wm-ID for asrg@ietf.org; Fri, 21 May 2004 03:31:20 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BR4UJ-0005Q9-00 for asrg@ietf.org; Fri, 21 May 2004 03:30:40 -0400
Received: from cwhois1.completewhois.com ([216.151.192.222] helo=mail.completewhois.com) by ietf-mx with esmtp (Exim 4.12) id 1BR4Tm-0005FE-00 for asrg@ietf.org; Fri, 21 May 2004 03:30:06 -0400
Received: by mail.completewhois.com (Postfix, from userid 500) id 5CDF018A02; Fri, 21 May 2004 00:36:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.completewhois.com (Postfix) with ESMTP id 574354C06D; Fri, 21 May 2004 00:36:57 -0700 (PDT)
From: William Leibzon <william@completewhois.com>
To: Chris <asrg@rebel.com.au>
Cc: ASRG <asrg@ietf.org>
Subject: RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
In-Reply-To: <GPEMJLCHICHEGPOKJHHDIEMGHPAA.asrg@rebel.com.au>
Message-ID: <Pine.LNX.4.44.0405200125060.4434-100000@cwhois1.completewhois.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Fri, 21 May 2004 00:36:57 -0700
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
You're missing the point. You can't assume that everybody would start running DomainKeys systems all over the world. As such any proposal should ensure that if sender system is using it, that the MTA server on the recepient side can safely verify the email even if somewhere in between it passed through MTA systems which have no idea about what this proposal is about. Domainkeys in the way its been published does not meet this criteria as there are many cases when intermediate MTAs change or add additional headers. On Thu, 20 May 2004, Chris wrote: > > > > Big problem I have with it is that yahoo domain keys breaks with email > > forwarders, mail lists and roaming users > > I don't understand why you say this. > > Roaming users still have to log into an ISP somewhere to send their email. > if The ISP is prepared to let them access the mail system the ISP becomes > responsible for what they do. So they should at the very least validate > them. > > Mail forwarders can sign the mail. they must accept responsibilty for the > forwarding as above. > > Mailing lists must also be held accountable for what they send. they are > simply another 'injection point' and can validate the sender before > inserting it into the list. > > > email content must be changed in process > > of tranmission > > Why 'must' content be changed? > > headers need to be added and those should be signed off as well as the > previous mta's signature. granted this additional signing increases the load > especially for the MTR, but if Spam is reduced then the initial load would > be reduced anyway. > > If content MUST be changed then the authority changing the content becomes > the owner. and therefore responsible for the 'new' email. > > Regards > Chris > > > > > -----Original Message----- > > From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org]On Behalf Of > > William Leibzon > > Sent: Thursday, 20 May 2004 4:17 AM > > To: ASRG > > Subject: Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for > > DomainKeys] > > > > > > And frankly, I'm less then satisfied after so many promises and lots of > > wait for it. Its long document (which I ready fully) that primarily just > > pounds on rather old idea of entering public key in dns and using private > > key to add signed header to email, this idea had been around for at least > > 4 years (possibly more) and I thought they found ways around above listed > > and other similar problems when email content must be changed in process > > of tranmission by intermediate server, but unfortunetly they did not. Nor > > do they address entering keys too well, again we're back to reusing TXT > > (where as what we need is standard for entering public keys in DNS and > > this is needed not only for email but for several others things and in > > general would come usefull, there have been drafts about this actually). > > > > On Tue, 18 May 2004, Yakov Shafranovich wrote: > > > > > From MARID list. > > > > > > -------- Original Message -------- > > > Subject: Yahoo! Mail Publishes Specification for DomainKeys > > > Date: Tue, 18 May 2004 10:46:32 -0400 > > > From: Larry Seltzer <larry@larryseltzer.com> > > > To: 'IETF MARID WG' <ietf-mxcomp@imc.org> > > > > > > > > > (see http://antispam.yahoo.com/domainkeys in particular) > > > > > > LJS > > > > > > Yahoo! Mail Publishes Specification for DomainKeys > > > > > > E-mail Authentication Solution Filed with IETF; > > > > > > Alpha Version of Open Source Code Available > > > > > > WHAT: > > > > > > On Tuesday, May 18, Yahoo! announces the publication of its > > > specification on DomainKeys, > > > a cryptographic e-mail authentication solution to help fight spam. > > > > > > DomainKeys: In order to attack spam at its roots, a powerful > > solution is > > > needed that can > > > verify the identity of the e-mail sender and put an end to spoofing and > > > forgery. > > > DomainKeys help fight spam by providing strong assurance of both the > > > sender's identity > > > and the integrity of the e-mail content through the use of > > > public/private key > > > cryptography. > > > > > > On Monday, May 17, the company filed the spec as an Internet-draft with > > > the IETF > > > (Internet Engineering Task Force) standards body to begin the > > > standardization process. > > > > > > Additionally, Yahoo! is currently developing a reference implementation > > > for DomainKeys > > > that can be plugged into Message Transfer Agents (MTAs), such as qmail. > > > An alpha version > > > of this software will be released under a royalty free license at > > > SourceForge.net. > > > > > > WHERE: > > > > > > The specification, license terms and FAQs are posted on Yahoo!'s > > > Anti-Spam Resource > > > Center: http://antispam.yahoo.com > > > The alpha version of the software will be hosted at SourceForge.net at: > > > http://sourceforge.net/index.php > > > > > > -- > > > Yakov Shafranovich / asrg <at> shaftek.org > > > SolidMatrix Technologies, Inc. / research <at> solidmatrix.com > > > "There is nothing new under the sun" (Eccls. 1:9) > > > > > > _______________________________________________ > > > Asrg mailing list > > > Asrg@ietf.org > > > https://www1.ietf.org/mailman/listinfo/asrg > > > > > > > > > _______________________________________________ > > Asrg mailing list > > Asrg@ietf.org > > https://www1.ietf.org/mailman/listinfo/asrg _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] [Fwd: Yahoo! Mail Publishes Specification … Yakov Shafranovich
- [Asrg] 6 - Yahoo Domain Keys Chris
- Re: [Asrg] 6 - Yahoo Domain Keys Seth Breidbart
- Re: [Asrg] 6 - Yahoo Domain Keys Barry Shein
- Re: [Asrg] 6 - Yahoo Domain Keys John Levine
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… John Levine
- [Asrg] Re: 6 - Yahoo Domain Keys Philip Miller
- Re: [Asrg] 6 - Yahoo Domain Keys Alan DeKok
- Re: [Asrg] 6 - Yahoo Domain Keys George Ou
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Mark Baugher
- Re: [Asrg] 6 - Yahoo Domain Keys Matt Sergeant
- Re: [Asrg] Re: 6 - Yahoo Domain Keys Barry Shein
- Re: [Asrg] 6 - Yahoo Domain Keys Barry Shein
- Re: [Asrg] 6 - Yahoo Domain Keys Barry Shein
- Re: [Asrg] 6 - Yahoo Domain Keys Seth Breidbart
- Re: [Asrg] Re: 6 - Yahoo Domain Keys der Mouse
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… William Leibzon
- Re: [Asrg] 6 - Yahoo Domain Keys Barry Shein
- Re: [Asrg] Re: 6 - Yahoo Domain Keys William Leibzon
- Re: [Asrg] 6 - Yahoo Domain Keys George Ou
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Matthew Elvey
- RE: [Asrg] 6 - Yahoo Domain Keys Chris
- RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Chris
- blacklisting throwaway domains, was Re: [Asrg] Re… Tony Finch
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… John Capo
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Yakov Shafranovich
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Yakov Shafranovich
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Matthew Elvey
- Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Yakov Shafranovich
- RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… William Leibzon
- RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specificat… Chris