RE: [Asrg] 6. Proposals - Challenge/response - CRI
"Eric Dean" <eric@purespeed.com> Wed, 20 August 2003 15:47 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA15942 for <asrg-archive@odin.ietf.org>; Wed, 20 Aug 2003 11:47:09 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pVAb-0002hW-2T for asrg-archive@odin.ietf.org; Wed, 20 Aug 2003 11:46:45 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7KFkjP9010376 for asrg-archive@odin.ietf.org; Wed, 20 Aug 2003 11:46:45 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pVAa-0002hH-Vh for asrg-web-archive@optimus.ietf.org; Wed, 20 Aug 2003 11:46:44 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA15907; Wed, 20 Aug 2003 11:46:38 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19pVAZ-0002WX-00; Wed, 20 Aug 2003 11:46:43 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19pVAZ-0002WU-00; Wed, 20 Aug 2003 11:46:43 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pV9t-0002a6-VG; Wed, 20 Aug 2003 11:46:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pV9g-0002ZF-BS for asrg@optimus.ietf.org; Wed, 20 Aug 2003 11:45:48 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA15864 for <asrg@ietf.org>; Wed, 20 Aug 2003 11:45:41 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19pV9f-0002VU-00 for asrg@ietf.org; Wed, 20 Aug 2003 11:45:47 -0400
Received: from relay.purespeed.com ([63.210.22.4]) by ietf-mx with esmtp (Exim 4.12) id 19pV9e-0002VR-00 for asrg@ietf.org; Wed, 20 Aug 2003 11:45:46 -0400
Received: from sohonotebook (ip68-98-157-216.nv.nv.cox.net [68.98.157.216]) by relay.purespeed.com (Postfix Relay Hub) with ESMTP id 7BADA18283; Wed, 20 Aug 2003 11:31:43 -0400 (EDT)
From: Eric Dean <eric@purespeed.com>
To: 'Andrew Akehurst' <A.D.Akehurst-99@student.lboro.ac.uk>
Cc: asrg@ietf.org
Subject: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Message-ID: <00c401c36732$1e3a7880$0a01a8c0@sohonotebook>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <1061373123.3f4344c36494c@student-webmail.lboro.ac.uk>
Importance: Normal
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Wed, 20 Aug 2003 11:45:44 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
> > > > CRI-Sender-Exempt: asrg@ietf.org > > > > That way the recipient could whitelist the header for now and always. > > This seems like a reasonable suggestion. > > I'm not sure what would be reasonable software behaviour when > such a header is seen in an incoming message. To whitelist > automatically based on the presence of such a header would open > the system to abuse by spammers. I suppose well-behaved software > would ask the user whether they want to whitelist the address > and let the user decide. Yes, whitelisting could be easily abused. The intent is to prevent a challenge message from being returned...adding a mail list identifier would be convenient for identifying subsequent messages for whitelisting per user request. > > In general, when a CR-compliant MTA receives an incoming message > which claims to have been challenged and accepted... how can the MTA > at this stage ensure that such headers were not forged? You have to respond with a corresponding string that is either static or algorithmic. > I suppose it comes down to which systems have access to the consent > tokens for that specific sender/receiver pair: only the systems which > have access to those tokens can verify if they are valid. This could > be done using a cache scheme such as that raised recently by Danny > Angus: > > http://article.gmane.org/gmane.ietf.asrg/5760 We are not trying to be restrictive as to which algorithm to use...but instead produce a protocol that would accommodate many different approaches. > > Therein lies a major problem for CRI and indeed CR systems in general. > To find a way around the issue, it might be worth thinking about > the possible format of mailing list messages. We have an archive of such a detailed discussion a few months ago _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- Re: [Asrg] 6. Proposals - Challenge/response - CRI John Fenley
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Deven T. Corzine
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean