IETF Logo Mail Archive

RE: [Asrg] 6. Proposals - Challenge/response - CRI

"Eric Dean" <eric@purespeed.com> Wed, 20 August 2003 15:47 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA15942 for <asrg-archive@odin.ietf.org>; Wed, 20 Aug 2003 11:47:09 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pVAb-0002hW-2T for asrg-archive@odin.ietf.org; Wed, 20 Aug 2003 11:46:45 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7KFkjP9010376 for asrg-archive@odin.ietf.org; Wed, 20 Aug 2003 11:46:45 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pVAa-0002hH-Vh for asrg-web-archive@optimus.ietf.org; Wed, 20 Aug 2003 11:46:44 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA15907; Wed, 20 Aug 2003 11:46:38 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19pVAZ-0002WX-00; Wed, 20 Aug 2003 11:46:43 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19pVAZ-0002WU-00; Wed, 20 Aug 2003 11:46:43 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pV9t-0002a6-VG; Wed, 20 Aug 2003 11:46:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pV9g-0002ZF-BS for asrg@optimus.ietf.org; Wed, 20 Aug 2003 11:45:48 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA15864 for <asrg@ietf.org>; Wed, 20 Aug 2003 11:45:41 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19pV9f-0002VU-00 for asrg@ietf.org; Wed, 20 Aug 2003 11:45:47 -0400
Received: from relay.purespeed.com ([63.210.22.4]) by ietf-mx with esmtp (Exim 4.12) id 19pV9e-0002VR-00 for asrg@ietf.org; Wed, 20 Aug 2003 11:45:46 -0400
Received: from sohonotebook (ip68-98-157-216.nv.nv.cox.net [68.98.157.216]) by relay.purespeed.com (Postfix Relay Hub) with ESMTP id 7BADA18283; Wed, 20 Aug 2003 11:31:43 -0400 (EDT)
From: Eric Dean <eric@purespeed.com>
To: 'Andrew Akehurst' <A.D.Akehurst-99@student.lboro.ac.uk>
Cc: asrg@ietf.org
Subject: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Message-ID: <00c401c36732$1e3a7880$0a01a8c0@sohonotebook>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <1061373123.3f4344c36494c@student-webmail.lboro.ac.uk>
Importance: Normal
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Wed, 20 Aug 2003 11:45:44 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

> >
> > CRI-Sender-Exempt: asrg@ietf.org
> >
> > That way the recipient could whitelist the header for now and
always.
> 
> This seems like a reasonable suggestion.
> 
> I'm not sure what would be reasonable software behaviour when
> such a header is seen in an incoming message. To whitelist
> automatically based on the presence of such a header would open
> the system to abuse by spammers. I suppose well-behaved software
> would ask the user whether they want to whitelist the address
> and let the user decide.

Yes, whitelisting could be easily abused.  The intent is to prevent a
challenge message from being returned...adding a mail list identifier
would be convenient for identifying subsequent messages for whitelisting
per user request.
 
> 
> In general, when a CR-compliant MTA receives an incoming message
> which claims to have been challenged and accepted... how can the MTA
> at this stage ensure that such headers were not forged?

You have to respond with a corresponding string that is either static or
algorithmic.
 
> I suppose it comes down to which systems have access to the consent
> tokens for that specific sender/receiver pair: only the systems which
> have access to those tokens can verify if they are valid. This could
> be done using a cache scheme such as that raised recently by Danny
> Angus:
> 
>   http://article.gmane.org/gmane.ietf.asrg/5760


We are not trying to be restrictive as to which algorithm to use...but
instead produce a protocol that would accommodate many different
approaches.
 
> 
> Therein lies a major problem for CRI and indeed CR systems in general.
> To find a way around the issue, it might be worth thinking about
> the possible format of mailing list messages.

We have an archive of such a detailed discussion a few months ago




_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email