IETF Logo Mail Archive

RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]

"Chris" <asrg@rebel.com.au> Thu, 20 May 2004 08:33 UTC

Received: from optimus.ietf.org (iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA05126 for <asrg-archive@odin.ietf.org>; Thu, 20 May 2004 04:33:48 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQixm-0001t0-Ge for asrg-archive@odin.ietf.org; Thu, 20 May 2004 04:31:38 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4K8VclA007251 for asrg-archive@odin.ietf.org; Thu, 20 May 2004 04:31:38 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQito-0001HY-Se for asrg-web-archive@optimus.ietf.org; Thu, 20 May 2004 04:27:32 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA04848 for <asrg-web-archive@ietf.org>; Thu, 20 May 2004 04:27:30 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQitm-00053f-1w for asrg-web-archive@ietf.org; Thu, 20 May 2004 04:27:30 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQisq-0004tr-00 for asrg-web-archive@ietf.org; Thu, 20 May 2004 04:26:33 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BQisV-0004jy-00 for asrg-web-archive@ietf.org; Thu, 20 May 2004 04:26:11 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQijg-0007pt-SD; Thu, 20 May 2004 04:17:04 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQij9-0007aJ-GV for asrg@optimus.ietf.org; Thu, 20 May 2004 04:16:31 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA04498 for <asrg@ietf.org>; Thu, 20 May 2004 04:16:28 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQij6-0003C2-KW for asrg@ietf.org; Thu, 20 May 2004 04:16:28 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQiiA-00031l-00 for asrg@ietf.org; Thu, 20 May 2004 04:15:31 -0400
Received: from mail3.sa.chariot.net.au ([203.87.94.14]) by ietf-mx with esmtp (Exim 4.12) id 1BQihN-0002hg-00 for asrg@ietf.org; Thu, 20 May 2004 04:14:41 -0400
Received: from mail.chariot.net.au (mail.chariot.net.au [203.87.95.38]) by mail3.sa.chariot.net.au (Postfix) with ESMTP id BE124A4062; Thu, 20 May 2004 17:44:11 +0930 (CST)
Received: from rebel (ppp136-119.lns1.adl2.internode.on.net [150.101.136.119]) by mail.chariot.net.au (Postfix) with SMTP id B5F775F71D; Thu, 20 May 2004 17:44:10 +0930 (CST)
From: Chris <asrg@rebel.com.au>
To: William Leibzon <william@completewhois.com>, ASRG <asrg@ietf.org>
Subject: RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
Message-ID: <GPEMJLCHICHEGPOKJHHDIEMGHPAA.asrg@rebel.com.au>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
In-Reply-To: <Pine.LNX.4.44.0405191138550.29979-100000@cwhois1.completewhois.com>
Importance: Normal
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Thu, 20 May 2004 17:43:42 +0930
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

>
> Big problem I have with it is that yahoo domain keys breaks with email
> forwarders, mail lists and roaming users

I don't understand why you say this.

Roaming users still have to log into an ISP somewhere to send their email.
if The ISP is prepared to let them access the mail system the ISP becomes
responsible for what they do. So they should at the very least validate
them.

Mail forwarders can sign the mail. they must accept responsibilty for the
forwarding as above.

Mailing lists must also be held accountable for what they send. they are
simply another 'injection point' and can validate the sender before
inserting it into the list.

> email content must be changed in process
> of tranmission

Why 'must' content be changed?

headers need to be added and those should be signed off as well as the
previous mta's signature. granted this additional signing increases the load
especially for the MTR, but if Spam is reduced then the initial load would
be reduced anyway.

If content MUST be changed then the authority changing the content becomes
the owner. and therefore responsible for the 'new' email.

Regards
Chris



> -----Original Message-----
> From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org]On Behalf Of
> William Leibzon
> Sent: Thursday, 20 May 2004 4:17 AM
> To: ASRG
> Subject: Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for
> DomainKeys]
>
>
> And frankly, I'm less then satisfied after so many promises and lots of
> wait for it. Its long document (which I ready fully) that primarily just
> pounds on rather old idea of entering public key in dns and using private
> key to add signed header to email, this idea had been around for at least
> 4 years (possibly more) and I thought they found ways around above listed
> and other similar problems when email content must be changed in process
> of tranmission by intermediate server, but unfortunetly they did not. Nor
> do they address entering keys too well, again we're back to reusing TXT
> (where as what we need is standard for entering public keys in DNS and
> this is needed not only for email but for several others things and in
> general would come usefull, there have been drafts about this actually).
>
> On Tue, 18 May 2004, Yakov Shafranovich wrote:
>
> >  From MARID list.
> >
> > -------- Original Message --------
> > Subject: Yahoo! Mail Publishes Specification for DomainKeys
> > Date: Tue, 18 May 2004 10:46:32 -0400
> > From: Larry Seltzer <larry@larryseltzer.com>
> > To: 'IETF MARID WG' <ietf-mxcomp@imc.org>
> >
> >
> > (see http://antispam.yahoo.com/domainkeys in particular)
> >
> > LJS
> >
> > Yahoo! Mail Publishes Specification for DomainKeys
> >
> > E-mail Authentication Solution Filed with IETF;
> >
> > Alpha Version of Open Source Code Available
> >
> > WHAT:
> >
> > On Tuesday, May 18, Yahoo! announces the publication of its
> > specification on DomainKeys,
> > a cryptographic e-mail authentication solution to help fight spam.
> >
> > DomainKeys: In order to attack spam at its roots, a powerful
> solution is
> > needed that can
> > verify the identity of the e-mail sender and put an end to spoofing and
> > forgery.
> > DomainKeys help fight spam by providing strong assurance of both the
> > sender's identity
> > and the integrity of the e-mail content through the use of
> > public/private key
> > cryptography.
> >
> > On Monday, May 17, the company filed the spec as an Internet-draft with
> > the IETF
> > (Internet Engineering Task Force) standards body to begin the
> > standardization process.
> >
> > Additionally, Yahoo! is currently developing a reference implementation
> > for DomainKeys
> > that can be plugged into Message Transfer Agents (MTAs), such as qmail.
> > An alpha version
> > of this software will be released under a royalty free license at
> > SourceForge.net.
> >
> > WHERE:
> >
> > The specification, license terms and FAQs are posted on Yahoo!'s
> > Anti-Spam Resource
> > Center:  http://antispam.yahoo.com
> > The alpha version of the software will be hosted at SourceForge.net at:
> > http://sourceforge.net/index.php
> >
> > --
> > Yakov Shafranovich / asrg <at> shaftek.org
> > SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
> > "There is nothing new under the sun" (Eccls. 1:9)
> >
> > _______________________________________________
> > Asrg mailing list
> > Asrg@ietf.org
> > https://www1.ietf.org/mailman/listinfo/asrg
> >
>
>
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email