Re: [Asrg] request for review for a non FUSSP proposal

Douglas Otis <dotis@mail-abuse.org> Tue, 23 June 2009 17:37 UTC

Return-Path: <dotis@mail-abuse.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9693328C399 for <asrg@core3.amsl.com>; Tue, 23 Jun 2009 10:37:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.411
X-Spam-Level:
X-Spam-Status: No, score=-6.411 tagged_above=-999 required=5 tests=[AWL=0.188, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wiOAOrGHKEit for <asrg@core3.amsl.com>; Tue, 23 Jun 2009 10:37:52 -0700 (PDT)
Received: from harry.mail-abuse.org (harry.mail-abuse.org [168.61.5.27]) by core3.amsl.com (Postfix) with ESMTP id 91B3D28C349 for <asrg@irtf.org>; Tue, 23 Jun 2009 10:37:52 -0700 (PDT)
Received: from [IPv6:::1] (gateway1.sjc.mail-abuse.org [168.61.5.81]) by harry.mail-abuse.org (Postfix) with ESMTP id 77EBAA9443C for <asrg@irtf.org>; Tue, 23 Jun 2009 17:38:00 +0000 (UTC)
Message-Id: <AF3CC1CE-9FD2-4736-A54C-49D551F5300B@mail-abuse.org>
From: Douglas Otis <dotis@mail-abuse.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <4A4083B2.8060905@telmon.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Tue, 23 Jun 2009 10:38:00 -0700
References: <4A3DFC91.2090506@telmon.org> <4A3F9B2B.8020603@tana.it> <4A3FF3AF.9030401@telmon.org> <4A3FF7F1.1060705@nd.edu> <4A3FFB64.6030409@telmon.org> <5AB32FFA-A830-4BB6-BEFC-EBA58CC090E4@mail-abuse.org> <4A4083B2.8060905@telmon.org>
X-Mailer: Apple Mail (2.935.3)
Subject: Re: [Asrg] request for review for a non FUSSP proposal
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2009 17:37:53 -0000

On Jun 23, 2009, at 12:26 AM, Claudio Telmon wrote:
>
> This seems to mix Internet mail 2000 with the consent framework. You  
> suggest to put the token in the link, so that the receiver's  
> notification agent can perform the same selection as the receiver's  
> MTA in my proposal. While this would be possible, goals are  
> different and implementations seem to be independent. It should  
> work, from a technical perspective. However, Internet mail 2000  
> already has its own deployment issues, so mixing the two things  
> seems to increase the deployment difficulties, which are already high.

Your strategy requires servicing a method that does not depend upon  
"pass-tokens" as a means to obtain them.  The task of collecting  
source specific tokens represents a fair amount of administrative  
effort for both senders and recipients that is likely to be  
problematic.  Not good.

Spitting the email-address onto separate headers is problematic.  In  
addition, what one MTA might understand may not apply to the subsequent.

Review how one might use <local-part>"+"<tags> :
http://css.its.psu.edu/news/emailplus.html

Then imagine this acceptance criteria is combined valid DKIM  
respondent's messages.

As yet a better alternative, to thwart wasted and undesired exchanges,  
an exchange by reference offers an inherent means to authenticate  
sources without cryptography, and avoid undesired exchanges.

-Doug