IETF Logo Mail Archive

Re: [Asrg] seeking comments on new RMX article

J C Lawrence <claw@kanga.nu> Wed, 07 May 2003 18:09 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10712 for <asrg-archive@odin.ietf.org>; Wed, 7 May 2003 14:09:35 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h47IIee08677 for asrg-archive@odin.ietf.org; Wed, 7 May 2003 14:18:40 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47IIe808674 for <asrg-web-archive@optimus.ietf.org>; Wed, 7 May 2003 14:18:40 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10697; Wed, 7 May 2003 14:09:04 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DTNk-0003SP-00; Wed, 07 May 2003 14:11:08 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19DTNk-0003SM-00; Wed, 07 May 2003 14:11:08 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47IG5808433; Wed, 7 May 2003 14:16:05 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47IDT808235 for <asrg@optimus.ietf.org>; Wed, 7 May 2003 14:13:29 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10470 for <asrg@ietf.org>; Wed, 7 May 2003 14:03:54 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DTIk-0003OO-00 for asrg@ietf.org; Wed, 07 May 2003 14:05:58 -0400
Received: from ocker.kanga.nu ([198.144.204.213] helo=dingo.home.kanga.nu) by ietf-mx with esmtp (Exim 4.12) id 19DTIj-0003OJ-00 for asrg@ietf.org; Wed, 07 May 2003 14:05:57 -0400
Received: from localhost ([127.0.0.1] helo=kanga.nu) by dingo.home.kanga.nu with esmtp (Exim 3.35 #1 (Debian)) id 19DTJX-0002Un-00; Wed, 07 May 2003 11:06:47 -0700
To: Alan DeKok <aland@freeradius.org>
cc: asrg@ietf.org
Subject: Re: [Asrg] seeking comments on new RMX article
In-Reply-To: Message from "Alan DeKok" <aland@freeradius.org> of "Wed, 07 May 2003 09:08:10 EDT." <E19DOeY-0007Rt-00@mail.nitros9.org>
References: <E19DOeY-0007Rt-00@mail.nitros9.org>
X-face: ?<YUs-cNP1\Oc-H>^_yw@fA`CEX&}--=*&XqXbF-oePvxaT4(kyt\nwM9]{]N!>b^K}-Mb9 YH%saz^>nq5usBlD"s{(.h'_w|U^3ldUq7wVZz$`u>MB(-4$f\a6Eu8.e=Pf\
X-image-url: http://www.kanga.nu/~claw/kanga.face.tiff
X-url: http://www.kanga.nu/~claw/
Message-ID: <9596.1052330807@kanga.nu>
From: J C Lawrence <claw@kanga.nu>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 07 May 2003 11:06:47 -0700

On Wed, 07 May 2003 09:08:10 -0400 
Alan DeKok <aland@freeradius.org> wrote:
> J C Lawrence <claw@kanga.nu> wrote:

>>> Each domain configures its own RMX records, on its own name servers,
>>> to authenticate its own outgoing mail.

>> Right, with the implicit assumption that each domain validly controls
>> all mail sent in its name, or has reasonable control and expectation
>> that it can or even should be able to control all mail sent in its
>> name.  I find those assumptions to be unsupportable and destructive.

>   Nonsense.  It's not about control, it's about consent.

Consent structures, when enforced centrally, which is what RMX is
proposing, are control structures.

> When you receive a message with an envelope 'from' in a domain, has
> that domain consented to the use of it's name?  Right now, we don't
> know.  With something like RMX, the owners of that domain can make
> their consent explicit.

> Your objections appear to be based on the idea that establishing
> consent is a bad thing.  

No, I consider requiring explicit published consent between the DNS
masters and a sending node to be a bad thing.

Consider a corollary (which has other, different, critical flaws
compared to RMX):

  Let's say that a domain published a public key via DNS.

  Further, let's say that every node had a copy of the private key
  matching that public key.

  Next have all sent mail contain a digital signature of the Date:,
  Message-ID, and Subject: headers using that key.

  Every receiving MTA can trivially verify that there was consent on the
  part of the parent domain for each message.  You get the self-same
  identical benefits of RMX, but you remove the central point of control
  and authority.  

The problem of course is that theft of the private key now becomes easy
and relatively certain.  Howeve the massive gain is that control is no
longer centralised.

> Further, you appear to be claiming that a domain does NOT control the
> use of it's name (i.e. mail sent in it's name), and that there's no
> reason why it should.

Almost.  Currently domains don't control the use of their names, and
while there are many good reasons they may wish to, there are equally
good reasons to a) not build a top-down enforcement model of that
control, and b) not make the expression of that control require
reconfiguration of a publicly deployed system (something which no few
SysAdm are going to be willing to do rapidly or for on-offs).

> Stated that way, your objections appear ..., well, surprising.

Thank you.

>>> There is no new central authority.
 
>> Sure there is, you're naming the holders of the DNS keys as the
>> central authority for the domain.  Not good.

> So the people controlling DNS for a domain are NOT, in fact,
> authorized to make any statements about the domain.  

Sure they are, they just currently can't explicitly control the
behaviour of edge nodes.  Under RMX they are granted a very large fat
club to dictate and control the behaviour of edge nodes.  

> They're not authorized to set up RMX records, and most likely also not
> authorized to set up existing MX records.  If that's true, why the
> heck are they controlling DNS?

Anybody can make statements.  That's easy.  The problem is that RMX
encodes those statements in a machine processable form that can and will
be used mechanically for mail filtering.  Should RMX gain any traction
it is safe to assume that in fairly short order mail from
non-RMX-bearing nodes will be bounced/dropped, and thus RMX records will
become a de facto requirement for sending mail.  That spells central
control and authority over how mail is processed within a domain.  No
thanks.  Even outside of the privacy concerns, I've no wish to build
systems which not only define, but mandate dictators on an Internet-wide
scale.

> Is this really your position?  The people controlling MX records do
> not have authority to add RMX records?

I don't give a rats for RMX records.  People can add them now.  I cal
also create DNS entries saying bad things about your or Bill Gate's
parentage.  Big whoop.  I care about what RMX records imply and how they
will, necessarily, be used.

>> DNS, as a system, is external to the edge nodes that generate mail.

> The proponents of RMX have specifically and repeatedly addressed the
> interactions of "edge nodes that generate mail" with RMX, and thus
> DNS.  

Yes, they have repeatedly addressed it by saying that either the DNS
master will have to be a nice guy and update his records appropriately
(frequently for a domain he has no interested in for the mobile case),
or that other technologies ala VPNs  will have to be used to ensure mail
is smarthosted thru an RMX node.

I don't consider either an acceptable address.  You do.  We differ.

> Please go back and read those statements before repeating objections
> which have already been addressed.

Already done.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw@kanga.nu               He lived as a devil, eh?		  
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email