RE: [Asrg] C/R Framework

Yakov Shafranovich <research@solidmatrix.com> Thu, 15 May 2003 16:04 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA13659 for <asrg-archive@odin.ietf.org>; Thu, 15 May 2003 12:04:47 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4FFVqS10839 for asrg-archive@odin.ietf.org; Thu, 15 May 2003 11:31:52 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FFVqB10836 for <asrg-web-archive@optimus.ietf.org>; Thu, 15 May 2003 11:31:52 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA13649; Thu, 15 May 2003 12:04:17 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19GLFD-0000Q1-00; Thu, 15 May 2003 12:06:11 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19GLFD-0000Py-00; Thu, 15 May 2003 12:06:11 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FFRkB10523; Thu, 15 May 2003 11:27:46 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FFPdB10323 for <asrg@optimus.ietf.org>; Thu, 15 May 2003 11:25:39 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA13282 for <asrg@ietf.org>; Thu, 15 May 2003 11:58:05 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19GL9D-0000Kh-00 for asrg@ietf.org; Thu, 15 May 2003 11:59:59 -0400
Received: from 000-253-545.area7.spcsdns.net ([68.27.230.54] helo=68.27.230.54 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19GL9A-0000KS-00 for asrg@ietf.org; Thu, 15 May 2003 11:59:57 -0400
Message-Id: <5.2.0.9.2.20030515115600.00bb8978@std5.imagineis.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
To: asrg@ietf.org
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: RE: [Asrg] C/R Framework
In-Reply-To: <MBEKIIAKLDHKMLNFJODBAEAGFDAA.eric@purespeed.com>
References: <E19GFWa-0006OG-00@argon.connect.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
X-GCMulti: 1
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 15 May 2003 12:00:47 -0400

At 09:30 AM 5/15/2003 -0400, you wrote:


> > Well, that's just a red rag to *some* bulls :-)
> >
> > I don't think that asserting that the same concerns apply to *other*
> > systems
> > adequately addresses concerns applying to *these* systems. Plus
> > also - it's
> > not strictly true, since the *necessarily* long life of this data in a C/R
> > system has implications.
>
>
>Yeah..that was just a placheolder...however, my thinking is that we should
>be addressing the protocol..not how some systems implement persistent data.
>For example, some systems may not use C/R to build whitelists.  Some may
>just challenge very message..it would be stupid..but they could.  Within
>client email software,, the C/R mechansim would have much less privacy
>concerns.  So, I'm trying to divorce myself from implementations but rather
>focus on seucrity implications of the protocol itself...could be wrong about
>that..but that was my thinking.

If you mandate the use of an MD5 checksum in the X-CM-Receipient field or 
some similar mechanism instead of a plain email address, this might reduce 
the problem. 

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg