IETF Logo Mail Archive

RE: [Asrg] C/R Interworking Framework

"Eric Dean" <eric@purespeed.com> Tue, 27 May 2003 14:18 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA13789 for <asrg-archive@odin.ietf.org>; Tue, 27 May 2003 10:18:42 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4REIE623062 for asrg-archive@odin.ietf.org; Tue, 27 May 2003 10:18:14 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4REIEB23059 for <asrg-web-archive@optimus.ietf.org>; Tue, 27 May 2003 10:18:14 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA13771; Tue, 27 May 2003 10:18:11 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19KfFm-0004ct-00; Tue, 27 May 2003 10:16:38 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19KfFm-0004cq-00; Tue, 27 May 2003 10:16:38 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4REGQB22937; Tue, 27 May 2003 10:16:26 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4REF8B22761 for <asrg@optimus.ietf.org>; Tue, 27 May 2003 10:15:08 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA13514 for <asrg@ietf.org>; Tue, 27 May 2003 10:15:05 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19KfCm-0004a9-00 for asrg@ietf.org; Tue, 27 May 2003 10:13:32 -0400
Received: from ns2.tidalwave.net ([66.77.68.8] helo=mailgate.purespeed.com) by ietf-mx with esmtp (Exim 4.12) id 19KfCl-0004Zh-00 for asrg@ietf.org; Tue, 27 May 2003 10:13:31 -0400
Received: from purespeed.com (mail.purespeed.com [66.77.69.8]) by mailgate.purespeed.com (Postfix Relay Hub) with ESMTP id 4B31F13AA2; Tue, 27 May 2003 10:17:45 -0400 (EDT)
Received: from HOMEY [68.100.19.195] by purespeed.com (SMTPD32-7.13) id A2A74F07008C; Tue, 27 May 2003 10:13:59 -0400
From: Eric Dean <eric@purespeed.com>
To: Yakov Shafranovich <research@solidmatrix.com>, asrg@ietf.org
Subject: RE: [Asrg] C/R Interworking Framework
Message-ID: <MBEKIIAKLDHKMLNFJODBIEDFFFAA.eric@purespeed.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
In-Reply-To: <5.2.0.9.2.20030525004309.00bc9e60@solidmatrix.com>
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 27 May 2003 10:16:40 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

>  >This document identifies MIME experimental content-type values for
> allowing automated C/R system interworking.
>  >[..]
>
> Aren't we using headers?

Headers seems to be an ambiguous term to me..maybe it's much clearer to
others.  I am not proposing the modification of SMTP to introduce new
headers.  The use of experimental MIME content values is just fine and
ensures comptibility with non-CRI systems as the are simply ignored..or
removed in some cases.

>
> Is there room in the specifications for the following:

There's room for anything that makes sense..and I like the term
specification better than proposed standard or draft since we are a research
group.

> 1. Tag or certification systems which will send their seal or certificate
> as a response.

So..if there is a third party CA...then we could validate the server.  Then
there are more headers introduced here..and it sounds as if you are moving
towards authenticated mail servers.  Not a bad idea..but don't believe it
has a place within CRI.  That's not to say that they couldn't be compatible
or run as ships in the night as an overlay security model..but don't think
they have a home in something as limited as CRI. I would recommend that you
write up your own thoughts on such a model using certificates.

> 2. Economic systems which will use the cryptographics or some
> other methods
> like hashcash to add costs to email.

Again, I see no conflict..but anyone can use any experimental MIME values. I
would also recommend that you write up your ideas here.

>
> What will stop a spammer from putting X-CM headers into the message

Well a spammer would have to engage in a 3-way handshake process using valid
domains, MX records, and sender address.  While some will in fact commit
such crimes, others may be detered.  Placing the headers in a message merely
allows a CRI system to respond.  It doesn't create an additional
vulnerabilities.

> and
> what happens in that case - is there message let through or the
> C/R system
> responds to it, thus validating the receiver's email?

CRI only automates what user's automatically do today.  A mail system would
have to maintain state of all outgoing email and then automatically respond
to CRI messages.  Sending unsolicitied CRI messages would have the same
effect of sendig an unsolicited TCP socket to a stateful firewall.


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email