[Asrg] 6. Proposals - Challenge/response - CRI
Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk> Fri, 15 August 2003 15:45 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA01126 for <asrg-archive@odin.ietf.org>; Fri, 15 Aug 2003 11:45:57 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19nglf-0000qv-Pb for asrg-archive@odin.ietf.org; Fri, 15 Aug 2003 11:45:31 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7FFjVgd003272 for asrg-archive@odin.ietf.org; Fri, 15 Aug 2003 11:45:31 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19nglf-0000qh-Lc for asrg-web-archive@optimus.ietf.org; Fri, 15 Aug 2003 11:45:31 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA01077; Fri, 15 Aug 2003 11:45:26 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19ngle-0003K8-00; Fri, 15 Aug 2003 11:45:30 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19ngld-0003K5-00; Fri, 15 Aug 2003 11:45:29 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ngkD-0000WQ-9h; Fri, 15 Aug 2003 11:44:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ngjI-0000Vb-8z for asrg@optimus.ietf.org; Fri, 15 Aug 2003 11:43:04 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA00994 for <asrg@ietf.org>; Fri, 15 Aug 2003 11:42:59 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19ngjH-0003IH-00 for asrg@ietf.org; Fri, 15 Aug 2003 11:43:03 -0400
Received: from bill.lut.ac.uk ([158.125.1.193]) by ietf-mx with esmtp (Exim 4.12) id 19ngjG-0003IE-00 for asrg@ietf.org; Fri, 15 Aug 2003 11:43:02 -0400
Received: from [158.125.1.117] (helo=studentpop1.lboro.ac.uk ident=root) by bill.lut.ac.uk with esmtp (Exim 4.14) id 19ngjF-0005pY-S1 for asrg@ietf.org; Fri, 15 Aug 2003 16:43:01 +0100
Received: from [158.125.1.122] (helo=bod.lut.ac.uk) by studentpop1.lboro.ac.uk with esmtp (Exim 3.13 #1) id 19ngjF-00014r-00 for asrg@ietf.org; Fri, 15 Aug 2003 16:43:01 +0100
Received: from apache by bod.lut.ac.uk with local (Exim 4.12) id 19ngjF-0004ql-00 for asrg@ietf.org; Fri, 15 Aug 2003 16:43:01 +0100
To: asrg@ietf.org
Message-ID: <1060962181.3f3cff85becf4@student-webmail.lboro.ac.uk>
From: Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
User-Agent: IMP/PHP IMAP webmail program 2.2.8
X-Originating-IP: 194.196.110.14
X-Spam-Score: 0.4 (/)
X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *19ngjF-0005pY-S1*bdB9355.pEw*
X-Lboro-Filtered: bill.lut.ac.uk, Fri, 15 Aug 2003 16:43:02 +0100
Content-Transfer-Encoding: 8bit
Subject: [Asrg] 6. Proposals - Challenge/response - CRI
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Fri, 15 Aug 2003 16:43:01 +0100
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
In what follows, I'm referring to the CRI draft proposal as posted in: http://www1.ietf.org/mail-archive/working-groups/asrg/current/msg06731.html This is my initial reaction, I'm going to re-read in detail and provide some more detailed feedback later next week. The use of CRI MIME message headers described in section 1.3 looks interesting. This seems good because it's transparent to non-CRI MTAs which will just pass the message on, presumably leaving the issuing of a challenge to a later stage, e.g. use of a CRI-enabled MUA. Out of these headers, this one caught my eye: "CRI-Sender-Exempt: identifies that the sender desires to not receive a CRI message. i.e. mailing list" I'm glad you've included support for mailing lists. I'd like to know how you envisage this being used in practice. In section 4.2 you state that: "Mailing lists may include CRI-Sender-Exempt headers to indicate that challenge messages should not be posted to the mailing list..." What will be the content of such a header? Is it just a flag such as "CRI-Sender-Exempt: 1"? If so, what would stop a spammer from adding such headers to their messages? Is it true that a spammer who used such headers simply wouldn't be sent a challenge message? If so I guess they wouldn't have the opportunity to answer a challenge and thus get themselves permission to send to the receiver. So maybe it's not in their interests to try and use such a header. The need to rewrite mailing list software to generate such headers is potentially more of an issue. Supposing I decided to use CRI yet subscribed to some mailing lists which didn't generate such headers. How could I ensure such messages got through? My other "first reaction" to the proposal is that the SMTP idea is interesting although the use of a 4xx temporary failure code for a challenge will of course result in non-compliant sender MTAs retrying and repeatedly failing. Of course in the end they'll give up and then will the sender's original message bounce back? I'm interested here in the interoperability issues between MTAs which support CRI and those which don't. Some more discussion in that area would be helpful. As an aside, I'll be away for several days so I won't be checking e-mail for a while. But I'll leave everyone to debate the issues and will join in again when I return. Andrew _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- Re: [Asrg] 6. Proposals - Challenge/response - CRI John Fenley
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Deven T. Corzine
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean