IETF Logo Mail Archive

RE: [Asrg] C/R Interworking Framework

Art Pollard <pollarda@lextek.com> Mon, 16 June 2003 01:51 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA16668 for <asrg-archive@odin.ietf.org>; Sun, 15 Jun 2003 21:51:57 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5G1pTX10847 for asrg-archive@odin.ietf.org; Sun, 15 Jun 2003 21:51:29 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5G1pTm10843 for <asrg-web-archive@optimus.ietf.org>; Sun, 15 Jun 2003 21:51:29 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA16663; Sun, 15 Jun 2003 21:51:26 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Rj7R-0006Ro-00; Sun, 15 Jun 2003 21:49:13 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Rj7R-0006Rl-00; Sun, 15 Jun 2003 21:49:13 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5FMt1a32610; Sun, 15 Jun 2003 18:55:01 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5FMsGm32591 for <asrg@optimus.ietf.org>; Sun, 15 Jun 2003 18:54:16 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA13755 for <Asrg@ietf.org>; Sun, 15 Jun 2003 18:54:11 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19RgLv-0005l5-00 for Asrg@ietf.org; Sun, 15 Jun 2003 18:51:59 -0400
Received: from sccrmhc12.attbi.com ([204.127.202.56]) by ietf-mx with esmtp (Exim 4.12) id 19RgLv-0005kw-00 for Asrg@ietf.org; Sun, 15 Jun 2003 18:51:59 -0400
Received: from art.lextek.com (12-254-130-29.client.attbi.com[12.254.130.29](untrusted sender)) by attbi.com (sccrmhc12) with SMTP id <200306152253390120098hnge>; Sun, 15 Jun 2003 22:53:39 +0000
Message-Id: <5.1.0.14.2.20030615164753.05733610@mail.1s.com>
X-Sender: PollardA@mail.1s.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
To: "Eric D. Williams" <eric@infobro.com>, Asrg@ietf.org
From: Art Pollard <pollarda@lextek.com>
Subject: RE: [Asrg] C/R Interworking Framework
In-Reply-To: <01C332CB.3F7862F0.eric@infobro.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sun, 15 Jun 2003 16:55:31 -0600

At 11:18 PM 6/14/2003 -0400, you wrote:
>On Monday, June 09, 2003 6:21 PM, Art Pollard [SMTP:pollarda@lextek.com] 
>wrote:
>8<...>8
> > ... The CR system would filter based in the digital signature rather
> > than the FROM address.
>
>A signature that signs what? or do you mean a 'hash' produced using a 
>'senders'  private key?

A digital signature uses a public / private key pair and a hash (typically 
SHA).  Given the public key then the signature and message could be 
verified.  The message would be signed with the private key as it went 
out.  The message's header would contain:

1) The digital signature (generated by the public/private key pair and the 
message)
2) The public key.

The whitelisting would occur based not on the e-mail address but on the 
public key.  Thus when a new message comes in, the public key would be 
looked up in the whitelist to see if it is already there.  If it is there, 
the message can be checked with the public key and the signature to ensure 
that the proper public / private key pair actually was used to sign the 
message and that the message has not been altered.

By whitelisting on the public key and not the e-mail address / 
username/etc. the user can move between machines and accounts without new 
challenges as long as they use the same public/private key pair to sign 
their messages.

> > Thus it would be quite possible for people to have
> > multiple clients with the same digital signature (one for each e-mail
> > address say) and they would only have to undergo the CR once -- even if
> > they switched ISPs.
>
>Same private key?

Yep.


>8<...>8
> > ...When whitelisting occurred, it would whitelist a
> > particular person's signature rather than their e-mail address.
>
>Caching of the public key?

Yep. The public key would be cached and would be used in the whitelisting 
process.

-Art

-- 
Art Pollard
http://www.lextek.com/
Suppliers of High Performance Text Retrieval Engines.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email