IETF Logo Mail Archive

Re: [Asrg] seeking comments on new RMX article

Hadmut Danisch <hadmut@danisch.de> Mon, 05 May 2003 20:27 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA14964 for <asrg-archive@odin.ietf.org>; Mon, 5 May 2003 16:27:16 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h45KZPn32081 for asrg-archive@odin.ietf.org; Mon, 5 May 2003 16:35:25 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h45KZA832041 for <asrg-web-archive@optimus.ietf.org>; Mon, 5 May 2003 16:35:10 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA14742; Mon, 5 May 2003 16:26:31 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19CmZg-0000aQ-00; Mon, 05 May 2003 16:28:36 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19CmLR-0000OO-00; Mon, 05 May 2003 16:13:53 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h45KGD831394; Mon, 5 May 2003 16:16:13 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h45JuE829773 for <asrg@optimus.ietf.org>; Mon, 5 May 2003 15:56:14 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA13893 for <asrg@ietf.org>; Mon, 5 May 2003 15:47:36 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Cly1-0000Ch-00 for asrg@ietf.org; Mon, 05 May 2003 15:49:41 -0400
Received: from sklave3.rackland.de ([213.133.101.23]) by ietf-mx with esmtp (Exim 4.12) id 19Clxw-0000Cc-00 for asrg@ietf.org; Mon, 05 May 2003 15:49:36 -0400
Received: from sodom (uucp@localhost) by sklave3.rackland.de (8.12.9/8.12.9/Debian-1) with BSMTP id h45Jo7lW001007; Mon, 5 May 2003 21:50:07 +0200
Received: (from hadmut@localhost) by sodom.home.danisch.de (8.12.9/8.12.9/Debian-1) id h45JnH5m014590; Mon, 5 May 2003 21:49:17 +0200
From: Hadmut Danisch <hadmut@danisch.de>
To: Dave Crocker <dhc@dcrocker.net>
Cc: Alan DeKok <aland@freeradius.org>, asrg@ietf.org
Subject: Re: [Asrg] seeking comments on new RMX article
Message-ID: <20030505194917.GA14395@danisch.de>
References: <E19CiOf-0006dc-00@mail.nitros9.org> <101914858506.20030505112516@brandenburg.com> <20030505185145.GA13244@danisch.de> <72917913720.20030505121611@brandenburg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <72917913720.20030505121611@brandenburg.com>
User-Agent: Mutt/1.4i
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 05 May 2003 21:49:17 +0200

Dave,

On Mon, May 05, 2003 at 12:16:11PM -0700, Dave Crocker wrote:
> 
> what does it mean to hold them responsible, when there are no global
> rules to which a sender is held?

It means: 

- to hold them responsible by the rules and laws of the country 
  the Spam comes from. Most Spam originates from the US. Many
  countries have or develop laws against Spam.

- if the message comes from a country without rules, to 
  identify the country where the domain resides and to give 
  you that information to base your decision on

- to allow blacklisting domains or responsible persons mentioned
  in the whois entry




> However, it DOES mean that it is dangerous to claim that authentication
> will be used as a basic technique, unless there is some reason to
> believe that the technique will be successful now, in spite of not being
> successful for 10 years.

That's nonsense. RMX is a completely different kind of authentication.
It doesn't require any special software or configuration on the MUA
side, and it doesn't require per person key generation. 

The main reason is, that PGP and S/MIME didn't have any real
purpose for the masses, it was a complicated game which became
boring. They take a severe overhead of user interaction for every
single mail.

RMX solves a real problem people have 10-20 times a day. PGP and
S/MIME never did so. RMX doesn't require user interaction (once it is
installed).



> the reference was to authenticated senders.  pgp and s/mime authenticate
> senders.  rmx does not.

Exactly. That's what RMX is designed for. RMX is designed to not
handle user details, that's to be left in the domains private
business. RMX covers the domain part only to keep it smart and simple 
and to avoid work for every single user. It's expense is O(1). 
To be precise in security science, RMX is not even an authentication.
Actually, the authentication is done by TCP/IP, where TCP traffic
allows to sufficiently ensure that the peer IP address is reliable. 
A higher level of security is not reasonable since mail delivery by
SMTP also is limited to the TCP/IP address check. So the sending
MTAs "name" is the IP address and the "authentication mechanism" is 
TCP/IP. (I know, this is not a real good one, but it is sufficient for
this purpose.) RMX is the method to distribute the authorization
information through DNS. It tells you which IP addresses are
authorized to use the given domain as part of the sender address. 
That's it. No sender authentication. Being cheap, simple, and robust
is the design goal. Not 2048-bit-security that nobody uses.

Hadmut

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email