Re: [Asrg] C/R Framework

Yakov Shafranovich <research@solidmatrix.com> Thu, 15 May 2003 16:11 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA13899 for <asrg-archive@odin.ietf.org>; Thu, 15 May 2003 12:11:58 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4FFd3b12105 for asrg-archive@odin.ietf.org; Thu, 15 May 2003 11:39:03 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FFd3B12102 for <asrg-web-archive@optimus.ietf.org>; Thu, 15 May 2003 11:39:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA13885; Thu, 15 May 2003 12:11:28 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19GLMA-0000Ss-00; Thu, 15 May 2003 12:13:22 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19GLMA-0000Sp-00; Thu, 15 May 2003 12:13:22 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FFZ2B11040; Thu, 15 May 2003 11:35:02 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FFY8B10997 for <asrg@optimus.ietf.org>; Thu, 15 May 2003 11:34:08 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA13709 for <asrg@ietf.org>; Thu, 15 May 2003 12:06:33 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19GLHP-0000R1-00 for asrg@ietf.org; Thu, 15 May 2003 12:08:27 -0400
Received: from 000-253-545.area7.spcsdns.net ([68.27.230.54] helo=68.27.230.54 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19GLHO-0000Qx-00 for asrg@ietf.org; Thu, 15 May 2003 12:08:27 -0400
Message-Id: <5.2.0.9.2.20030515120658.00baf8e0@std5.imagineis.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
To: Jon Kyme <jrk@merseymail.com>
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: Re: [Asrg] C/R Framework
Cc: ASRG <asrg@ietf.org>
In-Reply-To: <E19GLEz-0007zB-00@argon.connect.org.uk>
References: <5.2.0.9.2.20030515115340.00bafae8@std5.imagineis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
X-GCMulti: 1
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 15 May 2003 12:08:18 -0400

At 05:05 PM 5/15/2003 +0100, Jon Kyme wrote:

> > problem too. As I mentioned before, perhaps we should not store plain
> > email
> > addresses - but some form of checksum or something. Even though that is
> > susceptible to dictionary attacks, the attacker must know what he is
> > looking for. This will at least protect against people snooping at
> > messages.
> >
>
>
>I don't think it's necc. to specify what steps an implementer needs to take
>to protect/hide the data - just an recommendation that they should take
>steps is probably enough. Maybe?

In order to different C/R systems to interoperate they must know whether a 
plain email address is used or a checksum - leaving this to implementors 
will kill interoperability. Perhaps this should be an optional feature of 
the protocol?

---------------------------------------------------------------------------------------------------
Yakov Shafranovich / <research@solidmatrix.com>
SolidMatrix Research, a division of SolidMatrix Technologies, Inc.
---------------------------------------------------------------------------------------------------
"One who watches the wind will never sow, and one who keeps his eyes on
the clouds will never reap" (Ecclesiastes 11:4)
---------------------------------------------------------------------------------------------------  

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg