Re: [Asrg] 6. Proposals - Challenge/response - CRI
david nicol <whatever@davidnicol.com> Wed, 20 August 2003 23:14 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA18230 for <asrg-archive@odin.ietf.org>; Wed, 20 Aug 2003 19:14:19 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pc9J-00030q-Bp for asrg-archive@odin.ietf.org; Wed, 20 Aug 2003 19:13:54 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7KNDrlr011580 for asrg-archive@odin.ietf.org; Wed, 20 Aug 2003 19:13:53 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pc9J-00030h-8G for asrg-web-archive@optimus.ietf.org; Wed, 20 Aug 2003 19:13:53 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA18209; Wed, 20 Aug 2003 19:13:48 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19pc9H-0001Yh-00; Wed, 20 Aug 2003 19:13:51 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19pc9H-0001Ye-00; Wed, 20 Aug 2003 19:13:51 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pc8R-0002t6-Vn; Wed, 20 Aug 2003 19:12:59 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19pc7k-0002p4-Tz for asrg@optimus.ietf.org; Wed, 20 Aug 2003 19:12:16 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA18151 for <asrg@ietf.org>; Wed, 20 Aug 2003 19:12:12 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19pc7j-0001Xm-00 for asrg@ietf.org; Wed, 20 Aug 2003 19:12:15 -0400
Received: from ms-smtp-02.rdc-kc.rr.com ([24.94.166.122]) by ietf-mx with esmtp (Exim 4.12) id 19pc7f-0001Xe-00 for asrg@ietf.org; Wed, 20 Aug 2003 19:12:11 -0400
Received: from CPE-65-28-13-30.kc.rr.com (CPE-65-28-13-30.kc.rr.com [65.28.13.30]) by ms-smtp-02.rdc-kc.rr.com (8.12.8p1/8.12.7) with ESMTP id h7KNBxsN014233; Wed, 20 Aug 2003 18:12:01 -0500 (CDT)
Subject: Re: [Asrg] 6. Proposals - Challenge/response - CRI
From: david nicol <whatever@davidnicol.com>
To: "Deven T. Corzine" <deven@ties.org>
Cc: Yakov Shafranovich <research@solidmatrix.com>, Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk>, asrg@ietf.org
In-Reply-To: <Pine.LNX.4.33.0308201326060.25117-100000@escher.ties.org>
References: <Pine.LNX.4.33.0308201326060.25117-100000@escher.ties.org>
Content-Type: text/plain
Message-Id: <1061420903.1185.4.camel@plaza.davidnicol.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.4
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Wed, 20 Aug 2003 18:11:59 -0500
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
On Wed, 2003-08-20 at 12:42, Deven T. Corzine wrote:
> > > > I think the only really significant semantic suggestion I'm making
> > > > is that a hash of the body of a message should be included to
> > > > prevent forgeries of level-two systems.
> >
> > That has been mentioned before and is a pretty good idea. It also
> > alleviates some privacy concerns since the originating MTA/MUA does not
> > have to store copies of messages, but can store MD5 hashes instead.
>
> Using a hash is an obvious thing to do, but it begs the question of exactly
> what you're hashing. You can't safely hash the entire message because the
> headers change on every hop, at least for Received: lines. Other headers
> might be mangled or normalized as well. You can ignore the header, but it
> would be good to validate parts of it. Even if you just hash the body, you
> have to be concerned about the message being mangled by intermediate MTAs.
I imagine one would hash all the MIME parts together. Or do whatever
GPG does with a MIME message. This but has been solved, there is only
to select an approach and approve it.
--
David Nicol / If at first you don't succeed, use a bigger hammer.
http://gallaghersmash.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- Re: [Asrg] 6. Proposals - Challenge/response - CRI John Fenley
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Deven T. Corzine
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean