Re: [Asrg] Accreditation Mechanism Proposal
"Mark E. Mallett" <mem@mv.mv.com> Thu, 18 March 2004 16:45 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA24180 for <asrg-archive@odin.ietf.org>; Thu, 18 Mar 2004 11:45:43 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B40dr-0003Ox-Le for asrg-archive@odin.ietf.org; Thu, 18 Mar 2004 11:45:16 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2IGjBdO013069 for asrg-archive@odin.ietf.org; Thu, 18 Mar 2004 11:45:11 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B40dr-0003Oi-GT for asrg-web-archive@optimus.ietf.org; Thu, 18 Mar 2004 11:45:11 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA24050 for <asrg-web-archive@ietf.org>; Thu, 18 Mar 2004 11:45:08 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B40dq-0002hm-00 for asrg-web-archive@ietf.org; Thu, 18 Mar 2004 11:45:10 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B40ct-0002a5-00 for asrg-web-archive@ietf.org; Thu, 18 Mar 2004 11:44:12 -0500
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1B40c1-0002SN-00 for asrg-web-archive@ietf.org; Thu, 18 Mar 2004 11:43:17 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B40bm-0002uz-ON; Thu, 18 Mar 2004 11:43:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B40Yo-0002Ox-64 for asrg@optimus.ietf.org; Thu, 18 Mar 2004 11:39:58 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA23613 for <asrg@ietf.org>; Thu, 18 Mar 2004 11:39:53 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B40Yl-0002Br-00 for asrg@ietf.org; Thu, 18 Mar 2004 11:39:55 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B40Xs-00024F-00 for asrg@ietf.org; Thu, 18 Mar 2004 11:39:01 -0500
Received: from mercury.mv.net ([199.125.85.40]) by ietf-mx with smtp (Exim 4.12) id 1B40Wl-0001xX-00 for asrg@ietf.org; Thu, 18 Mar 2004 11:37:51 -0500
Received: (qmail 4921 invoked from network); 18 Mar 2004 11:37:51 -0500
Received: from iridium.mv.net (HELO mv.mv.com) (199.125.85.17) by mercury.mv.net with SMTP; 18 Mar 2004 11:37:51 -0500
X-Peer-Info: remote-ip 199.125.85.17 local-ip 199.125.85.40 local-name mercury.mv.net
Received: (qmail 20545 invoked by uid 101); 18 Mar 2004 11:37:51 -0500
From: "Mark E. Mallett" <mem@mv.mv.com>
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc: asrg@ietf.org
Subject: Re: [Asrg] Accreditation Mechanism Proposal
Message-ID: <20040318163751.GB12873@iridium.mv.net>
References: <C6DDA43B91BFDA49AA2F1E473732113E0A19E4@mou1wnexm05.vcorp.ad.vrsn.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <C6DDA43B91BFDA49AA2F1E473732113E0A19E4@mou1wnexm05.vcorp.ad.vrsn.com>
User-Agent: Mutt/1.4.2.1i
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Thu, 18 Mar 2004 11:37:51 -0500
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
On Wed, Mar 17, 2004 at 07:23:32AM -0800, Hallam-Baker, Phillip wrote: > > Basically the scheme returns an A record in response to a lookup. So > in order for example.com to announce that it is accredited by the class3 > service of verisign the SPF or CallerID record would contain the tripple: > > "accreditation" "class3.verisign.com""DNS-A" > > I.e. this is an accreditation property, the accreditor service is at > class3.verisign.com, the protocol is a DNS A record lookup. > > Some folk inside VeriSign suggested that we use the convention that > an unlisted domain just returns domain does not exist. You mean when querying the accreditation service? How would this interact with Verisign's publishing of wildcard records (e.g. if the accreditation service goes out of business and its domain name is revoked)? This goal of indirect identification of accreditation services seems like a positive thing. Has there been any attempt to analyze the additional overhead? Also, as with SPF et al there is the question of feedback from the recipient: e.g. one might want to have the ability for the recipient to publish information about what that recipient requires of a sender. Some unified scheme might be useful, like: ( Sender domain must publish SPF OR DMP AND Sender must be accredited by any two of {abc, def, ghi, xyz} AND Sender IP must publish MTAMark) OR ( Sender must accept address verification probe ) but that's probably a whole nother effort. A couple of random remarks from a very cursory reading: > There is no difficulty in ensuring that accreditation providers are > accountable to email recipients. An accreditation authority that > provides incorrect accreditation will soon be ignored. Pretty bold assertion :-) It hasn't held true with some DNSBL services. Among other reasons is the wide variety of definitions of "incorrect," as well as extremely polar opinions about listing criteria, remedies, responsibility, et al. > 1.3 Practices Considerations > > As a trusted third party the actions of an Accreditation Authority > are raise numerous legal issues. syntax problem there. > 3.2 Sender Recipient A Record ... > > Bits 4-7 > These bits are reserved. Relying parties MUST ignore Red flag: better would be "these bits are reserved and must be set to zero." If you don't guarantee they are zero from the outset, it's hard to make sure you can use them in the future. > 3.3 Other Sender Recipient Records > > Additional information MAY be provided by means of other DNS > records, for example TXT or NAPTR records. Do you really anticipate using NAPTR? mm _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Accreditation Mechanism Proposal Hallam-Baker, Phillip
- [Asrg] CallerID and disposable addresses joe
- RE: [Asrg] Accreditation Mechanism Proposal Hallam-Baker, Phillip
- Re: [Asrg] Accreditation Mechanism Proposal Mark E. Mallett
- Re: [Asrg] Accreditation Mechanism Proposal Mark E. Mallett
- Re: [Asrg] Accreditation Mechanism Proposal Yakov Shafranovich
- RE: [Asrg] Accreditation Mechanism Proposal Hallam-Baker, Phillip
- Re: [Asrg] Accreditation Mechanism Proposal Seth Breidbart
- RE: [Asrg] Accreditation Mechanism Proposal Olson, Margaret
- RE: [Asrg] Accreditation Mechanism Proposal Hallam-Baker, Phillip
- Re: [Asrg] Accreditation Mechanism Proposal Yakov Shafranovich
- Re: [Asrg] Accreditation Mechanism Proposal Yakov Shafranovich