Re: [Asrg] C/R Thoughts: Take 1

"Eric S. Johansson" <esj@harvee.org> Wed, 14 May 2003 01:18 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA06102 for <asrg-archive@odin.ietf.org>; Tue, 13 May 2003 21:18:37 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4E0irK15093 for asrg-archive@odin.ietf.org; Tue, 13 May 2003 20:44:53 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4E0irB15090 for <asrg-web-archive@optimus.ietf.org>; Tue, 13 May 2003 20:44:53 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA06081; Tue, 13 May 2003 21:18:06 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Fkw6-0001LF-00; Tue, 13 May 2003 21:20:02 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Fkw6-0001LC-00; Tue, 13 May 2003 21:20:02 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4E0hMB15002; Tue, 13 May 2003 20:43:22 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4E0g3B14966 for <asrg@optimus.ietf.org>; Tue, 13 May 2003 20:42:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA06021 for <asrg@ietf.org>; Tue, 13 May 2003 21:15:15 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19FktL-0001KI-00 for asrg@ietf.org; Tue, 13 May 2003 21:17:11 -0400
Received: from dsl093-191-107.nyc2.dsl.speakeasy.net ([66.93.191.107] helo=harvee.billerica.ma.us) by ietf-mx with esmtp (Exim 4.12) id 19FktK-0001KF-00 for asrg@ietf.org; Tue, 13 May 2003 21:17:11 -0400
Received: from harvee.billerica.ma.us (harvee.billerica.ma.us [127.0.0.1]) by harvee.billerica.ma.us (8.12.8/8.12.5) with ESMTP id h4E1I6Yv019315; Tue, 13 May 2003 21:18:07 -0400
Received: FROM harvee.org ([192.168.0.10]) BY harvee.billerica.ma.us WITH ESMTP ; Tue, 13 May 2003 21:17:36 -0400
Message-ID: <3EC19906.7080600@harvee.org>
From: "Eric S. Johansson" <esj@harvee.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030507
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Eric Dean <eric@purespeed.com>
CC: Yakov Shafranovich <research@solidmatrix.com>, asrg@ietf.org
Subject: Re: [Asrg] C/R Thoughts: Take 1
References: <MBEKIIAKLDHKMLNFJODBIEKOFCAA.eric@purespeed.com>
In-Reply-To: <MBEKIIAKLDHKMLNFJODBIEKOFCAA.eric@purespeed.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Camram: stamp; 0:030514:eric@purespeed.com:27df2f970e7058d4
X-Camram: stamp; 0:030514:research@solidmatrix.com:19f36bbd4fca1a36
X-Camram: stamp; 0:030514:asrg@ietf.org:e7bad8e592645343
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 13 May 2003 21:16:54 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

Eric Dean wrote:

>>I personally think that the intent of the C/R systems is to make
>>sure that
>>the originating email is valid. Thus it would make sense to have an
>>automatic protocol for verification which can be utilized by
>>systems to do
>>so.
> 
> 
> Yes, if we could come up with a standard for C/R, then it would seem
> appropriate that a mail client would be able to auto-verify any challenge
> that came in response to a recipient that had been recently sent a message.
> I'll throw out a light framework within the next day or two that we can
> start insulting.  Requires coffee and post-midnight to truly think.

we went over this terrain in the camram project a couple of years ago.  Anytime 
you make a response something that can be auto responded to, you create a hole 
for spammers.  one thing I believe to be very important is a list of signatures 
for messages recently sent and the challenge should contain a matching signature 
for the message it is challenging.  That way, when the challenge is handled, the 
mail user agent can verify that the client really did send a message the 
challenge was returned for by matching signature and destination address.

This is part of protocol I'm using for handling postage due notices 
automatically within camram.  I'll elaborate more tomorrow if folks are interested.

---eric


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg