IETF Logo Mail Archive

Re: [Asrg] seeking comments on new RMX article

J C Lawrence <claw@kanga.nu> Sun, 04 May 2003 21:21 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA06837 for <asrg-archive@odin.ietf.org>; Sun, 4 May 2003 17:21:52 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h44LTXV00645 for asrg-archive@odin.ietf.org; Sun, 4 May 2003 17:29:33 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h44LTX800642 for <asrg-web-archive@optimus.ietf.org>; Sun, 4 May 2003 17:29:33 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA06833; Sun, 4 May 2003 17:21:21 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19CQx5-0002PD-00; Sun, 04 May 2003 17:23:19 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19CQwb-0002PA-00; Sun, 04 May 2003 17:22:49 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h44LQ4800590; Sun, 4 May 2003 17:26:04 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h44LPi800558 for <asrg@optimus.ietf.org>; Sun, 4 May 2003 17:25:44 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA06787 for <asrg@ietf.org>; Sun, 4 May 2003 17:17:33 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19CQtT-0002P1-00 for asrg@ietf.org; Sun, 04 May 2003 17:19:35 -0400
Received: from ocker.kanga.nu ([198.144.204.213] helo=dingo.home.kanga.nu) by ietf-mx with esmtp (Exim 4.12) id 19CQt8-0002Ov-00 for asrg@ietf.org; Sun, 04 May 2003 17:19:15 -0400
Received: from localhost ([127.0.0.1] helo=kanga.nu) by dingo.home.kanga.nu with esmtp (Exim 3.35 #1 (Debian)) id 19CQtI-0005mX-00; Sun, 04 May 2003 14:19:24 -0700
To: Mike Rubel <asrg@mikerubel.org>
cc: Alan DeKok <aland@freeradius.org>, asrg@ietf.org
Subject: Re: [Asrg] seeking comments on new RMX article
In-Reply-To: Message from Mike Rubel <asrg@mikerubel.org> of "Sun, 04 May 2003 13:27:23 PDT." <Pine.LNX.4.44.0305041304150.8096-100000@tamale.caltech.edu>
References: <Pine.LNX.4.44.0305041304150.8096-100000@tamale.caltech.edu>
X-face: ?<YUs-cNP1\Oc-H>^_yw@fA`CEX&}--=*&XqXbF-oePvxaT4(kyt\nwM9]{]N!>b^K}-Mb9 YH%saz^>nq5usBlD"s{(.h'_w|U^3ldUq7wVZz$`u>MB(-4$f\a6Eu8.e=Pf\
X-image-url: http://www.kanga.nu/~claw/kanga.face.tiff
X-url: http://www.kanga.nu/~claw/
Message-ID: <22228.1052083164@kanga.nu>
From: J C Lawrence <claw@kanga.nu>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sun, 04 May 2003 14:19:24 -0700

On Sun, 4 May 2003 13:27:23 -0700 (PDT) 
Mike Rubel <asrg@mikerubel.org> wrote:

> I'm in exactly the same boat here--multiple accounts on different
> machines without outbound smarthosts.

I'm in a slightly different position to that: multiple accounts on the
same machine.  Umm, actually its slightly worse than that thru
repetition.

> This is not an insurmountable problem, though.  When the administrator
> of a system decides to implement RMX records, he will need to provide
> SMTP-AUTH or VPN or even a port-25 ssh tunnel.  Many (most?) sites
> already do something like this, but it's only fair to factor it into
> the work involved in implementing the RMX approach.  I have added a
> note to that effect at the bottom of the page:

An additional cost there is MTA configuration, a non-trivial problem.
Consider the case of someone with multiple accounts etc, using a
non-SMTP based MUA, an MUA which uses localhost SMTP only, or even more
simply, an MUA which doesn't support multiple configurations for
outbound smarthost.  In any/all of those cases support is required from
the localhost MTA -- which in the general case can be assumed to not be
available.

> Even with this cost factored in, however, I still believe that the RMX
> solution is far better (smaller effort required to implement and fewer
> things broken) than any other solution I have seen to the email
> forgery problem.

I've a fondness for forward signed Received: headers, but that attacks a
different aspect of the forgery problem.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw@kanga.nu               He lived as a devil, eh?		  
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email