IETF Logo Mail Archive

Re: [Asrg] C/R Interworking Framework

Yakov Shafranovich <research@solidmatrix.com> Tue, 10 June 2003 16:48 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA08756 for <asrg-archive@odin.ietf.org>; Tue, 10 Jun 2003 12:48:03 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5AGlbI07681 for asrg-archive@odin.ietf.org; Tue, 10 Jun 2003 12:47:37 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5AGlbB07677 for <asrg-web-archive@optimus.ietf.org>; Tue, 10 Jun 2003 12:47:37 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA08714; Tue, 10 Jun 2003 12:47:32 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19PmFX-0000RF-00; Tue, 10 Jun 2003 12:45:31 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19PmFX-0000RB-00; Tue, 10 Jun 2003 12:45:31 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5AGhHB07334; Tue, 10 Jun 2003 12:43:17 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5AGf2B07246 for <asrg@optimus.ietf.org>; Tue, 10 Jun 2003 12:41:02 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA08500 for <Asrg@ietf.org>; Tue, 10 Jun 2003 12:40:57 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Pm9A-0000N0-00 for Asrg@ietf.org; Tue, 10 Jun 2003 12:38:56 -0400
Received: from 000-231-282.area5.spcsdns.net ([68.27.142.143] helo=68.27.142.143 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19Pm97-0000Mw-00 for Asrg@ietf.org; Tue, 10 Jun 2003 12:38:55 -0400
Message-Id: <5.2.0.9.2.20030610124019.00bc4828@solidmatrix.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
To: Art Pollard <pollarda@lextek.com>, Asrg@ietf.org
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: Re: [Asrg] C/R Interworking Framework
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
X-GCMulti: 1
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 10 Jun 2003 12:40:20 -0400

At 04:21 PM 6/9/2003 -0600, Art Pollard wrote:
>[..]
>
>
>I think as has been mentioned previously in regards to CR systems in 
>general (and I don't remember if it was mentioned in the CRI case), that 
>what should happen is that the messages should be digitally signed by the 
>sender.  The CR system would filter based in the digital signature rather 
>than the FROM address.  Thus it would be quite possible for people to have 
>multiple clients with the same digital signature (one for each e-mail 
>address say) and they would only have to undergo the CR once -- even if 
>they switched ISPs.  Furthermore, it would virtually eliminate spoofing 
>since even if someone were able to obtain a previous copy of someone's 
>mail and a list of all their friends, they still would be unable to spoof 
>the digital signature.  When whitelisting occurred, it would whitelist a 
>particular person's signature rather than their e-mail address.

We discussed the possibility within the CRI framework. However, it is 
important to keep the CRI framework simple and things like 
digital  signatures and hashcash, would be implemented via an extension 
mechanism.

>I'm not sure if the CRI framework provides for this or not as I have a 
>hard time keeping up with things (just as many in this list apparently do).
>
>Is there a brief synopsis of the current state of the CRI framework so I 
>can refresh my memory on everything? (Which would be much better than 
>having to re-read all the CRI messages. ;-)

Hold on for Eric Dean's latest draft.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email