Re: [Asrg] C/R Framework

"Jon Kyme" <jrk@merseymail.com> Thu, 15 May 2003 18:52 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA18429 for <asrg-archive@odin.ietf.org>; Thu, 15 May 2003 14:52:52 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4FIJwJ24331 for asrg-archive@odin.ietf.org; Thu, 15 May 2003 14:19:58 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FIJwB24328 for <asrg-web-archive@optimus.ietf.org>; Thu, 15 May 2003 14:19:58 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA18413; Thu, 15 May 2003 14:52:21 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19GNrq-0001VI-00; Thu, 15 May 2003 14:54:14 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19GNrq-0001VF-00; Thu, 15 May 2003 14:54:14 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FIFVB23997; Thu, 15 May 2003 14:15:31 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4FIEOB23948 for <asrg@optimus.ietf.org>; Thu, 15 May 2003 14:14:24 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA18281 for <asrg@ietf.org>; Thu, 15 May 2003 14:46:47 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19GNmT-0001SM-00 for asrg@ietf.org; Thu, 15 May 2003 14:48:41 -0400
Received: from argon.connect.org.uk ([193.110.243.33]) by ietf-mx with esmtp (Exim 4.12) id 19GNmS-0001SJ-00 for asrg@ietf.org; Thu, 15 May 2003 14:48:40 -0400
Received: from mmail by argon.connect.org.uk with local (connectmail/exim) id 19GNnY-0004fO-00; Thu, 15 May 2003 19:49:48 +0100
In-Reply-To: <5.2.0.9.2.20030515120658.00baf8e0@std5.imagineis.com>
Subject: Re: [Asrg] C/R Framework
To: Yakov Shafranovich <research@solidmatrix.com>
From: Jon Kyme <jrk@merseymail.com>
Cc: ASRG <asrg@ietf.org>
X-Mailer: [ConnectMail 3.5.4]
X-connectmail-Originating-IP: 158.152.118.31
Message-Id: <E19GNnY-0004fO-00@argon.connect.org.uk>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 15 May 2003 19:49:48 +0100

> At 05:05 PM 5/15/2003 +0100, Jon Kyme wrote:
> 
> 
> > > problem too. As I mentioned before, perhaps we should not store plain
> > > email
> > > addresses - but some form of checksum or something. Even though that
> is
> > > susceptible to dictionary attacks, the attacker must know what he is
> > > looking for. This will at least protect against people snooping at
> > > messages.
> > >
> >
> >
> >I don't think it's necc. to specify what steps an implementer needs to
> take
> >to protect/hide the data - just an recommendation that they should take
> >steps is probably enough. Maybe?
> 
> In order to different C/R systems to interoperate they must know whether
> a
> plain email address is used or a checksum - leaving this to implementors 
> will kill interoperability. Perhaps this should be an optional feature of
> the protocol?
> 

I think you'll find the point raised was regarding stored data.





--
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg