Re: [dispatch] Proposal for scantxt; scanning opt-in/out, identification, verification, notification, and reporting
John R Levine <johnl@taugh.com> Sun, 04 December 2022 20:28 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F7E4C14F613 for <dispatch@ietfa.amsl.com>; Sun, 4 Dec 2022 12:28:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=W47t3yte; dkim=pass (2048-bit key) header.d=taugh.com header.b=CmSRqX2F
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YTXGaMaI9Tp for <dispatch@ietfa.amsl.com>; Sun, 4 Dec 2022 12:28:25 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAF76C14F607 for <dispatch@ietf.org>; Sun, 4 Dec 2022 12:28:25 -0800 (PST)
Received: (qmail 21309 invoked from network); 4 Dec 2022 20:28:22 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=533a.638d02e6.k2212; bh=kCiZNO6u5tFJ1QN3HehnmDMcp3GaCTAqZ49zYgSzrKs=; b=W47t3yte798vsE/XJoZANO0phFwghU1pMv7+oLyK1xy7cr4J5cpjZZr4JxU3B7c7C2g2IJ3c5COOkd5w4Xw22jWK2smulAuTTfa8FIdHdY+DirxJvDmAq0wdyHpRvHP3Y8Z8gxx10zO3FknMLpXjHHbBXGOzNv6UaNslmbh2KUp1i0I/f5uFkSdFwQWPd8VQPVs9TgA7VWYwFTy6JgsBaexWuM3hh4hZiVKpDIM1RVfUOucm9img/rC6QqxiG2JhT+hxJU6VVz8ciHqfqXV79qsH45u8KcFvF5s3GIM5WqJ+ImyhhRJEyTcwfEwPybqDOcR879z0WE++w6JxnOXfVQ==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=533a.638d02e6.k2212; bh=kCiZNO6u5tFJ1QN3HehnmDMcp3GaCTAqZ49zYgSzrKs=; b=CmSRqX2FVfUqBFcaikX2ycgrRBEfyr0b7swss6gQREKJMCV0zjNzCylOGWt0z0M3xAYgfLW4clYnGlc4Rzdkg/+mEjDkUr+IO3WET8qkZHVs9jvleL/EvjMetr0ho41ihqxzwUGhvNOMoPmmdLwB/K2IpI6HnfuAEAKb041EiM8NPMJc5N3tUntc8k2sGkcZ0KAiv9cEISvAJEbMXLi7LRxKzbzkE0sAGt4EY03Gln7uzoekYcT0VDD86oL9iV0bpddl4Y70NO/Molka5o2n5n+qd5+IzBJCM5tVXV54c3kUB2mnkGv2R+9cqgoWo/4gj5haPBrcluRGYQUVadJJpg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 04 Dec 2022 20:28:22 -0000
Received: by ary.qy (Postfix, from userid 501) id A03E6508BB20; Sun, 4 Dec 2022 15:28:21 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 1FF5F508BB02; Sun, 4 Dec 2022 15:28:21 -0500 (EST)
Date: Sun, 04 Dec 2022 15:28:21 -0500
Message-ID: <1d749900-4737-92a1-8205-2a13581e39c1@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Ollie IETF <ietf@olliejc.uk>
Cc: Dispatch WG <dispatch@ietf.org>
X-X-Sender: johnl@ary.qy
In-Reply-To: <7iqzN8LGbQYpGu51OESQZnHLQMGzpFHGiJgPTLySkLkHa5jw-wAVKyOnWrCoJchviAmNOAfQSZnyoGR3QTZDPFWV2wZQJQgaRaNz5Dd-qJw=@olliejc.uk>
References: <20221204051320.0FF0650855F1@ary.qy> <-Qj162OnP3i43R95dL09E0OpifUzGvXqwTWEE8n14tndS8OQ902nGVvUTizxttYYEdamlyG54XdgeJCyFfntI8UJnVPbPRTvJk3VL_PMgqU=@olliejc.uk> <059faafd-80b2-66c0-7d8d-0087220f92ab@taugh.com> <7iqzN8LGbQYpGu51OESQZnHLQMGzpFHGiJgPTLySkLkHa5jw-wAVKyOnWrCoJchviAmNOAfQSZnyoGR3QTZDPFWV2wZQJQgaRaNz5Dd-qJw=@olliejc.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/i5fTHzQAVQhgGo_8GcFWbkR34Go>
Subject: Re: [dispatch] Proposal for scantxt; scanning opt-in/out, identification, verification, notification, and reporting
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Dec 2022 20:28:30 -0000
> I consider allowing/identifying via IP to be quite dated, prone to spoofing and network attacks (BGP hijacking) and requires effort to maintain and make people aware of the source IPs (and I'd argue IPv6 adoption makes it harder). > Adding a token of some sort makes the source IP agnostic ... If you're going to do that, please explain how you plan to add a token to SMTP, FTP, Telnet, SSH, SMB, and the RPC that NFS uses, and persuade people to update their dusty servers to look for the token. If you're just scanning http and https, we have robots.txt for that. > That said, I do suggest a standard way to indirectly identify via IP: > Source IP -> PTR "_scanner.*" (where this also has the "scanner" TXT record) -> A/AAAA of Source IP Even with a static IP, getting PTR records installed is hard, getting PTR records that don't mirror A records is harder, and the amount of rDNS that is DNSSEC signed to make it spoof resistant rounds to zero. This continues to be very unrealistic. R's, John
- [dispatch] Proposal for scantxt; scanning opt-in/… Ollie IETF
- Re: [dispatch] Proposal for scantxt; scanning opt… John Levine
- Re: [dispatch] Proposal for scantxt; scanning opt… Stephen Farrell
- Re: [dispatch] Proposal for scantxt; scanning opt… John Levine
- Re: [dispatch] Proposal for scantxt; scanning opt… Ollie IETF
- Re: [dispatch] Proposal for scantxt; scanning opt… John R Levine
- Re: [dispatch] Proposal for scantxt; scanning opt… westhawk
- Re: [dispatch] Proposal for scantxt worley
- Re: [dispatch] Proposal for scantxt; scanning opt… Ollie IETF
- Re: [dispatch] Proposal for scantxt; scanning opt… Ollie IETF
- Re: [dispatch] Proposal for scantxt Ollie IETF
- Re: [dispatch] Proposal for scantxt; scanning opt… John R Levine
- Re: [dispatch] Proposal for scantxt; scanning opt… John R Levine
- Re: [dispatch] Proposal for scantxt worley