IETF Logo Mail Archive

Gaming email [was: AD Sponsorship of draft-moonesamy-recall-rev]

Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 20 April 2019 21:57 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACE38120142; Sat, 20 Apr 2019 14:57:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i46EWs8l01zN; Sat, 20 Apr 2019 14:57:40 -0700 (PDT)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02A5A120026; Sat, 20 Apr 2019 14:57:40 -0700 (PDT)
Received: by mail-pg1-x52d.google.com with SMTP id d31so4147654pgl.7; Sat, 20 Apr 2019 14:57:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=KXkGL+gGOea47h3PlXpRtDDx7mK5dqGvj0hk1ENLe98=; b=g0Kdw31OL0S5tuN7R9tZzMk2OvzT6+t5IxfeEPSmoRoBo4lI8SJPTh0D0rQPRu//EN u11MeYXUFLRJ5MOXKF/VPGpC4CznvMfUpihuxBbIi2Ybd2Q+cC/tDJrjISW7SXiGe0G2 voBFEfDYRBt4Z2aXe4JYxLIsAvtGbTQezGASBO5ovwTZE0KLQwFPCPmB3sHP1bdw59yu IVmHbB7bJDCCSl1BpK5sTvarh3K6731Ae+xY6GLh6T1S3J0hUkvmMf4SfM8HK/wY5SU7 ISn0cPdmJXu7Nvoarw1Ev5x98RbvOeqyUn1mR+NB9A6I3iDglH5S6BF2EWwT/s2YO4fT quKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=KXkGL+gGOea47h3PlXpRtDDx7mK5dqGvj0hk1ENLe98=; b=Wh1AsN5Yk92i2pUkjJs7Y4G12Sk7n+nBVy9MZrYXMegoI1EBFy5e+V3Iw60z4kkw4f KuYhamYArreDZ1AjcFYQYba0HvLZqlCuspD1cI7sETwyrlvQotQvwugVWtTAAnmbjKmx xnbeyOiwVaS8zjFvKPHFGxBvH9mvbdsNWTj0LpcpdLfRTwplivM/AiA7oz2bitUiTY2D j2m1+MDJpx0d8bBRO3U6BpQu0qC7o5jh/EPThdn25kUq1O2PwQ+M0iEk2WaMmAg2ru+1 bYY25zeGay7GlvbUg67DSBe3tyYP8TSVT9m1gGKnPPOGNWlQPT7uLLSQzQuyuIUfsPtc bw4g==
X-Gm-Message-State: APjAAAWDzy6atMdZyAAO5cPcW7ydc1bZnLRPmj2NqHGniJ1uyYhGvGXX S6YRhS9BepFnZHzAmjjqrP0+w6OV
X-Google-Smtp-Source: APXvYqzzn49DFkrWPBnCAkaUOZ8HdybGlY3L1velMUqMpsVTMyQiMrfI0AHGAdVAXbfJUSkYnOKruA==
X-Received: by 2002:a62:e90b:: with SMTP id j11mr11772296pfh.118.1555797459206; Sat, 20 Apr 2019 14:57:39 -0700 (PDT)
Received: from [192.168.178.30] ([118.148.72.205]) by smtp.gmail.com with ESMTPSA id o5sm23396003pfa.135.2019.04.20.14.57.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 20 Apr 2019 14:57:37 -0700 (PDT)
Subject: Gaming email [was: AD Sponsorship of draft-moonesamy-recall-rev]
To: John C Klensin <john-ietf@jck.com>, Alissa Cooper <alissa@cooperw.in>
Cc: Aaron Falk <aafalk@akamai.com>, ietf@ietf.org, S Moonesamy <sm+ietf@elandsys.com>, IESG <iesg@ietf.org>
References: <6.2.5.6.2.20190405085139.0d5c39b0@elandnews.com> <54510B49-175B-4CE6-9319-1F9A4803940E@cooperw.in> <033d01d4f52f$c6f2dca0$54d895e0$@olddog.co.uk> <BB40F115-46E8-4EF3-ABDE-15ABB33B4ACA@akamai.com> <C11980900F520E0EFCC83CEB@PSB> <A18C5417-F40B-4DC4-B6AB-BA0A592D15D3@cooperw.in> <A88B303ADC96DADCB138B3E7@PSB>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <06ec0161-2a28-a20f-cfd8-72234981d7a7@gmail.com>
Date: Sun, 21 Apr 2019 09:57:32 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <A88B303ADC96DADCB138B3E7@PSB>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/28MgF8Mw41uzjuijMMofdqjqhBA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Apr 2019 21:57:42 -0000

On 21-Apr-19 06:44, John C Klensin wrote:
> Alissa,
> 
> Just focusing on this one comment...
> 
> --On Thursday, April 18, 2019 12:50 -0400 Alissa Cooper
> <alissa@cooperw.in> wrote:
> 
>> ...
>> The proposal in this draft can also be trivially gamed by a
>> single or small handful of individuals creating a set of 10
>> email accounts, registering them to participate remotely, and
>> having them join remote sessions.

As others have pointed out, gaming the IETF by email is not
impossible, has been attempted, and could be attempted at any
time.

One thing we could discuss is whether subscription to any IETF
email list should require the subscriber to have a current tracker
account**. Since anybody can register for a tracker account, this
would not disenfranchise anybody. It would have two advantages, and
one obvious disadvantage:

+1: Ensures that there is only one place where a bogus subscriber
needs to be detected - i.e. the tracker.

+2: Would allow us to close the security loophole where mailman
sends passwords in the clear. (Details TBD, but it could certainly
be done.)

-1: Provides a single point of attack for the sock puppets.

** I can't remember whether remote participants require a tracker
account, but if they don't, they probably should.

Regards
    Brian

v2.23.0 | Report a Bug | By Email