[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] You say tomato, I say authentication

To: asrg@ietf.org
Subject: RE: [Asrg] You say tomato, I say authentication
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Date: Wed, 12 Mar 2003 07:12:55 -0800
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

For the purposes of fighting spam the following configuration would be
sufficient:

1) Alice's client generates self signed cert
2) Alice's client uses DNS srv to discover XKMS service for email zone
3) Alice's client registers certificate with XKMS service

4) Alice sends email to Bob

5) Bob's client looks up policy of Alice's DNS zone, it is always
authenticate
	using S/MIME, no root key specified, XKMS service specified.
6) Bob checks that message is signed correctly
7) Bob retrieves Alice's self signed cert via XKMS locate


Obviously you get additional value from a trusted third party, particularly
if you want to use the certs for more than spam control.

However it is a heck of a lot better than what we have now security wise for
email which is in almost all cases diddly squat.

		Phill

> -----Original Message-----
> From: mike.pearson@ssc.govt.nz [mailto:mike.pearson@ssc.govt.nz]
> Sent: Tuesday, March 11, 2003 9:22 PM
> To: asrg@ietf.org
> Subject: [Asrg] You say tomato, I say authentication
> 
> 
> IMHO, people on this list have different ideas of 
> authentication and where
> to apply it.  Therefore a lot of messages are speaking at 
> cross purpose.
> 
> What I want from authentication, S/MIME, is to know 100% that an email
> address is the real email address of the sender.  NOT the 
> identity of the
> sender.
> 
> 
> - I can then drop any message which is not authenticated (you 
> have the right
> to message anonymously, but I should have the right to 
> decline to listen to
> you)
> 
> - I will allow any message from my friends / business 
> partners' mail domains
> straight through, and get on with my life
> 
> - I might allow messages from authenticated strangers in 
> trusted domains, to
> see what you have to say, but if you abuse it, 
> then I can choose to filter them, or their entire domain.
> 
> 
> As I said in my previous posting "[Asrg] Proven solution for 
> authenticating
> messages" - you don't need authentication software at the 
> client end, move
> it up to the ISP gateway and reduce the complexity of the 
> problem.  (In New
> Zealand, we don't have 1000's of ISPs, probably not even 100s).
> 
> 
> 
> Regards, Mike Pearson
> 
> Personal: The views expressed are not necessarily those of my 
> employer.
> 
> ph  +64 (4) 495-6769   mobile +64 (21) 631-731
> fax +64 (4) 495-6669 
> mailto:mike.pearson@ssc.govt.nz 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg
> 
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- [Asrg] Cert-based Spam Fighting (rant)
  - From: Justin B. Newman

Prev by Date: Re: [Asrg] Anyone find this funny?
Next by Date: [Asrg] Cert-based Spam Fighting (rant)
Previous by thread: Re: [Asrg] You say tomato, I say authentication
Next by thread: [Asrg] Cert-based Spam Fighting (rant)
Index(es):
- Date
- Thread