Re: [Asrg] C/R Thoughts: Take 1

[Vernon Schryver <vjs@calcite.rhyolite.com>]

> From: "Jon Kyme" <jrk@merseymail.com>

> I wonder if there's a case for taking some position on the privacy issues
> involved in CR systems?
>
> Issues like this:
> http://www.toyz.org/SpamArrestSpams.html
>
> Summary: Alleges SpamArrest harvests sender addresses

I see privacy issues for challenge/response systems, but that's not
one.  Ths SpamArrest abuse is a potential problem in any system where
you let a third party with handle your mail.  It is a consideration
in any system where that involves asking a third party anything about
mail, including DNS blacklists.

I think the obvious challenge/response privacy leaks are:

  - more messages slopping around the net indicating that two people
   are conversing and probably something about the subject of their mail.
     A bad guy that cannot see the original mail might still be able 
     to see the challenge or the response.

  - inferences that can be made by sending one message to two addresses,
   one of which the bad guy knows will generate a challenge and one
   that won't.
     Depending on how the system works, the extra target address might
     affect how quickly or even whether the challenge is produced.

  - leaks from queues or whatever containing mail awaiting responses.

None seem major, but they ought to be mentioned.

I think any spam filtering RFC ought to have a section on privacy
like the required section on security.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg