[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] Crypto-based alternative to RMX

To: "Michael Rubel" <asrg@mikerubel.org>
Subject: RE: [Asrg] Crypto-based alternative to RMX
From: "Tom Thomson" <tthomson@neosinteractive.com>
Date: Wed, 14 May 2003 11:21:36 +0100
Cc: "J C Lawrence" <claw@kanga.nu>, <asrg@ietf.org>
Importance: Normal
In-reply-to: <Pine.LNX.4.44.0305131111530.10762-100000@entropy.galcit.caltech.edu>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

> Just to clarify, RMX-like proposals give a sending domain the ability to
> act as dictator if its owner wishes, but do not mandate that it act as
> dictator.  The domain owner may choose not to filter outgoing content.
> (Indeed, if RMX were available to me, I would definitely not
> content-filter outgoing messages from other users at my domain, except in
> the context of virus defense--in which case it would be an optional
> feature).  This decision would fall under the scope of a privacy policy.

One part of the problem is that it determines not who can send mail but
where mail can be sent from. So you could decide not to authorising sending
from domains without outgoing political correctness filters, not to
authorise sending throgh domains that didn't agree to secretly send a copy
to you, and so on.  It's not just a privacy policy but also a freedom of
speech policy that's needed here.

> Your crypto-based alternative also allows the domain owner to act as
> dictator if he/she wishes, by withholding the signing key.  There are
> security advantages to going this way, even if there is no intent to
> filter, since it prevents the key leakage.
>
> So would you say that the principal advantage of the crypto approach is
> that it prevents the domain from acting as dictator while plausibly
> denying same?

Well, the idea is to give users the keys, which means there will be leakage
and you have to change them often.  If you don't give users the keys you
force them into your outgoing relays and that's as bad as RMX. So this
proposal doesn't work if you want to be really secure.

> If so, do you believe this advantage is worth the additional
> implementation cost?

Yes, the advantage of giving people a token rather than saying which
transmitters they can use are worth the hassle.

> Please bear in mind that a user may choose any domain on the Internet
> willing to offer mail service, and may even operate his/her own domain.
> This seems vastly less restrictive than the current situation, wherein the
> user would be left with few options if his/her ISP started filtering
> outgoing mail (intercept outbound port 25).  The ISP also has an incentive
> to do so--to avoid being blacklisted!

It gets to be quite fun, all sorts of new possibilities turn up.  For
example you could blacklist not the domain but a particular key index of the
domain.  So there's an incentive for the domain owner to have quite a few
keys  and use them to distinguish groups.

Tom


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] Crypto-based alternative to RMX
  - From: Michael Rubel

Prev by Date: RE: [Asrg] Crypto-based alternative to RMX
Next by Date: Re: [Asrg] C/R Thoughts: Take 1
Previous by thread: Re: [Asrg] Crypto-based alternative to RMX
Next by thread: RE: [Asrg] Crypto-based alternative to RMX
Index(es):
- Date
- Thread