[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] C/R Interworking Framework

To: "Eric D. Williams" <eric@infobro.com>, Asrg@ietf.org
Subject: RE: [Asrg] C/R Interworking Framework
From: Art Pollard <pollarda@lextek.com>
Date: Sun, 15 Jun 2003 16:55:31 -0600
In-reply-to: <01C332CB.3F7862F0.eric@infobro.com>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

At 11:18 PM 6/14/2003 -0400, you wrote:

On Monday, June 09, 2003 6:21 PM, Art Pollard [SMTP:pollarda@lextek.com] wrote:
8<...>8
> ... The CR system would filter based in the digital signature rather
> than the FROM address.

A signature that signs what? or do you mean a 'hash' produced using a 'senders' private key?

A digital signature uses a public / private key pair and a hash (typically SHA). Given the public key then the signature and message could be verified. The message would be signed with the private key as it went out. The message's header would contain:

1) The digital signature (generated by the public/private key pair and the message)
2) The public key.

The whitelisting would occur based not on the e-mail address but on the public key. Thus when a new message comes in, the public key would be looked up in the whitelist to see if it is already there. If it is there, the message can be checked with the public key and the signature to ensure that the proper public / private key pair actually was used to sign the message and that the message has not been altered.

By whitelisting on the public key and not the e-mail address / username/etc. the user can move between machines and accounts without new challenges as long as they use the same public/private key pair to sign their messages.

> Thus it would be quite possible for people to have
> multiple clients with the same digital signature (one for each e-mail
> address say) and they would only have to undergo the CR once -- even if
> they switched ISPs.

Same private key?

Yep.

8<...>8
> ...When whitelisting occurred, it would whitelist a
> particular person's signature rather than their e-mail address.

Caching of the public key?

Yep. The public key would be cached and would be used in the whitelisting process.

-Art

--
Art Pollard
http://www.lextek.com/
Suppliers of High Performance Text Retrieval Engines.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- RE: [Asrg] C/R Interworking Framework
  - From: Eric D. Williams

Prev by Date: RE: [Asrg] US Spam patents: Partial list
Next by Date: RE: [Asrg] C/R Interworking Framework
Previous by thread: RE: [Asrg] C/R Interworking Framework
Next by thread: RE: [Asrg] C/R Interworking Framework
Index(es):
- Date
- Thread