[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] C/R Interworking Framework

To: "'Art Pollard'" <pollarda@lextek.com>, "Asrg@ietf.org" <Asrg@ietf.org>
Subject: RE: [Asrg] C/R Interworking Framework
From: "Eric D. Williams" <eric@infobro.com>
Date: Wed, 18 Jun 2003 21:55:32 -0400
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Organization: Information Brokers, Inc.
Sender: asrg-admin@ietf.org

Got it.  Thanks Art.

-e

On Sunday, June 15, 2003 6:56 PM, Art Pollard [SMTP:pollarda@lextek.com] wrote:
> At 11:18 PM 6/14/2003 -0400, you wrote:
> >On Monday, June 09, 2003 6:21 PM, Art Pollard [SMTP:pollarda@lextek.com] 
> >wrote:
> >8<...>8
> > > ... The CR system would filter based in the digital signature rather
> > > than the FROM address.
> >
> >A signature that signs what? or do you mean a 'hash' produced using a 
> >'senders'  private key?
> 
> A digital signature uses a public / private key pair and a hash (typically 
> SHA).  Given the public key then the signature and message could be 
> verified.  The message would be signed with the private key as it went 
> out.  The message's header would contain:
> 
> 1) The digital signature (generated by the public/private key pair and the 
> message)
> 2) The public key.
> 
> The whitelisting would occur based not on the e-mail address but on the 
> public key.  Thus when a new message comes in, the public key would be 
> looked up in the whitelist to see if it is already there.  If it is there, 
> the message can be checked with the public key and the signature to ensure 
> that the proper public / private key pair actually was used to sign the 
> message and that the message has not been altered.
> 
> By whitelisting on the public key and not the e-mail address / 
> username/etc. the user can move between machines and accounts without new 
> challenges as long as they use the same public/private key pair to sign 
> their messages.
> 
> > > Thus it would be quite possible for people to have
> > > multiple clients with the same digital signature (one for each e-mail
> > > address say) and they would only have to undergo the CR once -- even if
> > > they switched ISPs.
> >
> >Same private key?
> 
> Yep.
> 
> 
> >8<...>8
> > > ...When whitelisting occurred, it would whitelist a
> > > particular person's signature rather than their e-mail address.
> >
> >Caching of the public key?
> 
> Yep. The public key would be cached and would be used in the whitelisting 
> process.
> 
> -Art
> 
> -- 
> Art Pollard
> http://www.lextek.com/
> Suppliers of High Performance Text Retrieval Engines.
> 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Prev by Date: RE: [Asrg] CRI Header
Next by Date: [Asrg] Re: Reverse DNS
Previous by thread: RE: [Asrg] C/R Interworking Framework
Next by thread: [Asrg] Brad Templeton's C/R Guidelines
Index(es):
- Date
- Thread