[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] 6. Proposals - Challenge/response - CRI

To: "'david nicol'" <whatever@davidnicol.com>, "'Deven T. Corzine'" <deven@ties.org>
Subject: RE: [Asrg] 6. Proposals - Challenge/response - CRI
From: "Eric Dean" <eric@purespeed.com>
Date: Thu, 21 Aug 2003 10:54:51 -0400
Cc: "'Yakov Shafranovich'" <research@solidmatrix.com>, "'Andrew Akehurst'" <A.D.Akehurst-99@student.lboro.ac.uk>, <asrg@ietf.org>
Importance: Normal
In-reply-to: <1061420903.1185.4.camel@plaza.davidnicol.com>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

I'm not sure that we have to approve anything...we just have to have a
protocol provide capabilities for interoperability..we don't have to
select a method..but rather design a protocol that will accommodate.

> -----Original Message-----
> From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org] On Behalf Of
david
> nicol
> Sent: Wednesday, August 20, 2003 7:12 PM
> To: Deven T. Corzine
> Cc: Yakov Shafranovich; Andrew Akehurst; asrg@ietf.org
> Subject: Re: [Asrg] 6. Proposals - Challenge/response - CRI
> 
> On Wed, 2003-08-20 at 12:42, Deven T. Corzine wrote:
> 
> > > > > I think the only really significant semantic suggestion I'm
making
> > > > > is that a hash of the body of a message should be included to
> > > > > prevent forgeries of level-two systems.
> > >
> > > That has been mentioned before and is a pretty good idea. It also
> > > alleviates some privacy concerns since the originating MTA/MUA
does
> not
> > > have to store copies of messages, but can store MD5 hashes
instead.
> >
> > Using a hash is an obvious thing to do, but it begs the question of
> exactly
> > what you're hashing.  You can't safely hash the entire message
because
> the
> > headers change on every hop, at least for Received: lines.  Other
> headers
> > might be mangled or normalized as well.  You can ignore the header,
but
> it
> > would be good to validate parts of it.  Even if you just hash the
body,
> you
> > have to be concerned about the message being mangled by intermediate
> MTAs.
> 
> 
> I imagine one would hash all the MIME parts together.  Or do whatever
> GPG does with a MIME message.  This but has been solved, there is only
> to select an approach and approve it.
> 
> 
> 
> --
> David Nicol / If at first you don't succeed, use a bigger hammer.
>                                         http://gallaghersmash.com
> 
> 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- RE: [Asrg] 6. Proposals - Challenge/response - CRI
  - From: david nicol

References:
- Re: [Asrg] 6. Proposals - Challenge/response - CRI
  - From: david nicol

Prev by Date: Re: [Asrg] 6. Proposals - Challenge/response - CRI
Next by Date: RE: [Asrg] US Spam patents: Partial list
Previous by thread: Re: [Asrg] 6. Proposals - Challenge/response - CRI
Next by thread: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Index(es):
- Date
- Thread