[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]

To: "William Leibzon" <william at completewhois.com>, "ASRG" <asrg at ietf.org>
Subject: RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
From: "Chris" <asrg at rebel.com.au>
Date: Thu, 20 May 2004 17:43:42 +0930
Importance: Normal
In-reply-to: <Pine.LNX.4.44.0405191138550.29979-100000@cwhois1.completewhois.com>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin at ietf.org

>
> Big problem I have with it is that yahoo domain keys breaks with email
> forwarders, mail lists and roaming users

I don't understand why you say this.

Roaming users still have to log into an ISP somewhere to send their email.
if The ISP is prepared to let them access the mail system the ISP becomes
responsible for what they do. So they should at the very least validate
them.

Mail forwarders can sign the mail. they must accept responsibilty for the
forwarding as above.

Mailing lists must also be held accountable for what they send. they are
simply another 'injection point' and can validate the sender before
inserting it into the list.

> email content must be changed in process
> of tranmission

Why 'must' content be changed?

headers need to be added and those should be signed off as well as the
previous mta's signature. granted this additional signing increases the load
especially for the MTR, but if Spam is reduced then the initial load would
be reduced anyway.

If content MUST be changed then the authority changing the content becomes
the owner. and therefore responsible for the 'new' email.

Regards
Chris



> -----Original Message-----
> From: asrg-admin at ietf.org [mailto:asrg-admin at ietf.org]On Behalf Of
> William Leibzon
> Sent: Thursday, 20 May 2004 4:17 AM
> To: ASRG
> Subject: Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for
> DomainKeys]
>
>
> And frankly, I'm less then satisfied after so many promises and lots of
> wait for it. Its long document (which I ready fully) that primarily just
> pounds on rather old idea of entering public key in dns and using private
> key to add signed header to email, this idea had been around for at least
> 4 years (possibly more) and I thought they found ways around above listed
> and other similar problems when email content must be changed in process
> of tranmission by intermediate server, but unfortunetly they did not. Nor
> do they address entering keys too well, again we're back to reusing TXT
> (where as what we need is standard for entering public keys in DNS and
> this is needed not only for email but for several others things and in
> general would come usefull, there have been drafts about this actually).
>
> On Tue, 18 May 2004, Yakov Shafranovich wrote:
>
> >  From MARID list.
> >
> > -------- Original Message --------
> > Subject: Yahoo! Mail Publishes Specification for DomainKeys
> > Date: Tue, 18 May 2004 10:46:32 -0400
> > From: Larry Seltzer <larry at larryseltzer.com>
> > To: 'IETF MARID WG' <ietf-mxcomp at imc.org>
> >
> >
> > (see http://antispam.yahoo.com/domainkeys in particular)
> >
> > LJS
> >
> > Yahoo! Mail Publishes Specification for DomainKeys
> >
> > E-mail Authentication Solution Filed with IETF;
> >
> > Alpha Version of Open Source Code Available
> >
> > WHAT:
> >
> > On Tuesday, May 18, Yahoo! announces the publication of its
> > specification on DomainKeys,
> > a cryptographic e-mail authentication solution to help fight spam.
> >
> > DomainKeys: In order to attack spam at its roots, a powerful
> solution is
> > needed that can
> > verify the identity of the e-mail sender and put an end to spoofing and
> > forgery.
> > DomainKeys help fight spam by providing strong assurance of both the
> > sender's identity
> > and the integrity of the e-mail content through the use of
> > public/private key
> > cryptography.
> >
> > On Monday, May 17, the company filed the spec as an Internet-draft with
> > the IETF
> > (Internet Engineering Task Force) standards body to begin the
> > standardization process.
> >
> > Additionally, Yahoo! is currently developing a reference implementation
> > for DomainKeys
> > that can be plugged into Message Transfer Agents (MTAs), such as qmail.
> > An alpha version
> > of this software will be released under a royalty free license at
> > SourceForge.net.
> >
> > WHERE:
> >
> > The specification, license terms and FAQs are posted on Yahoo!'s
> > Anti-Spam Resource
> > Center:  http://antispam.yahoo.com
> > The alpha version of the software will be hosted at SourceForge.net at:
> > http://sourceforge.net/index.php
> >
> > --
> > Yakov Shafranovich / asrg <at> shaftek.org
> > SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
> > "There is nothing new under the sun" (Eccls. 1:9)
> >
> > _______________________________________________
> > Asrg mailing list
> > Asrg at ietf.org
> > https://www1.ietf.org/mailman/listinfo/asrg
> >
>
>
> _______________________________________________
> Asrg mailing list
> Asrg at ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
  - From: William Leibzon

Prev by Date: RE: [Asrg] Re: Spam send/receive ratio
Next by Date: Re: [Asrg] Spam and IPv6
Previous by thread: Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
Next by thread: RE: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
Index(es):
- Date
- Thread