[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] E-mail Postmarks

To: "Eric A. Hall" <ehall at ehsco.com>
Subject: Re: [Asrg] E-mail Postmarks
From: William Leibzon <william at completewhois.com>
Date: Tue, 8 Jun 2004 21:55:44 -0700 (PDT)
Cc: asrg at ietf.org
In-reply-to: <40C5ECC5.2040206@ehsco.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <20040608041222.14776.qmail@xuxa.iecc.com> <40C54D89.5070309@ehsco.com> <Pine.LNX.4.60.0406080250180.29198@cwhois1.completewhois.com> <40C5ECC5.2040206@ehsco.com>
Sender: asrg-bounces at ietf.org


On Tue, 8 Jun 2004, Eric A. Hall wrote:

There is problem with that approach. If you let public key be
distributed as part of the same SMTP session as email itself, it
actually means nothing. Reason are that I can't trust your public key
to be really for your organization just because you say so at the time


I said back-channel, not the same channel. The mail-transfer session is
one-way (client->server), and I'm suggesting that the transfer server
should open its own client connection to whichever server(s) is listed as
authorized for publishing the key data for the sender's domain.


Ok, that is what I call SMTP Callback in my posts on this list.

You can do this for MAIL-FROM and From: separately.

Not worth it, unless you're proposing we implement full callback where originator merely informs the recepient that he has email and recepient calls to pick it up.

If we want to use SMTP to handle key verification, the better way would be to try to use TLS in some way.

But I don't think we'll gain much by extending SMTP to handle such
callback system for retreival of public keys, in such case I think its
better to just work on new protocol since it can possibly be of use for
protocols other then SMTP.


If you start generalizing too much you will end up in directory land and
there's already a bunch of WGs and corpses there, so that would be a
mistake in my opinion.

And there is no reason we should not reuse existing protocol for our purposes You're the one who knows more about this considering FIRS that you based on LDAP (which BTW may well work for us here even better, since S/MIME already has specification for running keyserver based on LDAP and that could be extended for our purposes).

---
William Leibzon
william at completewhois.com

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] E-mail Postmarks
  - From: John Levine
- Re: [Asrg] E-mail Postmarks
  - From: Eric A. Hall
- Re: [Asrg] E-mail Postmarks
  - From: William Leibzon
- Re: [Asrg] E-mail Postmarks
  - From: Eric A. Hall

Prev by Date: Re: [Asrg] E-mail Postmarks
Next by Date: Re: [Asrg] E-mail Postmarks
Previous by thread: Re: [Asrg] E-mail Postmarks
Next by thread: Re: [Asrg] E-mail Postmarks
Index(es):
- Date
- Thread