ietf-asrg
[Top] [All Lists]

Re: [Asrg] porkhash: flexible anti-impersonation mail signatures

2003-04-03 12:54:11

J C Lawrence said:

But to be more exactly on porkhash, you do not need to have your end
to have persistent connection, what you need is to have verification
server available somwhere and it be contracted by the source (server
does not have to be same machine or even same ip network as source -
can be futher upstream). For destination, you do checking on email
when you're receiving it, so once ETRN is then time when destination
has connection to internet and can verify email.
 
I tend to the line that an audit trail should be full verifiable by all
stages in the transport, as well as subsequent to receipt (ie
forensices).  Its not enough to do it once at inception, or once at
receipt.  Once such a truth is established (by the audit trail) it
should remain 'true" for reasonably large values.

I agree BTW.  A factor in this is that we cannot trust audit trail entries
which are *claimed* to be verified by entities outside our control --
generally, anything beyond our MX.

For example it's commonplace in spam nowadays to receive a mail at one's
MX, which claims it had established an audit trail (Received headers) from
an originating host, to the relay which opened the SMTP conn to our MX --
whereas in actual fact, all the Received headers before that one are
fakes, inserted by the spamware, intended to throw spam-reporters
off-track.

Here's a sample.  The top line is my MX.  The next 3 lines are all
faked.  I know they're faked because (a) the hostnames/IPs don't resolve
to what they claim to be and (b) they use host and protocol names that
have been identified as being generated randomly by this spamtool.

 Received: from [200.203.96.67] (helo=aol.com) by yzordderrex with smtp
    (Exim 3.35 #1 (Debian)) id 18tt7d-00075m-00; Fri, 14 Mar 2003 17:37:34
    +0000
 Received: from rly-xl05.dohuya.com ([35.238.84.138]) by
    anther.webhostingtotalk.com with SMTP; Fri, 14 Mar 2003 14:37:08 +0100
 Received: from unknown (29.23.228.6) by rly-xw01.otpalo.com with QMQP;
    14 Mar 2003 15:35:51 +1100
 Received: from [99.50.80.61] by sydint1.microthink.com.au with SMTP;
    Sat, 15 Mar 2003 02:34:34 -0900

--j.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>