ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] New take on emerging idea. (Query/C-R system?)

2003-04-10 13:42:26
from [Kee Hinckley] [Permanent Link] 
At 3:22 AM -0600 4/10/03, John Fenley wrote:
Administrator maintained public "choicelist"(functions as a whitelist, and a blacklist) database: 

Who administers this?  And who can read it?


Database curator:


Again.  What's the scope of this job?  Per-ISP?


2. protect the security of the database against unauthorized changes.


How are changes authorized?
4. give id# of the list's entry to subscribers so they can recieve the list, or use a system where they send the first message to subscribe to the list. 

These ID #'s are unique world-wide?  Who guarantees that?
1. enter # given when you sign up for a list if your mail service supports it, or send a subscribe message to the list. 

Enter # (or list?) where?


1. allow user to enter id #s.


Into what?


When a new user joins the system:
1. They choose a user name, and a password.
2. they enter contact info, to prvent hijacking.


How does that prevent hijacking?
Fenley, Dagmar
1985 N 360 East
PROVO, UT 84604
#1 Each time your system recieves an email message the senders address is checked against a whitelist. 

Where is "your system" in this model.  MTA, MUA?


If the name IS on the list deliver the message. end
If the name IS NOT on the list procede to #2.
#2 Check the choicelist database, and compare the numbers returned against the users choicelist. If no number is returned go to #3 If the number is in the users choicelist deliver the message. end 
If the number is not in the users choicelist delete the message. end
More critically. You've described a complex whitelisting system using unique numbers (not sure why, the email address is also unique, and the mapping between the two appears to be public, although I'm not certain from the description). What does that gain over just whitelisting the address. And how does it do any more to prevent forgery than just whitelisting the address? 
--
Kee Hinckley
http://www.messagefire.com/          Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 2.c.1 and 6 - The importance of being Earnest, Kee Hinckley
Next by Date:  Re: [Asrg] New take on emerging idea. (yet another C-R system?), Kee Hinckley
Previous by Thread:  Re: [Asrg] New take on emerging idea. (Query/C-R system?), John Fenley
Next by Thread:  Re: [Asrg] New take on emerging idea. (Query/C-R system?), John Fenley
Indexes:  [Date] [Thread] [Top] [All Lists]