Re: [Asrg] seeking comments on new RMX article

I've kept fairly quiet (list volume has kept me falling behind almost
consistantly), but I'll stick my head in here.

Thus spake Dave Crocker (dhc(_at_)dcrocker(_dot_)net) [06/05/03 11:21]:
> ps.  It strikes me that the RMX proposal is conceptually similar to the
> old IDENT specification which purported to offer wonderful security but
> was soundly rejected by the security community.
The big difference is that IDENT is a per-user authentication mechanism,
where as RMX is a per-domain authentication mechanism.  IDENT gave you the
ability to figure out which users were on a system.  RMX just tells you the
outbound MX for a domain.  I don't see the massive security concerns.

Being somewhat security-conscious, I /do/ see /small/ problems with the RMX
record, specifically when talking about things like mixmaster.  But the easy
workaround is that mixmaster's either shouldn't use RMX, or should use RMX
on the inbound (I haven't played seriously with the project, so my concept
could be way off, but if they verify that mail coming in to the network is
valid, then in turn, mail going out of the network remains valid, and is
still anonymous.  However, it does add a point of concern to inbound mail,
but I don't believe it to be massive.  If you wish to debate this point,
mail me directly -- my ears are opened to corrections).  Anonymous remailers
could set up their RMX to be 0/0.

So then spammers move to using mixmasters to send their mail.  Well, short
of legislation, I don't see any way to identify the valid source of spam
once it gets in to a mixmaster setup.

So all that really happens is that things like open relays and open proxies
become less and less valuable, and anonymous remailers become infinitely
more popular.  However, they are no more /valuable/ than they are right now
-- the provide the same service, they do the same thing.

pgpCYyrXFVlP1.pgp
Description: PGP signature