ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Seeking volunteers for C/R documents (was: Washington Post: Earthlink to Deploy a Challenge-Response System for )

2003-05-11 07:45:07
from [Eric Dean] [Permanent Link] 
Sure, I'm in...it appears we have a small BoF that'll at least document some
of the issues with C/R as well as propose some potential standards


-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org 
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of Paul
Judge
Sent: Saturday, May 10, 2003 10:06 AM
To: John Fenley; asrg(_at_)ietf(_dot_)org
Subject: [Asrg] Seeking volunteers for C/R documents (was: Washington
Post: Earthlink to Deploy a Challenge-Response System for )



Yes, a BCP for designing and deploying C/R systems would be useful.
Additionally, a proposal for a C/R protocol would be useful. This would
permit interaction between different C/R systems and allow
integration into
MTAs and MUAs.

Does anyone have a set of thoughts in either of these two directions that
they would like to put together and move forward?



-----Original Message-----
From: John Fenley [mailto:pontifier(_at_)hotmail(_dot_)com]
Sent: Friday, May 09, 2003 12:16 PM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Washington Post: Earthlink to Deploy a
Challenge-Response System for


Someone mentioned writing some guidelines for responsible
Challenge/Response
systems. Any chance we could officially ask Earthlink to hold
off deployment
for a month so we can get something together to guide them?

Perhaps even a list of fatal flaws and suggested best
practices would help.

These are my suggestions for a beginning list of problems:
1. Avoid infinite loops.
2. Allow all Opt-in mail.
3. take steps to prevent spammer evolution.
4. Provide proof that the challenge is legitimate.
5. Avoid simple reply style challenges that are easy to
autorespond to. 6. Use generous auto whitelisting. 7. support
all types of  identity proofs including new ones. 8. Don't
just delete everything that doesn't respond correctly, perhaps
reward correct challenges by placing them at the top of the inbox.

John Fenley

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Assume perfect knowledge by domain registry provisioners, so what?, Yakov Shafranovich
Next by Date:  Re: [Asrg] Assume perfect knowledge by domain registry provisioners, so what?, Eric Brunner-Williams in Portland Maine
Previous by Thread:  Re: [Asrg] Seeking volunteers for C/R documents (was: Washington Pos t: Earthlink to Deploy a Challenge-Response System for ), waltdnes
Next by Thread:  Re: [Asrg] Assume perfect knowledge by domain registry provisioners, so what?, Yakov Shafranovich
Indexes:  [Date] [Thread] [Top] [All Lists]