ietf-asrg
[Top] [All Lists]

Re: [Asrg] C/R Thoughts: Take 1

2003-05-13 18:18:37
Eric Dean wrote:

I personally think that the intent of the C/R systems is to make
sure that
the originating email is valid. Thus it would make sense to have an
automatic protocol for verification which can be utilized by
systems to do
so.


Yes, if we could come up with a standard for C/R, then it would seem
appropriate that a mail client would be able to auto-verify any challenge
that came in response to a recipient that had been recently sent a message.
I'll throw out a light framework within the next day or two that we can
start insulting.  Requires coffee and post-midnight to truly think.

we went over this terrain in the camram project a couple of years ago. Anytime you make a response something that can be auto responded to, you create a hole for spammers. one thing I believe to be very important is a list of signatures for messages recently sent and the challenge should contain a matching signature for the message it is challenging. That way, when the challenge is handled, the mail user agent can verify that the client really did send a message the challenge was returned for by matching signature and destination address.

This is part of protocol I'm using for handling postage due notices automatically within camram. I'll elaborate more tomorrow if folks are interested.

---eric


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg