At 10:59 AM 5/15/2003 +0100, Jon Kyme wrote:
> of
> My intent is to throw something down on the table that's at
> least wrong and allow for an exchange of ideas regarding how to proceed
> if
> at all.
>
>
<quote>
Privacy
Concerns exist regarding data collection of correspondences between certain
senders and recipients however such information is available in most
mailing systems
</quote>
Well, that's just a red rag to *some* bulls :-)
I don't think that asserting that the same concerns apply to *other*
systems
adequately addresses concerns applying to *these* systems. Plus also - it's
not strictly true, since the *necessarily* long life of this data in a C/R
system has implications.
There are several privacy concerns - the whitelist primarily. Also, if the
challenge message contains the receivers email address that might be a
problem too. As I mentioned before, perhaps we should not store plain email
addresses - but some form of checksum or something. Even though that is
susceptible to dictionary attacks, the attacker must know what he is
looking for. This will at least protect against people snooping at messages.
---------------------------------------------------------------------------------------------------
Yakov Shafranovich / <research(_at_)solidmatrix(_dot_)com>
SolidMatrix Research, a division of SolidMatrix Technologies, Inc.
---------------------------------------------------------------------------------------------------
"One who watches the wind will never sow, and one who keeps his eyes on
the clouds will never reap" (Ecclesiastes 11:4)
---------------------------------------------------------------------------------------------------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg