ietf-asrg
[Top] [All Lists]

RE: [Asrg] C/R Framework

2003-05-15 09:04:47
At 09:30 AM 5/15/2003 -0400, you wrote:


> Well, that's just a red rag to *some* bulls :-)
>
> I don't think that asserting that the same concerns apply to *other*
> systems
> adequately addresses concerns applying to *these* systems. Plus
> also - it's
> not strictly true, since the *necessarily* long life of this data in a C/R
> system has implications.


Yeah..that was just a placheolder...however, my thinking is that we should
be addressing the protocol..not how some systems implement persistent data.
For example, some systems may not use C/R to build whitelists.  Some may
just challenge very message..it would be stupid..but they could.  Within
client email software,, the C/R mechansim would have much less privacy
concerns.  So, I'm trying to divorce myself from implementations but rather
focus on seucrity implications of the protocol itself...could be wrong about
that..but that was my thinking.

If you mandate the use of an MD5 checksum in the X-CM-Receipient field or some similar mechanism instead of a plain email address, this might reduce the problem.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>