ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] C/R Interworking Framework

2003-06-18 19:54:22
from [Eric D. Williams] [Permanent Link] 
Got it.  Thanks Art.

-e

On Sunday, June 15, 2003 6:56 PM, Art Pollard 
[SMTP:pollarda(_at_)lextek(_dot_)com] wrote:

At 11:18 PM 6/14/2003 -0400, you wrote:

On Monday, June 09, 2003 6:21 PM, Art Pollard 
[SMTP:pollarda(_at_)lextek(_dot_)com] 
wrote:
8<...>8

... The CR system would filter based in the digital signature rather
than the FROM address.


A signature that signs what? or do you mean a 'hash' produced using a 
'senders'  private key?


A digital signature uses a public / private key pair and a hash (typically 
SHA).  Given the public key then the signature and message could be 
verified.  The message would be signed with the private key as it went 
out.  The message's header would contain:

1) The digital signature (generated by the public/private key pair and the 
message)
2) The public key.

The whitelisting would occur based not on the e-mail address but on the 
public key.  Thus when a new message comes in, the public key would be 
looked up in the whitelist to see if it is already there.  If it is there, 
the message can be checked with the public key and the signature to ensure 
that the proper public / private key pair actually was used to sign the 
message and that the message has not been altered.

By whitelisting on the public key and not the e-mail address / 
username/etc. the user can move between machines and accounts without new 
challenges as long as they use the same public/private key pair to sign 
their messages.


Thus it would be quite possible for people to have
multiple clients with the same digital signature (one for each e-mail
address say) and they would only have to undergo the CR once -- even if
they switched ISPs.


Same private key?


Yep.



8<...>8

...When whitelisting occurred, it would whitelist a
particular person's signature rather than their e-mail address.


Caching of the public key?


Yep. The public key would be cached and would be used in the whitelisting 
process.

-Art

-- 
Art Pollard
http://www.lextek.com/
Suppliers of High Performance Text Retrieval Engines.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] CRI Header, Eric D. Williams
Next by Date:  [Asrg] Re: Reverse DNS, gep2
Previous by Thread:  RE: [Asrg] C/R Interworking Framework, Yakov Shafranovich
Next by Thread:  [Asrg] Another criteria for "what is spam"..., Barry Shein
Indexes:  [Date] [Thread] [Top] [All Lists]