ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Consent tokens

2003-07-09 10:07:33
from [gep2] [Permanent Link] 
The consent token traveling with the email seems to be somewhat 

problematic. It would have to prevent middlemen attacks and for that to 
happen the token would need to encode the source of the email message. I 
believe that is a problem.  For instance I have two email clients with 
two different email addresses - one being the company I work at and the 
other being my personal account. Now if the token includes the 
originating address I would have to have two different tokens. I would 
think we would want a single token regardless of where I am and whatever 
address I use and that would make a lot of work. But this single token 
would make it susceptible to middleman attacks.

I think there are a *lot* of problems with the consent token approach, 
including 
the fact that you may wish to revoke an already-issued consent token.  That 
revocation is VERY unlikely to be system-wide;  you're only likely to revoke 
its 
use by some selected rogue user.

Since you CANNOT accept any consent token at face value, but basically MUST 
check to see if it's still valid and accepted (FROM the originating user), I 
don't really see that the token adds much of anything that you can't get from 
the originating user's E-mail address (which thus works FINE as the token all 
by 
itself, AND eliminates the need for the sending end to do ANYTHING different 
from what they do for anybody else).


In the receiver side screening mechanism, the second idea, I keep track 

of addresses that I am willing to accept. As noted earlier very little 
mail is sent through multiple MTA's (though I can tell you of one case 
that it will happen!). This is patently more simple. I both cases - the 
token and screening - I need to keep something to note who to allow 
through. But in the former instance the sender needs to do something as 
well. Seems like more work.

Absolutely.  And some senders (large mailing lists for instance) are highly 
unlikely to want to adapt their behavior to correspond to the unique (and 
possibly even contradictory) demands of each of possibly hundreds of thousands 
of subscribers/community members.

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment!  Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Asrg] Consent tokens, gep2 <=
Previous by Date:  [Asrg] Weak Web services, gep2
Next by Date:  [Asrg] Non-delivery, gep2
Previous by Thread:  [Asrg] Weak Web services, gep2
Next by Thread:  [Asrg] Non-delivery, gep2
Indexes:  [Date] [Thread] [Top] [All Lists]