ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 6. Proposals - Challenge/response - CRI

2003-08-20 01:50:30
from [Andrew Akehurst] [Permanent Link] 
Hello everyone

Some forwarded further reaction to the CRI proposal here from David.
I've had a few ideas myself over the past couple of days and I'll be
posting them shortly.

Thanks

Andrew

----- Forwarded message from david nicol <whatever(_at_)davidnicol(_dot_)com> 
-----


I think it's too complex and fiddles with too many preexisting
protocols.


Recently someone on the djbdns mailing list wrote an autoresponder
to reply to the challenges that that mailing list sends out on every
list posting.  Someone else forged messages from the autoresponder
author's return address and the forged messages appeared on the
list.  So the autoresponder in question was merely operating at
level one and not level two of the three levels defined in the draft,
which I found to be a good set of definitions.

I am opposed to level three.  As computing power keeps increasing,
as well as the availability of human brains, when properly organized,
turing test systems become useless.

I think a good thing to agree on might be an XML DTD for challenges
and responses, which could be embedded into a human-readable
challenge message that states the same thing as the XML challenge,
for those users (initially everyone) who do not use a CRI-enabled
MUA.

What information would beed to be in there, to have level two
functionality?  Last night I came up with what I believe is a
workable set:

1: message-ID of the message in question.  Message-IDs are generated
by the MUA (well they can be) and the MUA can remember which ones it
generated.  Message-ID alone allows a valid Message-ID to be attached
to an invalid message, so Message-ID is not sufficient.

2: MD5 hash of the body of the message.  By including this information,
it is only possible to forge a message that was actually sent.

3: subject line.  It appears in the header, not the body, and it
is good to include the subject line in human-readable forms.


So when tom(_at_)example(_dot_)com sends a message to 
abigail(_at_)example(_dot_)net,
the abigail's MUA might generate a challenge like follows and
send it to tom before accepting tom's message (and perhaps
caching tom's return address and the smtp server the message
arrived from as valid and not warranting future challenges)

envelope-return-address: abigail-cribounce(_at_)example(_dot_)net
evelope-recipient: tom(_at_)example(_dot_)com
X-Asrg-Cri-Status: Challenge
Message-Id: <cri-challenge-(_dot_)(_dot_)(_dot_)(_at_)example(_dot_)net>
From: <abigail(_at_)example(_dot_)net>
Date: ...
Subject: Challenge re: Beans?

This message is a challenge to verify that tom(_at_)example(_dot_)com
sent a message with subject line <<Beans?>> to
abigail(_at_)example(_dot_)net(_dot_)

If you sent the message in question, please forward this
challenge message to abigail(_at_)example(_dot_)net (replying to
it should work)

If you did not send the message and would like to report
an abuse incident, please forward this challenge message
to abusebot(_at_)example(_dot_)net(_dot_)

The following XML block is included for people using
CRI-enabled e-mail software.

<challenge>
<challengeid>847568276345.24958793287</challengeid>
<messageid>oiuhgkjnetoij(_at_)example(_dot_)com</messageid>
<bodyhash>c5fb7d43ba68c638b75485220a3c3372</bodyhash>
<subject>Beans?</subject>
<forwardifgood>abigail(_at_)example(_dot_)net</forwardifgood>
<forwardifbad>abusebot(_at_)example(_dot_)net</forwardifbad>
</challenge>

__END__


I suppose this could all be done with headers instead of
a block in the message body, but headers often get lost.



I think the only really significant semantic suggestion I'm making
is that a hash of the body of a message should be included to
prevent forgeries of level-two systems.


How would it interact with mailing lists?

* the CRI-enabled MUA would have a way to turn off challenges for
known-good sources (guest-list, known-good mailing lists) without
presuming a source good simply due to the appearance of some header
or other.

* the CRI-enabled listserv would recognize the challenge as such
(instead of as a bounce, assuming it is a VERPing listserv) and
respond correctly, possibly using a to-be-defined extended
syntax for declaring "I am a listserv! You can recognize traffic
from me because it comes from 192.0.2.174 and it always contains
a header "List-ID: giants-list(_at_)example(_dot_)org"






ps. the hash in the example is a hex MD5 hash of "fee fi fo fum!"

David Nicol / If at first you don't succeed, use a bigger hammer.
                                       http://gallaghersmash.com

----- End forwarded message -----

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] 4d. Consent Framework - Language for Consent, Yakov Shafranovich
Next by Date:  RE: [Asrg] 6. Proposals - Challenge/response - CRI, Andrew Akehurst
Previous by Thread:  RE: [Asrg] 6. Proposals - Challenge/response - CRI, Yakov Shafranovich
Next by Thread:  Re: [Asrg] 6. Proposals - Challenge/response - CRI, John Fenley
Indexes:  [Date] [Thread] [Top] [All Lists]