Dennis Gearon wrote:
david nicol wrote:
On Thu, 2003-09-25 at 19:32, Dennis Gearon wrote:
Yakov Shafranovich wrote:
Fourth, take a look at the CRI proposal:
http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt
Actually, my idea, I believe, takes care of most of the problems with
the Level 2 CRI system. I will think about it for awhile.
When is CRI 01 due? Who is maintaining it (I nominate Eric Dean)?
It has been pointed out that body hashing would make CRI level-2
work, and this was AIUI generally agreed-to. Yet a revised CRI
document has not yet appeared.
I suggested both body and specific headers be hashed. And only 32 bytes
from the body to save processor time. Someone gave some good, valid
reasons why the CRI/hash idea has problems, but I think they would not
be too hard to overcome. Mostly, it was:
A/ The need to keep records of what is sent.
B/ The additional changes to SMTP required
(Anyone really believe that SMTP will forever be extendible and
not have to be replaced someday?)
C/ Messages can't be stopped before they leave, only when they arrive.
Well, I am too tired and not well enough versed to coment on A and B.
However, regarding CI think that the whole SPAM problem has to be solved
in a two part solution anyway:
A/ Develop a way to know who is sending what, and receivers can
decide to accept or not mail that is not certified to be from who it
says it is from.
Also take a look at:
http://www.elan.net/~william/asrg-emailpathverification-presentation.pdf
B/ Implement blocking on the send or receive sides, using lists, or
authority, or validation, etc.
Take a look at:
http://www.solidmatrix.com/research/asrg/asrg-consent-framework.html
My proposal, and CRI/hash in general only addresses A. I leave B to more
knowledgable people.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg