ietf-asrg
[Top] [All Lists]

Re: [Asrg] ASRG session at IETF

2006-03-14 16:30:15
On 11 Mar 2006 05:01:46 -0000, John Levine <asrg(_at_)johnlevine(_dot_)com> 
wrote:
The session is now scheduled for March 20th from 6:50 to 7:50 PM, the
last thing before dinner.

Possible items:

David Nichol has sent in a strawman proposal for a message tagging
protocol.

No 'H' in my name :)

The proposal I buried in a thread a couple weeks ago could be easily
divided into two orthogonal pieces: one is a generic is/isn't kind
of tag, the other is a general way to authenticate a header line without
cryptography: maintain a database of hash digests of header lines, indexed
by a salt that appears within the authenticable line.

Both are pieces of infrastucture that would map very well to the
loftier problems such as vouching.

I've been working on some notes about using DKIM with third-party
certification services, harking back to my constant desire to get
something happening in the IAR subgroup..  There's a couple of issues
to talk about.  One is the technical ways that party C (the certifier)
can tell people that they endorse some or all of the mail sent by
party S (the sender).  Possibilities include a signature from C,
multiple signatures from both S and C, a signature from S that
recipients can ask C about, and maybe others.  Certifiers frequently
only vouch for certain categories of mail, e.g., transactional mail
but not mailing list mail.  I don't think there is any way to check
mechanically what category or categories a message belongs in, but
it should at least be possible for C to say what categories it's
vouching for, and for the messages to say what categories they belong
to, so one can tell if the sender is cheating.

It's also an open question what catgories are useful, which in turn
depends on who the categories are intended for: original senders,
sending or receiving MTA managers, final recipients, and any
combination thereof.  If there's interest, I can flesh out the notes a
little thand send them around.

the header line verification protocol would work as a low-CPU alternative
to cryptographic signatures.  I imagine a "Vouch: ..." header that would
include all the required information.  Although it seems that a reputation
system would be better as entirely parallel to e-mail delivery, involved
when weighting a tag claim.  Say a message is tagged

   Is-Interesting: p=7; origin=gptp.example.net;
      claim-maker=interesting(_at_)johnlevine(_dot_)com; salt=zxcvbn;

Assuming the gptp checks out, do we trust 
interesting(_at_)johnlevine(_dot_)com's
assessment of the interestingness of messages, and do we trust
gptp.example.net to be the gptp origin server for authenticating
claims made by interesting(_at_)johnlevine(_dot_)com?  I think the
method for deciding that should not depend on additional
paperwork that would have to be included as yet more (forgeable)
header lines.



Any other topics people would like to address?  Anyone planning to come?

I won't be going to Texas but I could be available by telephone for
the hour -- if anyone wants to conference me in please write off-list for a
suitable phone number.  Better yet, mirror the debate on an IRC channel?

--
David L Nicol

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>