ietf-asrg
[Top] [All Lists]

Re: [Asrg] request for review for a non FUSSP proposal

2009-06-23 17:27:16
Douglas Otis wrote:

Your strategy requires servicing a method that does not depend upon
"pass-tokens" as a means to obtain them. 

Tokens can be obtained trough a "consent request" email message, which
is a normal "text only" message with some constraints, or trough some
other communication channel, including face by face meetings. Other,
more powerful or easy means to obtain token would probably mean that the
address owner would be flooded by spam hiding as consent request, or
that tokens could be surreptitiously obtained.

The task of collecting source
specific tokens represents a fair amount of administrative effort for
both senders and recipients that is likely to be problematic.  Not good.


This kind of evaluation is a critical one for the model the framework is
based on. I take the cell phone numbers as an example. Most of us has
hundreds of cell phone numbers, (almost) none of which has been obtained
automatically. We took the burden of collecting them, and usually, if we
need to contact somebody, and this person is willing to talk with us, we
manage to get a phone number through one of the many communication
channels that are offered to us. We also happily take the burden of
distributing by hand our cell phone number, even if we could just put it
on phone directories and have it automatically distributed, because we
understand the advantages of not distributing it. I would say, most of
us is more unhappy with the ease unknown people can contact us through
email, than with the difficulties they have contacting us through our
cell phone.

Spitting the email-address onto separate headers is problematic.  In
addition, what one MTA might understand may not apply to the subsequent.


I think this is a technical problem the framework deals properly with. I
may be missing something, of course. And, it requires an extension to SMTP.

Review how one might use <local-part>"+"<tags> :
http://css.its.psu.edu/news/emailplus.html


Yes, I wrote a detailed answer on this to Seth in a previous message.

Then imagine this acceptance criteria is combined valid DKIM
respondent's messages.


I don't think this would solve the problem of address (that is, tag)
disclosure in messages with multiple recipients.

As yet a better alternative, to thwart wasted and undesired exchanges,
an exchange by reference offers an inherent means to authenticate
sources without cryptography, and avoid undesired exchanges.

Maybe I didn't catch this one, but tokens can be exchanged between
users, so a "reference" would just be the use of the same token. But
probably I didn't understand what "exchange by reference" is, google
just gives me some cryptic pages on taxation and foreign currency :)

-- 

Claudio Telmon
claudio(_at_)telmon(_dot_)org
http://www.telmon.org

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg