ietf-clear
[Top] [All Lists]

[ietf-clear] Re. CLEAR Charter (Forwarded At Request)

2004-10-02 14:39:27
On Sat, 2004-10-02 at 08:36, John Glube wrote:
Sent on behalf of Chris Haynes Sent: October 2, 2004 4:56 AM 

I think there is a useful function which needs to be done,
but I can't work out if it is within the scope of the
proposed charter.

My interpretation of the charter is that it works at the
domain level, i.e. it considers the accountability of each
host in isolation.

I can see the need to:

1) Identify some entity (non-terminal domain node) as
accepting responsibility for a collection of domain nodes
(incl. hosts)

2) Associating policies, reputations etc. with this
responsible entity, rather than with the individual domains.

Just to make it clear, let me give an example. This is
*not* the proposed solution, so please don't hack it to
bits yet. I'm just illustrating the kind of scheme I
mean....

There is a set of domains

a.example.com 
b.example.com 
c.example.com
d.mail.example.com 
e.example.co.uk 
f.example.com.fr
g.japaneseforexample.jp

and so on.

Individually they have some means of asserting "I am
accountable to example.com".

By validating the HELO/EHLO domain, to make associations of the mailbox
domain with these HELO/EHLO domains then only requires a simple name
list.  This can be done by using a specific label and forward referenced
PTR records.

Example.com has a DNS record which confirms: "I accept
responsibility for the actions of  (here follows the above
list)".

The operator of the mail transfer agent is identified by way of the
HELO/EHLO domain.  The operator of the mail transfer agent will be held
accountable for all traffic that emerges from the mail transfer agent.  

'example.com' may now publish policies etc. which are
applicable to all its domains (even ones not directly below
it in the DNS 'tree').

The actions of any one of the hosts at its domains now
affect the reputation of all of its domains, and so on.

It would be difficult to trust such an assertion to the point of
accountability, nor do I see the advantage beyond what is provided by
DNA.

Does the charter provide for any such scheme as this -
which permits responsibility & accountability to be grouped?

Such extensions of accountability can not be safely extended beyond
identifiers that can be directly verified.  In the case of SMTP, it
would be the IP address and the EHLO/HELO domain, provided a reliable
record is provided.  This record is the basic goal of CSV.

I can't see that it does, yet I think such pooling would
have benefits within the problem-space that the charter is
addressing.

This desire seems to reflect efforts directed toward allowing a mailbox
domain authorize many domains within the mail channel.  The use of the
validated HELO/EHLO domain and a name list can do this in a safe
fashion, but this is outside the goals of CLEAR.   

The reason I have raised it now is that I can immediately
think of two possible ways for the individual host to
assert its affiliation:

- The less-efficient one is for its domain's DNS record to
have a separate record, which would have to be fetched - a
close cousin of SPF's 'include'.

-  A more efficient one would be to extend the syntax of
HELO/EHLO to permit the affiliation to be asserted,
something like:

EHLO g.japaneseforexample.jp PARTOF example.com

and then, of course, one would get confirmation of the
assertion from 'example.com' itself.

This is the purpose of DNA and the DNA name list. It could be done via a
simple name list within the g.japaneseforexample.jp domain.  The
reputation system would still base their information upon the immediate
domain and not referenced domains.  Are you suggesting a type of
vouching being done directly via the EHLO/EHLO name?  This still seems
better done using DNA.  

If we are to do work on RFCs associated with HELO/EHLO, it
would be useful to know in advance if consideration of the
mechanisms for pooling / aggregation of responsibility is
in scope for CLEAR.

I have written a draft presented within the MARID WG related to this
type effort based upon the HELO/EHLO domain.  See:

http://www.ietf.org/internet-drafts/draft-otis-marid-mpr-00.txt

After the experience of MARID attempting to resolve issues associated in
this task of authorization (and not accountability although it was often
expressed as accountability), it has been concluded there can be no
resolution.  Not wishing to revisit this, the CLEAR work group would be
well advised to ignore these efforts.

-Doug