ietf-clear
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-clear] No callbacks, please, was Re. CLEAR Charter

2004-10-03 21:00:11
from [James Couzens] [Permanent Link] 
On Sun, 2004-10-03 at 20:01, John Levine wrote:

If BATV uses a public scheme, presumably there is at least a DNS 
query per message, to get the key.

Although this query would not go directly back to the 'caller' 
and, therefore, is not strictly a call-back scheme, it does 
impose a per-message, receive-time, cross-net exchange.


The public schemes I've seen proposed use per-domain keys, not per
mailbox keys.  If a random Russion site gets a 10,000 spams with
forged abuse.net addresses, which they do all the time, I'd much
rather they do one lookup for a per-domain key and cache it than
10,000 lookups for 10,000 fake return addresses.


We've been over this in great detail on the SES-DEVEL list and in
particular Seth Goodman has provided a great deal of technical
information relating to the costs of doing things either way with heavy
participation from both Roger Moser and Tony Finch.

At the heart of this discussion has been can we do both, eg: can the
recipient of a message which has been signed with a hash unique for that
individual message extrapolate the necessary information to validate
said hash against the domain relative to that message?  If someone (ie:
you) decides they wish to block the callback port how does one proceed
to validate the message?  

This is where the SMTP callback would take place which is more expensive
and but allows validation in the face of an inability to perform the IP
based callback due to unsuitable network conditions (or blatant
firewalling in your case). 

There are notable benefits towards signing each individual message based
on its contents rather than specifically against its domain especially
for a network of AOL's size.


In terms of transaction costs, how would this differ from what 
SES is proposing?


Per domain rather than per mailbox or per-message.  I think that's
significant.  It's also DNS which is known to perform adequately for
per-domain data, rather than some yet-to-be invented per-mailbox
protocol which, according to recent messages, is simultaneously UDP to
be very lightweight, and TCP to be more reliable.


SES is not written in stone, and there has been discussion relating to
permitting two different types of validation, both per user (which I
believe Tony Finch is after, and really is the right way to be doing it)
and per domain.  That being said it differs none.  This has actually
been the core of several discussions.

Furthermore it is not "yet to be invented".  We've been working on this
for some time to ensure that the best choice is made with the overall
best interests of EVERYONE on the internet, not just single individuals
or groups of people with particular beliefs or feelings on how things
should be.


R's,
John

PS: If bad guys put fake DK signatures on their spam with random
fake selectors, we're back to a per-message DDOS.  Hmmn.


Yes we would be... if we lay a solid foundation where each message does
indeed result in a callback regardless of weight, then it becomes fairly
hard to abuse such a system since its setup to handle this.  

I point you to a thread on the SES list in which Seth Goodman responds
to you regarding the cost of PK validation vs. CB validation and makes a
very good point:

http://ses-devel.lists.archives.codeshare.ca/message/20040809.201310.5e6dd3a1.en.html

Some references from the SES list should you have missed them, and for
anyone else here interested in participating:

The six proposed validation types:

http://ses-devel.lists.archives.codeshare.ca/message/20040927.132400.76b3cc74.en.html

and then Seth's response which breaks them down into more detail:

http://ses-devel.lists.archives.codeshare.ca/message/20040927.210157.1b820c1d.en.html

If you are wishing to search the mailing list for a particular topic use
the following URL:

http://ses-devel.lists.archives.codeshare.ca/splash/index.en.html

Cheers,

James

P.S. Can you please refrain from having me CC'd on each message which is
posted publicly to the mailinglist as Evolution (my MUA) takes the
duplicate which id nixes but places the message in my Inbox instead of
in the designated IETF-CLEAR folder I have setup.  Thanks in advance.

-- 
James Couzens,
Programmer
                                                     ( ( (      
      ((__))         __\|/__        __|-|__        '. ___ .'    
       (00)           (o o)          (0~0)        '  (> <) '    
---nn-(o__o)-nn---ooO--(_)--Ooo--ooO--(_)--Ooo---ooO--(_)--Ooo---
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7A7C7DCF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : 
http://mipassoc.org/pipermail/ietf-clear/attachments/20041003/5a784dcb/attachment.bin
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-clear] No callbacks, please, was Re. CLEAR Charter, Douglas Otis
Next by Date:  [ietf-clear] No callbacks, please, was Re. CLEAR Charter, James Couzens
Previous by Thread:  [ietf-clear] No callbacks, please, was Re. CLEAR Charter, James Couzens
Next by Thread:  [ietf-clear] No callbacks, please, was Re. CLEAR Charter, Tony Finch
Indexes:  [Date] [Thread] [Top] [All Lists]