[ietf-clear] No callbacks, please, was Re. CLEAR Charter

On Sun, 2004-10-03 at 20:49, Douglas Otis wrote:
> On Sun, 2004-10-03 at 20:01, John Levine wrote:
> > > If BATV uses a public scheme, presumably there is at least a DNS 
> > > query per message, to get the key.
> Per unique domain, assuming this information is cached locally. 
Further assuming that the TTL's are high.  Even further as John L.
placed at the bottom of his last message, what if I decide to spoof
messages?  I can send you 10,000 messages using fake sig's with 10,000
differing domain names and cause all kinds of havok.

Its far better to setup something that involves a call back PER message
because then structure is in place to DEAL with such an event especially
given its (current) frequency of use.  Since most if not all "real" mail
servers (not to discount those running vanity domains on @home
connections, but ...) are running many times more CPU capacity and
network bandwidth capacity than is really necessary to get the job
done.  This is because you just have to.  

If we are going to go through all of this effort we might as well go all
the way.  Why half ass it?  There already exists sufficient horsepower
to withstand attacks abusing a callback based system, and the benefits
had through its employment (severely reduced spam volume) could be
easily shifted to provide an adequate buffer zone should any abuse of
the system occur, and I state again that this abuse would be tolerable
especially with a well designed system as I believe SES is well on its
way to being.  And even outside of SES, we IMHO we must be deploying a
callback based system if we really want to get the job done here.  No
more band-aids!

> > Per domain rather than per mailbox or per-message.  I think that's
> > significant.  It's also DNS which is known to perform adequately for
> > per-domain data, rather than some yet-to-be invented per-mailbox
> > protocol which, according to recent messages, is simultaneously UDP to
> > be very lightweight, and TCP to be more reliable.
> That sounds reasonable.
There are benefits to be had through per mailbox validation, and the
cost increase really is negligible.  I think that when looked at overall
with caching in mind it would balance out and not prove to be that much
more expensive than per domain lookups, which themselves could prove to
be just as expensive given short TTL's or abuse.

> Reference provided by John Glube
> http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200410/0012.html
>
> PDF of Seth Goodman's proposal.  There does not seem to be an IETF ID on
> this.
> http://ses.codeshare.ca/files/ses_proposal.pdf
We're working on it.  I would like to state that particular draft is a
tad out of date and we're working to get an updated on which reflects
the most recent discussions had on the SES mailing list.

> > PS: If bad guys put fake DK signatures on their spam with random
> > fake selectors, we're back to a per-message DDOS.  Hmmn.
> This is why CSV remains important.
Yes!

Cheers,

James

-- 
James Couzens,
Programmer
                                                     ( ( (      
      ((__))         __\|/__        __|-|__        '. ___ .'    
       (00)           (o o)          (0~0)        '  (> <) '    
---nn-(o__o)-nn---ooO--(_)--Ooo--ooO--(_)--Ooo---ooO--(_)--Ooo---
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7A7C7DCF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : 
http://mipassoc.org/pipermail/ietf-clear/attachments/20041003/f72a9773/attachment-0001.bin