ietf-clear
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-clear] No callbacks, please, was Re. CLEAR Charter

2004-10-03 22:54:56
from [John Glube] [Permanent Link] 
From: John Levine Sent: October 3, 2004 11:01 PM
||If BATV uses a public scheme, presumably there is at least
||a DNS query per message, to get the key.
||
||Although this query would not go directly back to the
||'caller' and, therefore, is not strictly a call-back
||scheme, it does impose a per-message, receive-time,
||cross-net exchange.

|The public schemes I've seen proposed use per-domain keys,
|not per mailbox keys.  If a random Russion site gets a
|10,000 spams with forged abuse.net addresses, which they do
|all the time, I'd much rather they do one lookup for a
|per-domain key and cache it than 10,000 lookups for 10,000
|fake return addresses.

||In terms of transaction costs, how would this differ from
||what SES is proposing?

|Per domain rather than per mailbox or per-message.  I think
|that's significant.  It's also DNS which is known to
|perform adequately for per-domain data, rather than some
|yet-to-be invented per-mailbox protocol which, according to
|recent messages, is simultaneously UDP to be very
|lightweight, and TCP to be more reliable.

Bear with me. 

Would a signed envelope technology be more cost efficient of
resource usage, create less security risk of being abused
and cause less disruption of existing systems, if the
approach in essence was:

* The sender for external delivery outside the network must
offer a public key scheme for the domain as opposed to a
single signing secret for each mail box or message?

* The sender for external delivery outside the network may
offer a single signing secret for each mail box or message,
providing one can resolve the risk of denial of service
attacks through "joe jobs?"

* The sender for internal delivery within the network to
the gateway server must offer a single signing secret for
each mail box or message, so making the call back mandatory
within the network, providing one can resolve the potential
for disruption which can occur through internal "joe jobs,"
or is this either: (i) redundant; or (ii) not an efficient
security solution for cross domain, or mail box forgery
issues within a large network, prior to the message
reaching the "public" Internet?

Based on these questions, since BATV offers a framework,
with the ability to plug in a particular technology, is
there an analysis available to show which would be easier
for adoption, impose less overhead and allow for rejection
at the data stage using a public key: 

* a scheme involving "signing" the envelope; 

* a scheme involving "signing" the message; or 

* does it matter, in the sense of either "signing" the
envelope or the message is just as easy to adopt, imposes
the same overhead costs and allows for rejection at the
data stage.

I am asking to gain a fuller understanding.

Thank you for your patience.

John

John Glube
Toronto, Canada

The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.767 / Virus Database: 514 - Release Date: 21/09/2004
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-clear] No callbacks, please, was Re. CLEAR Charter, James Couzens
Next by Date:  [ietf-clear] more on no callbacks, please, Tony Finch
Previous by Thread:  [ietf-clear] No callbacks, please, was Re. CLEAR Charter, James Couzens
Next by Thread:  [ietf-clear] No callbacks, please, was Re. CLEAR Charter, Seth Goodman
Indexes:  [Date] [Thread] [Top] [All Lists]