Re: Why we don't require requirements



On Fri, 1 Oct 2004, wayne wrote:


In 
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0410011107210(_dot_)684-100000(_at_)sokol(_dot_)elan(_dot_)net>
 "william(at)elan.net" <william(_at_)elan(_dot_)net> writes:

On 1 Oct 2004, John Levine wrote:

and (debatably)
doesn't have to survive all of the mangling that might happen to
messages as they pass through mailing lists and the like.

This I STRONGLY SGRONGLY disagree. The system MUST be able to work
within current email infrastructure and not break it. That means
the signature must survive emails and forwarders and all other common
email retransmision systems.


Isn't this kind of a fundemental catch-22?

If you allow someone to send from their Yahoo account to a mailing
list, allow the mailing list to add their garbage onto the end, and
still have the message verified, what is stopping a spammer from
creating a "mailing list" with all 50million "verified opt-in email
accounts" that adds their spam on the end?


If somebody sends signed email to email list, its true that same email can 
potentially be reused by somebody else who can add "unsigned" content. But 
we should probably recognize that if added text is a lot bigger then 
original, then email should not be considered validated or develop 
potential in MUAs (more advanced mode perhaps for those users who care)
that can display which part has signature and which does not. Also 
potential for reusing such email is small if you include original date
and message id as part of the signature.

If a spammer can send a single email from their throw-away Yahoo
account to their "mailing list" and still have it blesses as coming
from Yahoo, what good is it.

I think you missed the point. If they send email from their yahoo account
account, its going to be valided as having come from that particular yahoo 
account, it does not say it really is from yahoo corporate, etc.

If you lock down the signature system tight enough that spammers can't
abuse it, then it will break mailing lists.

I disagree. I think it can be both tight and allow for validation of 
content end-end and not just hop-hop (which we can already do with TLS).

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Why we don't require requirements, (continued) Re: Why we don't require requirements, william(at)elan.net Re: Why we don't require requirements, domainkeys-feedbackbase01 Re: Why we don't require requirements, Andrew Newton Re: Why we don't require requirements, James M Galvin Re: Why we don't require requirements, John Levine Re: Why we don't require requirements, James M Galvin Re: Why we don't require requirements, Tony Finch Re: Why we don't require requirements, James M Galvin Re: Why we don't require requirements, william(at)elan.net Re: Why we don't require requirements, wayne Re: Why we don't require requirements, william(at)elan.net <= Re: Why we really don't require requirements, John Levine Re: Why we really don't require requirements, Andrew Newton Re: Why we really don't require requirements, ned . freed Re: Why we really don't require requirements, John Levine Re: Why we really don't require requirements, ned . freed Re: Why we really don't require requirements, Jim Fenton Re: Why we really don't require requirements, James M Galvin Re: Why we really don't require requirements, George Gross Re: Why we really don't require requirements, John Levine Re: Why we really don't require requirements, william(at)elan.net

Previous by Date:	Re: Why we don't require requirements, wayne
Next by Date:	Re: Why we don't require requirements, Tony Finch
Previous by Thread:	Re: Why we don't require requirements, wayne
Next by Thread:	Re: Why we really don't require requirements, John Levine
Indexes:	[Date] [Thread] [Top] [All Lists]