ietf-mxcomp
[Top] [All Lists]

Re: sender vs author, channel vs object, designated sender vs crypto signatures

2004-03-18 18:38:06

On Thu, Mar 18, 2004 at 09:38:49AM -0800, Dave Crocker wrote:
| MWW> 1) I believe that it is important to protect the RFC2821 MAIL FROM from
| MWW>    illegitimate spoofing, independent of the RFC2822 header From:.
| 
| That phrasing sounds like an assertion that we can have productive
| discussion about.

Thanks for your comments Dave, I'm glad we can agree on this.

| MWW> 3) I believe that it is also important to protect the RFC2822 header 
From:
| MWW>    from illegitimate spoofing, independent of the RFC2821 MAIL FROM.
| 
| Hard to argue with that view.  (Although, of course, a community like
| this can argue about anything...)

(For people who were not at the BOF, widespread outbreaks of agreement
like this are now called the Dave Crocker Lovefest Effect. :)

I wanted to focus on these two items because they are facts that exist
in the field; we can have endless debates about different identity roles
but the fact is there is RFC2821 MAIL FROM and there are RFC2822 From:
and Sender: and Resent-From and Resent-Sender so let's see what we can
do with that.  The former is read more by machines than users; the
second is read more by users than machines.

http://www.ietf.org/internet-drafts/draft-irtf-asrg-lmap-discussion-00.txt
section 2.1 identiifies four types of forgeries.  I associate
phishing-spam with 2822 forgery, designed to fool humans.  I associate
joe-jobs with 2821 forgery, designed to fool machines.

(I believe MTAs whitelist on the basis of 2821 FROM, MUAs whitelist on
the basis of 2822 From:.)

| MWW> 2) I believe that the most appropriate way to do so is with a designated
| MWW>    sender scheme.
| 
| When the working group starts debating particular schemes for achieving
| the desired authentication (and maybe authorization) we can pursue of
| this scheme, and others, further.

Does anybody not agree that designated sender is the best way to combat
RFC2821 MAIL FROM forgery?  Show of hands please ...

Does anybody not agree that crypto is the best way to combat RFC2822
header From: forgery?

By "best" I mean "best combination of timely, deployable, implementable,
gaming-proof, long-term effective, deterministic, and politically
palatable".

If we have rough consensus on the above two points, then I propose that
we proceed to the question of whether designated sender can be
appropriate for attacking RFC2822 forgery in certain circumstances.


<Prev in Thread] Current Thread [Next in Thread>