ietf-mxcomp
[Top] [All Lists]

Re: I-D ACTION:draft-leibzon-responsible-submitter-00.txt (fwd)

2004-10-10 09:52:04

I don't have any conflict of interest issues, in fact, my involvement
has been 100% strictly on the technical merits as well as possible
legal and social implications of the proposals.  So would it be safe
for me to discuss client domain issues and how it relates to
SUBMITTER without getting accused of being rude or emotional?
The fact is I did have some comments, but when you have others
scrutinizing people's input, publicly ostracizing them, why should
one even bother?

There are four key issues with SUBMITTER:

1) Potential legal user privacy issues with the exposure of user addresses.

It would be a major mistake for SMTP developers to open this Pandora Box
when there is no technical reason to do so.  See #2

2) Since this is a domain-level authentication scheme, only the domain is
required to be exposed. Not the full address.  This will solved #1.

Note: The other possible solution is to use a responsible "postmaster"
address to avoid the exposure of user's account addresses that was
not introduced by the legitimate user himself.

3) Responsible domains must change at transition points where the
original domain is no longer responsible.

This is a real possibility during deployment where there will be a
high degree of heterogeneous systems.  We have seen it in practice
where companies "explore" new advanced SMTP systems with new
AVS concepts within their existing set or mix of SMTP software.

If it was not addressed it needs to be added to the specs. If it was
implied in the spec, it needs clarification.

4) Finally, to support SUBMITTER, any client machine domain authentication
can not be violated.

This (#4) was pretty much what Doug is pointing out.  The IP must be secured
if SUBMITTER is used, hence the machine domain and IP must be secured as
well.  In fact, in my own AVS scheme, this sort of mix policy conflict is a
trigger
for rejection.

Hope this helps

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com




----- Original Message -----
From: "Alan DeKok" <aland(_at_)ox(_dot_)org>
To: <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Sunday, October 10, 2004 9:18 AM
Subject: Re: I-D ACTION:draft-leibzon-responsible-submitter-00.txt (fwd)



Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
The means to the same end was what I considered important in that this
is stating a means to the same goal and my comments are directed to what
I see as serious defects that can be mended.  You seem to have
abstracted something sinister in these comments.

  Everyone knows you prefer EHLO checking, and why.  If you see flaws
in a proposal, then it would be preferred to discuss those flaws, and
only those flaws, in any thread centered around that proposal.  Any
reference to another method would be best left to one sentence, and a
reference URL to an I-D proposal.

  When a thread is about topic X, and you spend a significant part of
a message talking about topic Y, others can view that as trying to
change the topic of conversation.  Changing topics in the middle of a
thread usually warrants a change of subject line.

I think being stubborn would be a way of describing both views it
would seem.

  I have seen people on this list discuss EHLO checking in threads
with you.  Other threads you join (like this one), which are on other
topics, often end in discussing EHLO checks, with the same subject
line.  This can be viewed as thread hijacking.

 Ignoring the problems does not make them disappear however.

  Accusing others of ignoring a problem because they don't like thread
hijacking is missing the point.

  If a proposal has flaws, then the proof of those flaws doesn't need
to include discussions of EHLO checking.  Leave it out of the
discussion, spend time talking about the flaws, and you're less likely
to get accused of having sinister intent.

  Alan DeKok.