ietf
[Top] [All Lists]

Re: namedroppers, continued

2002-12-06 15:40:24
In message 
<5(_dot_)2(_dot_)0(_dot_)9(_dot_)2(_dot_)20021206132845(_dot_)01b56f88(_at_)mira-sjcm-4(_dot_)cisco(_dot_)com>,
 Fred Bake
r writes:
At 08:28 AM 12/2/2002 -0800, Hallam-Baker, Phillip wrote:
The only way to resolve this issue properly would be to require every
submission to an IETF mailing list to be cryptographically signed (PGP
or S/MIME), to require the subscribers to register their signing key and
to then filter the mail sent out on the list so that only signed mail
gets through.

I would be in favor of that, personally, as long as we can ensure that the 
appropriate signature facility (be it RSA, PGP, or whatever) is freely 
available to all who need to use it. The issue here is not us corporate 
types who have a business reason to buy the software, it is the students 
who often lack the funds. The big issue would be the procedures for posting 
one's key to the appropriate place - what is to stop a spammer from posting 
a key and sending the spam anyway? I'm not proposing a mechanism, but 
someone who is good at such things might well find it of value.

Well, it's also the availability of the right signature facility in the 
myriad email clients people use.

I think it was Steve Bellovin that suggested a procedure for reducing the 
utility of spoofing source addresses in emails; if not, it was me and I 
happened to suggest something his favorite algorithm fit into, by having a 
host in each mail domain (mailid.example.com) be able to assert that its 
domain had or had not sent an email within a given recent  time period 
whose MD5 hash, when divided by <vector of prime numbers> resulted in 
<vector of remainders>. I could write that up in an internet draft if folks 
think it makes sense. That would be a more global procedure that didn't 
require a PKI and only addressed spoofed addresses. 

Wasn't me...

                --Steve Bellovin, http://www.research.att.com/~smb (me)
                http://www.wilyhacker.com ("Firewalls" book)




<Prev in Thread] Current Thread [Next in Thread>