Re: namedroppers, continued
2002-12-06 15:40:24
In message
<5(_dot_)2(_dot_)0(_dot_)9(_dot_)2(_dot_)20021206132845(_dot_)01b56f88(_at_)mira-sjcm-4(_dot_)cisco(_dot_)com>,
Fred Bake
r writes:
At 08:28 AM 12/2/2002 -0800, Hallam-Baker, Phillip wrote:
The only way to resolve this issue properly would be to require every
submission to an IETF mailing list to be cryptographically signed (PGP
or S/MIME), to require the subscribers to register their signing key and
to then filter the mail sent out on the list so that only signed mail
gets through.
I would be in favor of that, personally, as long as we can ensure that the
appropriate signature facility (be it RSA, PGP, or whatever) is freely
available to all who need to use it. The issue here is not us corporate
types who have a business reason to buy the software, it is the students
who often lack the funds. The big issue would be the procedures for posting
one's key to the appropriate place - what is to stop a spammer from posting
a key and sending the spam anyway? I'm not proposing a mechanism, but
someone who is good at such things might well find it of value.
Well, it's also the availability of the right signature facility in the
myriad email clients people use.
I think it was Steve Bellovin that suggested a procedure for reducing the
utility of spoofing source addresses in emails; if not, it was me and I
happened to suggest something his favorite algorithm fit into, by having a
host in each mail domain (mailid.example.com) be able to assert that its
domain had or had not sent an email within a given recent time period
whose MD5 hash, when divided by <vector of prime numbers> resulted in
<vector of remainders>. I could write that up in an internet draft if folks
think it makes sense. That would be a more global procedure that didn't
require a PKI and only addressed spoofed addresses.
Wasn't me...
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
Re: namedroppers, continued, Paul Vixie
RE: namedroppers, continued, Dean Anderson
Re: namedroppers, continued,
Steven M. Bellovin <=
RE: namedroppers, continued, Hallam-Baker, Phillip
RE: namedroppers, continued, Ayyasamy, Senthilkumar (UMKC-Student)
- Re: namedroppers, continued, Valdis . Kletnieks
- Re: namedroppers, continued, Vernon Schryver
- Re: namedroppers, continued, Valdis . Kletnieks
- Re: namedroppers, continued, Vernon Schryver
- Re: namedroppers, continued, Bill Cunningham
- Re: namedroppers, continued, Valdis . Kletnieks
|
|
|