ietf
[Top] [All Lists]

Re: spoofing email addresses

2004-05-28 09:56:03

Paul,

  MARID was formed to merge Microsoft Caller-ID with SPF and so far has
been successfully used by Microsoft to bully us to submit to their own
proposal or else ... There are better ways to implement mail-from (i.e.
as from Paul's draft which is basicly still the basis for MARID) which 
would not require reusing TXT records, nor is it totally clear that
Mail-from is what we actually need to protect, it is being done under 
pretese of anti-spam measures but the reality shows that it will most 
likely have minimum effect as its far too easy for spammers to adapt to
it anyway. There are however good reasons to have MARID as IETF WG anyway
and hopefully the worst ideas implementation details can be stopped and 
new ideas discussed in the future if the group is extended.
  Yahoo is different proposal which has nothing to do with MARID and is
being discussed at the ASRG. It is basicly a header containing a signature
added to mail message that signs the content (including headers) with 
public key encryption and with public key available in DNS to verify the 
signature at the other end. The idea is not new and its a good idea, but 
yahoo's implementation is just bad and I think it breaks far too many 
things (it breaks with almost all maillists) and offers security that is 
too weak because its based on 348-bit key size. It should have been done 
different by reusing most likely PGP implementation but with message 
signed by MTAs and public key available through dns and if necessary 
being split into multiple dns records to have each at < 512k.

On Thu, 27 May 2004, Paul Vixie wrote:

... <HREF="http://sa.vix.com/~vixie/mailfrom.txt";>MAIL-FROM</A>.

    I do not see a draft in the ietf process anyplace .  Was this
    ever submitted ?  I do notice that several of the other
    proposal's make mention of this work ,  But in none of them do
    they mention it as a draft or other ietf work .  

there was no working group where it was appropriate at the time it was
written.  i've sent it to every one of the dozen people who have asked
me to review some similar, and usually ill considered thing.  i've also
sent it to several spam-related and dns-related mailing lists, including
this one (ietf@).

      Any plans to submit it as a draft .  Tia ,  JimL

MARID is basically a layer 9 exercise, uninterested in engineering as
such.  it was formed to merge two ill considered ideas, one from yahoo
and one from microsoft, in a way that would cause either no loss of face,
or equal loss of face, for those two parties.  the people who submit
their own ideas to it are wasting their time.

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf


<Prev in Thread] Current Thread [Next in Thread>