ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: We need an architecture, not finger pointing.

2015-10-27 13:17:37
from [Christian Huitema] [Permanent Link] 
On Monday, October 26, 2015 9:44 PM, Brian E Carpenter wrote: 

...

Architecturally, we need to validate that phill(_at_)hallambaker(_dot_)com is 
the
genuine sender even after the message has been relayed. DMARC doesn't do
that in its present form.


Actually we need to validate two assertions:

* That the mail came from the stated author, e.g. PHB.
* That the mail was relayed by the IETF mailing list.

Identity checks matter. Lots of the discussion focused on SPAM, but the "acute 
problem of the day" is actually phishing, and specifically forging a mail that 
appears to come from someone you trust, to entice you to open a document or 
visit a URL that you should not. That's a pretty common step in the chain of 
events that leads to another "42 million user accounts compromised in a 
breach." 

-- Christian Huitema
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Incremental hacks and letting abusers control the agenda (was: Re: Google threatens to break Gmail), John C Klensin
Next by Date:  Gen-art LC review: draft-ietf-isis-route-preference-02, Robert Sparks
Previous by Thread:  Re: We need an architecture, not finger pointing., l.wood
Next by Thread:  RE: We need an architecture, not finger pointing., John R Levine
Indexes:  [Date] [Thread] [Top] [All Lists]