headers
Eric A. Hall | 1 Jun 2004 19:37

comments on draft-delany-domainkeys-base-00.txt


These comments on draft-delany-domainkeys-base-00.txt are mostly in
regards to architecture. ASRG and MARID are being copied as courtesy since
the proposal and this review touches on portions relevant to their work.

In general, I think that DK is a good start to a technology that I myself
have advocated ([1]) -- that signing mail from a domain instead of a user
is good enough to combat most forgeries, and that domain-wide signatures
are easy enough to implement that this approach can be successful. I also
think DK makes several mistakes in pursuit of the core objective. It's
certainly worth continued development effort, but I don't think it's worth
implementing in its current form.

1] DK suffers the same flaw as S/MIME and PGP, in that "unsigned" mail is
treated as normal, while "signed" is specially flagged. Until mailers bark
when unsigned mail arrives, then the default world view will be that
unsigned mail is the norm. The whole idea of doing domain-wide sigs is
that its easier to sign everything; using that model when its still
treated as exception doesn't make sense. Furthermore, the architecture of
storing sigs where they can be easily fetched doesn't seem to matter a
whole lot if the default is unsigned as normal.

Implementations of DK should be required to validate all incoming mail
against public signature data and flag the exceptions accordingly. If DK
is going to only verify presented signatures, then I suggest that it
doesn't really offer anything over S/MIME or PGP except for administrative
convenience (at the cost of significantly weaker sigs), and if that's the
goal then it belongs in some forum other than ASRG and/or MARID.

2] The best thing about current sig/cert models is that they carry along
(Continue reading)

Permalink | Reply | 0 comments |
headers
william(at)elan.net | 1 Jun 2004 19:58

comments on draft-delany-domainkeys-base-00.txt (fwd message by Eric Hall)

FYI - comments on domain keys

---------- Forwarded message ----------
Date: Tue, 01 Jun 2004 12:37:53 -0500
From: Eric A. Hall <ehall <at> ehsco.com>
To: domainkeys-feedbackbase00 <at> yahoo.com
Cc: asrg <at> ietf.org, ietf-mxcomp <at> imc.org
Subject: comments on draft-delany-domainkeys-base-00.txt

These comments on draft-delany-domainkeys-base-00.txt are mostly in
regards to architecture. ASRG and MARID are being copied as courtesy since
the proposal and this review touches on portions relevant to their work.

In general, I think that DK is a good start to a technology that I myself
have advocated ([1]) -- that signing mail from a domain instead of a user
is good enough to combat most forgeries, and that domain-wide signatures
are easy enough to implement that this approach can be successful. I also
think DK makes several mistakes in pursuit of the core objective. It's
certainly worth continued development effort, but I don't think it's worth
implementing in its current form.

1] DK suffers the same flaw as S/MIME and PGP, in that "unsigned" mail is
treated as normal, while "signed" is specially flagged. Until mailers bark
when unsigned mail arrives, then the default world view will be that
unsigned mail is the norm. The whole idea of doing domain-wide sigs is
that its easier to sign everything; using that model when its still
treated as exception doesn't make sense. Furthermore, the architecture of
storing sigs where they can be easily fetched doesn't seem to matter a
whole lot if the default is unsigned as normal.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Barry Shein | 2 Jun 2004 00:58
Picon
Picon
Favicon

RE: 0: General Spammer sentenced to 7 years in prison


On May 29, 2004 at 19:29 william <at> elan.net (william(at)elan.net) wrote:
 > I agree. Although I suspect that most hard core spammers will move overseas.
 > They likely already keep most money in offshore accounts.

Moving overseas provides questionable protection these days, unless
you're really willing to move to some total anarchy or have enough
money to afford an off-shore haven which I doubt these dirtbags can
afford, that costs millions, those guys won't protect you out of
principle.

But, more importantly, to spam e.g. Americans, there has to be a
product to spam.

And hiring someone to do something illegal is illegal.

So, they can move, perhaps, but when their customers start getting hit
with arrest warrants their business is going to dry up.

Also, I remember when the junk fax laws began taking effect. Junk
faxes may still exist, but they quickly dropped by about 98%.

I think most of these two-bit sociopaths will work in the grey areas,
but once the heat is turned up they'll go find some other outlet for
their mental illness like kidnapping people's pets and selling them to
medical labs.

Remember that Spamford Wallace became a spammer because the junk fax
laws made him close up his former junk fax biz, probably for both
reasons (customers dried up and the prospect of legal troubles wasn't
(Continue reading)

Permalink | Reply | 0 comments |
headers
Hallam-Baker, Phillip | 2 Jun 2004 01:33
Picon
Favicon

RE: 0: General Spammer sentenced to 7 years in prison


> Moving overseas provides questionable protection these days, unless
> you're really willing to move to some total anarchy or have enough
> money to afford an off-shore haven which I doubt these dirtbags can
> afford, that costs millions, those guys won't protect you out of
> principle.

> Also, I remember when the junk fax laws began taking effect. Junk
> faxes may still exist, but they quickly dropped by about 98%.

Law certainly discourages new entrants. Even though canspam does
not actually make spam illegal, it means that the number of people
giving it a try as an easy way to make money has dropped sharply.
The media is no longer pumping out stories that spam is an easy
way to make a killing like they were in 2001.

I doubt many criminal spammers will move offshore. Spam is usually
only one crime these guys are into. One well known notorious 
spammer is a small time drug dealer and money lauderer who runs
a girlie bar. During the dotcom boom he moved into online porn,
then when that market saturated and crashed he turned to spam 
as a way to keep people comming to his web site.

This guy is not going to move offshore to run his spam business
just because it is illegal. He is a hard core criminal.

Moving offshore has a huge cost for him, he would loose the
income from his strip club, the remaining parts of the porn site 
business. If as seems likely he is still involved in bigger
criminal activities he would loose out his share of those.
(Continue reading)

Permalink | Reply | 3 comments |
headers
william(at)elan.net | 2 Jun 2004 02:33

Re: comments on draft-delany-domainkeys-base-00.txt (fwd message by Eric Hall)


Sorry about last forwarded/duplicate message, it was supposed to be forwarded to 
different mail list...

--

-- 
William Leibzon
Elan Networks
william <at> elan.net
Permalink | Reply | 0 comments |
headers
Bob Atkinson | 2 Jun 2004 22:56
Picon

E-mail Postmarks

Over the last several months, indeed, since somewhat well before last
Christmas, if my memory serves, there has in these and other circles
been floating general discussions concerning the use of digital
signatures on e-mail for accomplishing purposes *other* than the
traditional mail-author-signs-mail mechanism found today in systems like
S/MIME and PGP.

>From what I can tell from these discussions, there appears to be at
least a moderate degree of consensus that some sort of signature-based
scheme along these lines might be useful in helping to deter spam
(though whether the increase in deterrence is worth the cost of the
effort still seems open to debate). However, there is some significant
divergence of opinion as to how to best go about achieving that end.

Specifically, in this divergence there seem to be those who would like
to digitally sign the literal entire bytes of (a suffix of) an RFC2822
message body, and those (myself included) who quite strongly believe
that such an approach is so fragile so as to ultimately be of quite
little value.

But the core of the idea seems to me at least to be well worthy of
continued investigation and discussion. To that end, trying to be
constructive by painting a picture of how best I think this could
actually be made to work, on

	http://www.lessspam.org/EmailPostmarks.pdf

can be found a first, preliminary draft for discussion of an approach to
non-user-level signing of e-mail that supports the ability to affix
domain-related or other signed information to a message while taking
(Continue reading)

Permalink | Reply | 2 comments |
headers
william(at)elan.net | 3 Jun 2004 12:11

Re: E-mail Postmarks


> 	http://www.lessspam.org/EmailPostmarks.pdf

Well this is extremely unusual for me to say when it concerns document by 
Microsoft, but I like concept implementation in this draft better then 
what is in Yahoo Domain Keys draft (I note that concept is basicly the 
same), this is what I was expecting from them...

I do have certain questions now (and additional comments):
1. I did not quite understand what would happen if message is already 
S/MIME with user signature. Am I correct in understanding that additional
signature would be added to be part of multipart/signed mime structure?
Can you describe that that would be done if:
 a. The message data is contained within SignedData?
    (the above would also be the case if message itself is encrypted, right?)
 b. A S/MIME user signature is attached in SignedData?
    (using signerInfos part I suppose)

2. I hope the intent is that not only the originating server is to sign 
the message but that intermediate servers may choose to do it as well.
That means additional signatures would be added. Would this be done
by additing new mime part or by extending existing signature structure
and adding this new "signature" as part of certificate set?

3. There maybe cases when server wants to add additional data as part
of signature. I'm assuming that its expected that signedattributes and 
unsignedattributes are to be used? This can be orbitrary text, right?
Can we then extend it to allow data from certain headers to be added as 
part of this?
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jon Kyme | 3 Jun 2004 16:12

Re: E-mail Postmarks

Bob Atkinson:> Specifically, in this divergence there seem to be those who
would like
> to digitally sign the literal entire bytes of (a suffix of) an RFC2822
> message body, and those (myself included) who quite strongly believe
> that such an approach is so fragile so as to ultimately be of quite
> little value.
> 

Do you have any figures for what proportion of messages have their bodies
mutilated passing through SMTP relays? Or is *some*, however few, too many
for you?
Permalink | Reply | 0 comments |
headers
Bob Atkinson | 3 Jun 2004 22:26
Picon

RE: E-mail Postmarks

If one tried to do anything new in email without breaking anyone, you'd
do nothing new.

In this particular case, there are hundreds of thousands of servers that
I myself know about that are in this camp; there's also a few big sites
that account for a substantial volume of mail flow.

> -----Original Message-----
> From: asrg-bounces <at> ietf.org [mailto:asrg-bounces <at> ietf.org] On Behalf
Of Jon
> Kyme
> Sent: Thursday, June 03, 2004 7:13 AM
> To: ASRG
> Subject: Re: [Asrg] E-mail Postmarks
> 
> Bob Atkinson:> Specifically, in this divergence there seem to be those
who
> would like
> > to digitally sign the literal entire bytes of (a suffix of) an
RFC2822
> > message body, and those (myself included) who quite strongly believe
> > that such an approach is so fragile so as to ultimately be of quite
> > little value.
> >
> 
> Do you have any figures for what proportion of messages have their
bodies
> mutilated passing through SMTP relays? Or is *some*, however few, too
many
> for you?
(Continue reading)

Permalink | Reply | 1 comment |
headers
Bob Atkinson | 3 Jun 2004 22:51
Picon

RE: E-mail Postmarks

> 1. I did not quite understand what would happen if message is already
> S/MIME with user signature. Am I correct in understanding that
additional
> signature would be added to be part of multipart/signed mime
structure?

Yes. The SignerInfo of the postmark is in the SignedData (which is in
the 2nd body part of the multipart/signed), just in a different location
that then user level signatures.

> Can you describe that that would be done if:
>  a. The message data is contained within SignedData?

The same; in fact, from one point of view, the data signed is ALWAYS
inside the SignedData; the only difference in different formulation
being sometimes that data is the message data itself, whereas in others
(the multipart/signed case) it's a hash of that data.

>     (the above would also be the case if message itself is encrypted,
> right?)
>  b. A S/MIME user signature is attached in SignedData?
>     (using signerInfos part I suppose)
> 
> 2. I hope the intent is that not only the originating server is to
sign
> the message but that intermediate servers may choose to do it as well.
> That means additional signatures would be added. Would this be done
> by additing new mime part or by extending existing signature structure
> and adding this new "signature" as part of certificate set?
(Continue reading)

Permalink | Reply | 1 comment |

Gmane