IPP Mail Archive: RE: IPP> How to prevent spam in email noti

IPP Mail Archive: RE: IPP> How to prevent spam in email noti

RE: IPP> How to prevent spam in email notifications?

From: Carl-Uno Manros (carl@manros.com)
Date: Thu May 04 2000 - 00:58:50 EDT

  • Next message: henrik.holst@i-data.com: "Re: IPP> How to prevent spam in email notifications?"

    Paul,

    Nobody is going to do that job for us. We have to list the possible threats
    and then describe how we created a design which can protect against those
    threats if not in perfect, but at least a reasonably good way. I have only
    tried to sound out our Area Director how far he thinks we need to go.

    The threats for email in general are pretty well known: denial of service by
    overloading mailboxes or the network itself I would expect to be the most
    important ones for us. People are less likely to learn much by intercepting
    and reading notification messages, at least in the scenarios that we think
    about.

    Due to the fact that email DLs are commonly used, a bad guy can flood the
    network by subscribing to relatively frequent events with notifications in
    the form of email messages by asking to have notifications sent to a big DL.

    If there weren't any bad guys, security would be a lot easier, then we would
    only have to guard against normal human stupidy, which can be bad enough.

    Please I don't want to make this into a fight, I only want to have a good
    feeling about our drafts "sailing through the IESG quickly :-)", once we in
    the WG consider them done.

    Carl-Uno

    > -----Original Message-----
    > From: Paul Moore [mailto:pmoore@peerless.com]
    > Sent: Wednesday, May 03, 2000 9:45 AM
    > To: Carl-Uno Manros
    > Cc: ned.freed; Carl-Uno Manros; ipp
    > Subject: RE: IPP> How to prevent spam in email notifications?
    >
    >
    > I dont beleive I have a simplistic view - I am merely asking you
    > to be specific.
    > Saying 'spamming' is like say we must protect ourselves against
    > 'hacking', the
    > term is vague and overloaded. In our prior security discussion we
    > explicitly
    > state the threats and our counter measures. All I am asking for
    > is for somebody
    > to explicitly and precisely specify the threat that we are trying
    > to address -
    > then we can design a solution
    >
    >
    >



    This archive was generated by hypermail 2b29 : Thu May 04 2000 - 01:05:41 EDT