[e2e] was Re: A message to authors - nsdi
mallman at icir.org
Mon Jan 28 09:15:27 PST 2008
[chiming in late]
> An underlying problem is how to separate legitimate senders from other
> senders. For legitimate senders, you could allow such an ACK service
> to be used (or better yet, apply different spam rules); but the
> traditional way of recognizing legitimate senders by their email
> address isn't foolproof since the from address can easily be
> forged. So a better way of doing end2end "authentication" (without
> using heavyweight key exchange & signing) could help.
Just to flog something, we sketch a system in the following paper
whereby key exchange and usage is used, but abstracted away from the
user by considering some activity to be a proxy for key management.
E.g., if an email is signed by some public key then a user replying to
that message indicates---with high probability---that future emails
signed by the same key are likely legit and so perhaps should not be
subjected to spam filtering.
Mark Allman, Christian Kreibich, Vern Paxson, Robin Sommer,
Nicholas Weaver. The Strengths of Weaker Identities:
Opportunistic Personas. USENIX Workshop on Hot Topics in
Security (HotSec), August 2007.
Mark Allman -- ICSI -- http://www.icir.org/mallman/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 185 bytes
Desc: not available
Url : http://mailman.postel.org/pipermail/end2end-interest/attachments/20080128/3d07a485/attachment.bin
More information about the end2end-interest