[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft Charter

To: "IETF MXCOMP" <ietf-mxcomp@xxxxxxx>
Subject: Re: Draft Charter
From: wayne <wayne@xxxxxxxxxxxxx>
Date: Tue, 16 Mar 2004 20:58:40 -0600
In-reply-to: <> (Phillip Hallam-Baker's message of "Tue, 16 Mar 2004 13:36:20 -0800")
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through Obscurity, linux)

In <C6DDA43B91BFDA49AA2F1E473732113E0A19D6@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx> writes:

>> I think that it is very important to be able to create a system that
>> is useful both during them SMTP session, and after.  A system that,
>> for example, requires a challenge-response during the SMTP session
> [...]
>
> As for challenge-response, I think that is now so discredited that 
> there is no way anything could happen in three months.

When I mentioned "challenge-response", I meant the very general term
as in CRAM, and not the common "challenge emails that require 'proof'
of a human".  There have been suggestions of adding a C-R system to
the SMTP session to augment the TCP sequence numbers in authenticating
the IP address.  If any proposal *required* this, it might rule out
the use in an MUA.

Now, I don't claim to be a universal security expert, let alone
someone who helps set industry wide definitions of terms.  So, maybe
my use of C-R is wrong, or maybe you really mean that things like CRAM
have been discredited.  If either of these are the case, please let me
know.

>> Is this a valid requirement for the charter?  All the references to
>> "MTA" in the charter kind of makes it sound like being able to work in
>> the MUA is not important.
>
> I think the references bind to the originating MTA. I don't think the 
> recieving MTA is referenced as the focus of the work.

There are mentions of "peer MTAs" and "recipient MTAs" in the charter
text. 

>> Should this be a requirement for the charter also?  Or, should we
>> leave it up in the air?
>
> The charter describes only the scope of the work, not the requirements
> for the work. So it is good as written 

I have not been seriously involved in IETF work groups before, but I
was under the impression that requirement documents in the charter
were not unheard off.  (And, yes, I have read the "Tao of IETF" and
the WG RFC and such to try to get up to speed.)

-wayne

References:
- RE: Draft Charter
  - From: Hallam-Baker, Phillip

Prev by Date: RE: Draft Charter
Next by Date: Re: On the interpretation question.
Previous by thread: RE: Draft Charter
Next by thread: RE: Draft Charter
Index(es):
- Date
- Thread