Paul,
Nobody is going to do that job for us. We have to list the possible threats
and then describe how we created a design which can protect against those
threats if not in perfect, but at least a reasonably good way. I have only
tried to sound out our Area Director how far he thinks we need to go.
The threats for email in general are pretty well known: denial of service by
overloading mailboxes or the network itself I would expect to be the most
important ones for us. People are less likely to learn much by intercepting
and reading notification messages, at least in the scenarios that we think
about.
Due to the fact that email DLs are commonly used, a bad guy can flood the
network by subscribing to relatively frequent events with notifications in
the form of email messages by asking to have notifications sent to a big DL.
If there weren't any bad guys, security would be a lot easier, then we would
only have to guard against normal human stupidy, which can be bad enough.
Please I don't want to make this into a fight, I only want to have a good
feeling about our drafts "sailing through the IESG quickly :-)", once we in
the WG consider them done.
Carl-Uno
> -----Original Message-----
> From: Paul Moore [mailto:pmoore at peerless.com]
> Sent: Wednesday, May 03, 2000 9:45 AM
> To: Carl-Uno Manros
> Cc: ned.freed; Carl-Uno Manros; ipp
> Subject: RE: IPP> How to prevent spam in email notifications?
>>> I dont beleive I have a simplistic view - I am merely asking you
> to be specific.
> Saying 'spamming' is like say we must protect ourselves against
> 'hacking', the
> term is vague and overloaded. In our prior security discussion we
> explicitly
> state the threats and our counter measures. All I am asking for
> is for somebody
> to explicitly and precisely specify the threat that we are trying
> to address -
> then we can design a solution
>>>