Mailing List Archive

On Mon, Feb 23, 2004 at 11:02:48AM +0000, spf@anarres.org wrote:
> Let us assume that the SRS standard does not define the SRS format at all.
> Let us assume that SRS only defines a set of conventions to say what
> information can be discarded during multiple forwarding hops and a
> convention for letting hosts know whether or not they are a secondary hop.
>
> Somewhere between the specification and the implementation, an example
> protocol is also defined for implementing this discarding of information
> without introducing cryptographic or game-theoretical weaknesses.
>
> Now the = which is used by SRS _is_ this alternate separator.

I like where this is going :-)

So what's the minimum set of conventions we can define to get the
functionality required? In other words, what the current spec gives for
upgrading an srs0 address to srs1, and stripping srs1 back to srs0? I guess,

user@domain
-> srs0+opaque@domain2
-> srs1+domain2+opaque@domain3
-> srs1+domain2+opaque@domain4

It's obvious when you think about a database-driven solution: 'opaque' is
just the key into the database maintained by 'domain2'. If the key doesn't
exist in the database, it's invalid by definition. The density of keys is
kept low enough that guessing 'opaque' is unlikely to hit a valid key.

Any timestamp/crypto solution is just emulating a database where entries are
added when a message is sent, and removed after the timeout.

Regards,

Brian.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

On Mon, 23 Feb 2004, Brian Candler wrote:

> On Mon, Feb 23, 2004 at 11:02:48AM +0000, spf@anarres.org wrote:
> > Let us assume that the SRS standard does not define the SRS format at all.
> > Let us assume that SRS only defines a set of conventions to say what
> > information can be discarded during multiple forwarding hops and a
> > convention for letting hosts know whether or not they are a secondary hop.
> >
> > Somewhere between the specification and the implementation, an example
> > protocol is also defined for implementing this discarding of information
> > without introducing cryptographic or game-theoretical weaknesses.
> >
> > Now the = which is used by SRS _is_ this alternate separator.
>
> I like where this is going :-)

Cool. This is kind-of how I've thought about it all along, and I've
maintained the implementation so that these properties hold. However, the
ideas have really been settling in my own head so I haven't really
explained them before.

> So what's the minimum set of conventions we can define to get the
> functionality required? In other words, what the current spec gives for
> upgrading an srs0 address to srs1, and stripping srs1 back to srs0? I guess,
>
> user@domain
> -> srs0+opaque@domain2
> -> srs1+domain2+opaque@domain3
> -> srs1+domain2+opaque@domain4

Well, domain2 might as well be opaque as well (see note below).

> It's obvious when you think about a database-driven solution: 'opaque' is
> just the key into the database maintained by 'domain2'. If the key doesn't
> exist in the database, it's invalid by definition. The density of keys is
> kept low enough that guessing 'opaque' is unlikely to hit a valid key.

Well, "opaque" for the purposes of SRS might also be specified to contain
at least N bits of true entropy.

The minimum solution is something along the lines of:

An SRS address is either of:
* An SRS0 address.
* An SRS1 address.

An SRS0 address is:
* Guaranteed to be unforgeable.
- Limitation on minimum entropy?
* Of the format SRS0[-=+]<opaque-part>@forwarder-domain

An SRS1 address is:
* Guaranteed to reverse to an SRS0 address (say something about
idempotent).
* Not required to be unforgeable. (This is currently under discussion)
* Of the format SRS1[-+=]<opaque-part>@forwarder-domain

This means that SRS0+<Database-Key>@forwarder.com is a valid SRS address,
and indeed it satisfies all the requirements of SRS. It also permits

The interesting bit is now that I look at my Guarded SRS1 code, I realise
that I do some unnecessary idempotent interpretation on the SRS1 address.
I do actually parse "domain2" out of the example above, only to shove it
back in exactly where it came from. I will remove this for v0.27 or v0.28.
It's amazing how little code one gets when one gets it "right".

Other features for v0.27 should include a proper Unix/IP socket based
daemon. This will let (at least) Sendmail and Exim rulesets use SRS
without the fork() overhead, and without patching the MTA.

S.

--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

On Mon, Feb 23, 2004 at 11:51:23AM +0000, spf@anarres.org wrote:
> > user@domain
> > -> srs0+opaque@domain2
> > -> srs1+domain2+opaque@domain3
> > -> srs1+domain2+opaque@domain4
>
> Well, domain2 might as well be opaque as well (see note below).

I may have missed something, but I don't see how this can work with "short
cut" returning of bounces. The mailer at domain5 needs to return a bounce to
domain2; how can it do so if "domain2" has been encoded in an opaque way by
the mailer at domain3?

> An SRS0 address is:

[I add]
* Guaranteed to reverse to a regular E-mail address
* Only valid for a fixed period of time

> * Guaranteed to be unforgeable.
> - Limitation on minimum entropy?
> * Of the format SRS0[-=+]<opaque-part>@forwarder-domain
>
> An SRS1 address is:
> * Guaranteed to reverse to an SRS0 address (say something about
> idempotent).
> * Not required to be unforgeable. (This is currently under discussion)
> * Of the format SRS1[-+=]<opaque-part>@forwarder-domain

By that definition, both SRS0 and SRS1 could be the same; they both resolve
to an E-mail address. If it resolves to another SRS address, then it is not
required to be unforgeable or have an expiry time.

But I still don't see how the short-cut return would work.

Regards,

Brian.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

On Mon, 23 Feb 2004, Brian Candler wrote:

> On Mon, Feb 23, 2004 at 11:51:23AM +0000, spf@anarres.org wrote:
> > > user@domain
> > > -> srs0+opaque@domain2
> > > -> srs1+domain2+opaque@domain3
> > > -> srs1+domain2+opaque@domain4
> >
> > Well, domain2 might as well be opaque as well (see note below).
>
> I may have missed something, but I don't see how this can work with "short
> cut" returning of bounces. The mailer at domain5 needs to return a bounce to
> domain2; how can it do so if "domain2" has been encoded in an opaque way by
> the mailer at domain3?
>
> > An SRS0 address is:
>
> [I add]
> * Guaranteed to reverse to a regular E-mail address

Not necessarily true. There's no reason why it should. Look at the full
reversible mechanism, for example. Or if we blindly do a database-based
SRS0 solution which generates an SRS0 address from _anything_. It's
usually true, and in the optimal case, it's true, but it's not a
requirement.

> * Only valid for a fixed period of time

True.

> > * Guaranteed to be unforgeable.
> > - Limitation on minimum entropy?
> > * Of the format SRS0[-=+]<opaque-part>@forwarder-domain
> >
> > An SRS1 address is:
> > * Guaranteed to reverse to an SRS0 address (say something about
> > idempotent).
> > * Not required to be unforgeable. (This is currently under discussion)
> > * Of the format SRS1[-+=]<opaque-part>@forwarder-domain
>
> By that definition, both SRS0 and SRS1 could be the same; they both resolve
> to an E-mail address. If it resolves to another SRS address, then it is not
> required to be unforgeable or have an expiry time.

It's quite true, they could both have the property of unforgeability, but
this isn't necessary. SRS1 addresses can be forged.

> But I still don't see how the short-cut return would work.

Ah, I've missed some requirements, haven't I. Actually, I've buggered up.
Oh well, here goes again. This is a consequence of not having quite
settled the ideas.

* SRS1 addresses aren't opaque. They must have the form:
SRS1<sep><srs0-domain>=<srs0-local-part>@forwarder.com

Since SRS1 local-parts must be reversed by hosts which didn't actually
build them. This is not true of SRS0.

This does kind of scotch the flexibility of SRS1, but maintains this
property in SRS0 - which in a way is the one that really matters. I wonder
if we can get the flexibility back into SRS1. I will think about it.

I suppose the bit about "anything which forwards to a real user must be
unforgeable" is already covered implicitly above.

S.

--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

On Mon, Feb 23, 2004 at 01:43:23PM +0000, spf@anarres.org wrote:
> > [I add]
> > * Guaranteed to reverse to a regular E-mail address

> Not necessarily true. There's no reason why it should. Look at the full
> reversible mechanism, for example.

You're right, how about "* Guaranteed to reverse to some E-mail address
(which might be plain or SRS)"

> * SRS1 addresses aren't opaque. They must have the form:
> SRS1<sep><srs0-domain>=<srs0-local-part>@forwarder.com
>
> Since SRS1 local-parts must be reversed by hosts which didn't actually
> build them. This is not true of SRS0.
>
> This does kind of scotch the flexibility of SRS1, but maintains this
> property in SRS0 - which in a way is the one that really matters. I wonder
> if we can get the flexibility back into SRS1. I will think about it.

Well, at worst, any host is always entitled to encode an SRS0 address in
another SRS0 address if it wishes, retaining full flexibility. (However the
local-part could grow substantially unless they are using a database
solution)

Regards,

Brian.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

> [Brian Candler]
> I like where this is going :-)
>
> So what's the minimum set of conventions we can define to get the
> functionality required? In other words, what the current spec
> gives for
> upgrading an srs0 address to srs1, and stripping srs1 back to
> srs0? I guess,
>
> user@domain
> -> srs0+opaque@domain2
> -> srs1+domain2+opaque@domain3
> -> srs1+domain2+opaque@domain4

Making each part to the left of the @ sign opaque would be a good idea.
That prevents open relaying. It also prevents the DSN shortcut back to
the first hop, but that's a small price to pay.

>
> It's obvious when you think about a database-driven solution:
> 'opaque' is
> just the key into the database maintained by 'domain2'. If
> the key doesn't
> exist in the database, it's invalid by definition. The
> density of keys is
> kept low enough that guessing 'opaque' is unlikely to hit a valid key.
>
> Any timestamp/crypto solution is just emulating a database
> where entries are
> added when a message is sent, and removed after the timeout.

Exactly. It shouldn't matter how you encode/decode the domain at each
hop, as long as they remain opaque. I personally favor the encryption
approach because the message contains all the information it needs for a
DSN to get back to the source, even in the presence of loss of stored
data by someone along the path. The two methods are largely equivalent,
however, and the standard doesn't have to specify how you encode/decode.
Good recommendations would lead to good implementations, though.

--

Seth Goodman

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

On Mon, 23 Feb 2004, Seth Goodman wrote:

> > [Brian Candler]
> > I like where this is going :-)
> >
> > So what's the minimum set of conventions we can define to get the
> > functionality required? In other words, what the current spec
> > gives for
> > upgrading an srs0 address to srs1, and stripping srs1 back to
> > srs0? I guess,
> >
> > user@domain
> > -> srs0+opaque@domain2
> > -> srs1+domain2+opaque@domain3
> > -> srs1+domain2+opaque@domain4
>
> Making each part to the left of the @ sign opaque would be a good idea.
> That prevents open relaying. It also prevents the DSN shortcut back to

No it doesn't. But since this whole "open relaying" thing was magicked up
out of thing air, I'm more than happy for people to magick it back into
thin air. So let's just pretend I didn't say this, OK?

> the first hop, but that's a small price to pay.

Not necessarily, depending on opacity. We want shortcutting.

I think you misunderstand the concept of opacity. It means that we aren't
allowed to parse or mess with it, not that a malicious person can't mess
with it in intelligent ways. Do not confuse opaque with reversibly
encrypted.

S.

--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

> [spf@anarres.org]
> > > [Brian Candler]
> > > I like where this is going :-)
> > >
> > > So what's the minimum set of conventions we can define to get the
> > > functionality required? In other words, what the current spec
> > > gives for
> > > upgrading an srs0 address to srs1, and stripping srs1 back to
> > > srs0? I guess,
> > >
> > > user@domain
> > > -> srs0+opaque@domain2
> > > -> srs1+domain2+opaque@domain3
> > > -> srs1+domain2+opaque@domain4
> >
> > Making each part to the left of the @ sign opaque would be
> a good idea.
> > That prevents open relaying. It also prevents the DSN
> shortcut back to
>
> No it doesn't. But since this whole "open relaying" thing was
> magicked up
> out of thing air, I'm more than happy for people to magick it
> back into
> thin air. So let's just pretend I didn't say this, OK?

I'm just the messenger on this one. Several other contributors to this
list who appear to know what they're talking about seem to think the
open relay problem is real. Though I haven't analyzed their arguments
in detail, they sounded reasonable. If you would like to see this topic
retired, perhaps you could address their detailed posts and show why the
open relay scenario is unrealistic.


>
> > the first hop, but that's a small price to pay.
>
> Not necessarily, depending on opacity. We want shortcutting.

Shortcutting would be very nice, as I have said before. If it breaks
other things, however, there is no reason it has to be there.


>
> I think you misunderstand the concept of opacity. It means
> that we aren't
> allowed to parse or mess with it, not that a malicious person
> can't mess
> with it in intelligent ways. Do not confuse opaque with reversibly
> encrypted.

I understand the distinction. I also happen to think that reversible
encryption, or hashing to produce a key for database lookup, is a
reasonable idea.

--

Seth Goodman

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

On Mon, 23 Feb 2004, Seth Goodman wrote:

> > [spf@anarres.org]
> > > > [Brian Candler]
> > > > I like where this is going :-)
> > > >
> > > > So what's the minimum set of conventions we can define to get the
> > > > functionality required? In other words, what the current spec
> > > > gives for
> > > > upgrading an srs0 address to srs1, and stripping srs1 back to
> > > > srs0? I guess,
> > > >
> > > > user@domain
> > > > -> srs0+opaque@domain2
> > > > -> srs1+domain2+opaque@domain3
> > > > -> srs1+domain2+opaque@domain4
> > >
> > > Making each part to the left of the @ sign opaque would be a good
> > > idea. That prevents open relaying. It also prevents the DSN
> > > shortcut back to
> >
> > No it doesn't. But since this whole "open relaying" thing was magicked
> > up out of thing air, I'm more than happy for people to magick it back
> > into thin air. So let's just pretend I didn't say this, OK?
>
> I'm just the messenger on this one. Several other contributors to this
> list who appear to know what they're talking about seem to think the
> open relay problem is real. Though I haven't analyzed their arguments
> in detail, they sounded reasonable. If you would like to see this topic
> retired, perhaps you could address their detailed posts and show why the
> open relay scenario is unrealistic.

I've responded to this argument several times and explained in detail why
it is invalid. See thread titled "The open relay "problem" is not a
problem", message-id Pine.LNX.4.53.0402231028150.13192@astray.com, date
Mon, 23 Feb 2004 10:45:15 +0000 (GMT).

I'd prefer people to avoid the "me-too-isms" if they haven't done the
analysis themselves. They lack credibility and confuse the issue. This is
an academic discussion, not a protest outside a town hall. Just as I asked
people who claimed there existed "open relaying" to justify their claims,
it would suit your claim of a "solution" to come with an attached
justification as well.

Thank you.

S.

--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

> [spf@anarres.org]
> > [Seth Goodman]
> > I'm just the messenger on this one. Several other
> > contributors to this
> > list who appear to know what they're talking about seem to think the
> > open relay problem is real. Though I haven't analyzed
> > their arguments
> > in detail, they sounded reasonable. If you would like to
> > see this topic
> > retired, perhaps you could address their detailed posts and
> > show why the
> > open relay scenario is unrealistic.
>
> I've responded to this argument several times and explained
> in detail why
> it is invalid. See thread titled "The open relay "problem" is not a
> problem", message-id
> Pine.LNX.4.53.0402231028150.13192@astray.com, date
> Mon, 23 Feb 2004 10:45:15 +0000 (GMT).

That "thread" was a single post with a much sarcasm and little content.
It hardly qualifies as a refutation. Given its tone, it's not
surprising that nobody replied, though discussion of the open relay idea
continued.


>
> I'd prefer people to avoid the "me-too-isms" if they haven't done the
> analysis themselves. They lack credibility and confuse the
> issue. This is
> an academic discussion, not a protest outside a town hall.

I clearly said that I read their arguments and they sounded reasonable,
even though I didn't analyze the arguments in detail. That is commonly
known as an opinion. It says, I think their position sounds reasonable,
though I can't vouch for it. It would be unreasonable only if I said I
agreed with them without reading or thinking about their position. I'm
sorry if you can't handle that.


> Just as I asked
> people who claimed there existed "open relaying" to justify
> their claims,
> it would suit your claim of a "solution" to come with an attached
> justification as well.
>
> Thank you.

Cheers.

--

Seth Goodman

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

On Mon, 2004-02-23 at 18:16 +0000, spf@anarres.org wrote:
> No it doesn't. But since this whole "open relaying" thing was magicked up
> out of thing air, I'm more than happy for people to magick it back into
> thin air. So let's just pretend I didn't say this, OK?

I would suggest that you _do_ need to address this in your paper. By
omitting it you effectively perform an ad hominem attack on your own
work.

Seriously -- I read it for the first time a few days ago and the problem
literally jumped out at me from behind the sentence 'No weaknesses are
known in this scheme and it is recommended that it be deployed'. At
which point I was _extremely_ disinclined to take the rest of the paper
without a _very_ large pinch of salt.

If you want to argue that it's not actually a problem in practice, then
do so. Readers will make up their own mind, without thinking you've
missed something which is glaringly obvious. But I would respectfully
suggest that you shouldn't omit discussion of it entirely, if you want
your paper to be taken seriously.

--
dwmw2


-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com