Mailing List Archive: SRS security solution

SRS security solution

Mar 3, 2004, 1:57 AM

Post #1 of 10 (6830 views)

Ok, I have held of for far too long on this, but the discussions seem to
have become circular, so I'm going to post it.

SRS0 is invulnerable to the simple 3 player game because it has hashing.
This is accepted.

SRS1 can be made invulnerable to the 3 player SRS0-game if it has hashing
added to it. This is, I believe, generally accepted.

This leaves the 5 player game, which assumes that the spammer can set up a
forwarder pointing to himself. This is defeated if all public forwarders
use a database-based system since this guarantees at least one more crypto
stage after any public forwarder, thus solving the problem of which X-k to
preserve when and where necessary. This is feasible and likely.

I know no more games against SRS. Anyone who knows any games on this that
I don't, please describe them explicitly and fully.

The SRS distribution will be upgraded to version 0.29 within 24 hours. All
existing deployments should upgrade. There will be a temporary feature in
the software which allows the parsing of SRS addresses produced by older
versions of the software. If you have generated any SRS1 addresses, you
should enable this feature for MaxAge+1 days for backwards compatibility.

S.

--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

Re: SRS security solution [ In reply to ]

dwmw2 at infradead

Mar 3, 2004, 2:36 AM

Post #2 of 10 (6705 views)

Permalink

On Wed, 2004-03-03 at 08:57 +0000, spf@anarres.org wrote:
> This leaves the 5 player game, which assumes that the spammer can set up a
> forwarder pointing to himself.

Please could you explain this in more detail; in particular why the
forwarder actually needs to have an address pointing back at himself.

> This is defeated if all public forwarders use a database-based system
> since this guarantees at least one more crypto stage after any public
> forwarder, thus solving the problem of which X-k to preserve when and
> where necessary.

Whoa.... First we were asking that in order to fix the fundamental
misconceptions of SPF, the whole world should implement some rewriting
scheme; essentially deploying 'EmailV2' in place of the existing
systems.

And now you've made the rewriting scheme require _state_?

And you _still_ expect the world to 'upgrade' to make the false
assumptions of SPF come true?

> This is feasible and likely.

You might think that. I couldn't possibly comment.

--
dwmw2

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

Re: SRS security solution [ In reply to ]

spf at anarres

Mar 3, 2004, 2:42 AM

Post #3 of 10 (6720 views)

Permalink

On Wed, 3 Mar 2004, David Woodhouse wrote:

> On Wed, 2004-03-03 at 08:57 +0000, spf@anarres.org wrote:
> > This leaves the 5 player game, which assumes that the spammer can set up a
> > forwarder pointing to himself.
>
> Please could you explain this in more detail; in particular why the
> forwarder actually needs to have an address pointing back at himself.

It's my job to produce protocols, it's your job to produce attacks on the
protocol. The 5 player game has been discussed at length before, and it's
now a non-issue.

Note for those who didn't follow it, the use of the database system on
public forwarders means that we always preserve one hop before the public
forwarder without modifying the protocol or losing shortcutting.

I will update the PDF soon. I'm now 30 minutes late for work.

> > This is defeated if all public forwarders use a database-based system
> > since this guarantees at least one more crypto stage after any public
> > forwarder, thus solving the problem of which X-k to preserve when and
> > where necessary.
>
> Whoa.... First we were asking that in order to fix the fundamental
> misconceptions of SPF, the whole world should implement some rewriting
> scheme; essentially deploying 'EmailV2' in place of the existing
> systems.
>
> And now you've made the rewriting scheme require _state_?

Only for PUBIC forwarders, e.g. pobox, which if they aren't to fire off
everyone's mails into the void, require state anyway.

> > This is feasible and likely.
>
> You might think that. I couldn't possibly comment.

If this wasn't a comment, then it must have been a troll.

S.

--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

Re: SRS security solution [ In reply to ]

mw-list-srs-discuss at csi

Mar 3, 2004, 10:15 AM

Post #4 of 10 (6687 views)

Permalink

On Wed, Mar 03, 2004 at 09:42:01AM +0000, spf@anarres.org wrote:
> On Wed, 3 Mar 2004, David Woodhouse wrote:
>
> > On Wed, 2004-03-03 at 08:57 +0000, spf@anarres.org wrote:
> > > This leaves the 5 player game, which assumes that the spammer can set up a
> > > forwarder pointing to himself.
> >
> > Please could you explain this in more detail; in particular why the
> > forwarder actually needs to have an address pointing back at himself.
>
> It's my job to produce protocols, it's your job to produce attacks on the
> protocol.

Could you tell us where the protocol is described?

Mate

--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

Re: SRS security solution [ In reply to ]

spf at anarres

Mar 3, 2004, 12:32 PM

Post #5 of 10 (6685 views)

Permalink

On Wed, 3 Mar 2004 mw-list-srs-discuss@csi.hu wrote:

> On Wed, Mar 03, 2004 at 09:42:01AM +0000, spf@anarres.org wrote:
> > On Wed, 3 Mar 2004, David Woodhouse wrote:
> >
> > > On Wed, 2004-03-03 at 08:57 +0000, spf@anarres.org wrote:
> > > > This leaves the 5 player game, which assumes that the spammer can set up a
> > > > forwarder pointing to himself.
> > >
> > > Please could you explain this in more detail; in particular why the
> > > forwarder actually needs to have an address pointing back at himself.
> >
> > It's my job to produce protocols, it's your job to produce attacks on the
> > protocol.
>
> Could you tell us where the protocol is described?

An earlier version of the documentation is available in srs.pdf from my
web site at
http://www.anarres.org/projects/srs/

However, after a long period without spare time, I am now updating this
document and will announce and release a new version including
descriptions of the 5 party game in the next day or two, time permitting.

I will announce to this list when it is rewritten.

Thanks.

S.

--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

RE: SRS security solution [ In reply to ]

sethg at GoodmanAssociates

Mar 3, 2004, 3:11 PM

Post #6 of 10 (6678 views)

Permalink

> -----Original Message-----
> From: owner-srs-discuss@v2.listbox.com
> [mailto:owner-srs-discuss@v2.listbox.com]On Behalf Of spf@anarres.org
> Sent: Wednesday, March 03, 2004 1:33 PM
> To: srs-discuss@v2.listbox.com
> Subject: Re: [srs-discuss] SRS security solution
>
>
> On Wed, 3 Mar 2004 mw-list-srs-discuss@csi.hu wrote:
>
> > On Wed, Mar 03, 2004 at 09:42:01AM +0000, spf@anarres.org wrote:
> > > On Wed, 3 Mar 2004, David Woodhouse wrote:
> > >
> > > > On Wed, 2004-03-03 at 08:57 +0000, spf@anarres.org wrote:
> > > > > This leaves the 5 player game, which assumes that the
> > > > > spammer can set up a
> > > > > forwarder pointing to himself.
> > > >
> > > > Please could you explain this in more detail; in
> > > > particular why the
> > > > forwarder actually needs to have an address pointing
> > > > back at himself.
> > >
> > > It's my job to produce protocols, it's your job to
> > > produce attacks on the
> > > protocol.
> >
> > Could you tell us where the protocol is described?
>

--------------snip----------------------

>
> I will announce to this list when it is rewritten.

It's pretty difficult to critique or design attacks against an unknown
protocol. I also surprised by your first statement: that it's your job
to design the protocol and that you can somehow assign someone else, who
does not work for you, the job of designing attacks against it. I hope
that someone will correct my misconception, if incorrect, that this is a
collective, cooperative effort and that all of us have both jobs.

--

Seth Goodman

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

Re: SRS security solution [ In reply to ]

greg at wooledge

Mar 3, 2004, 4:14 PM

Post #7 of 10 (6689 views)

Permalink

Seth Goodman (sethg@GoodmanAssociates.com) wrote:

> I also surprised by your first statement: that it's your job
> to design the protocol and that you can somehow assign someone else, who
> does not work for you, the job of designing attacks against it.

This is normal peer review. Sure, Shevek should attempt to attack
his own designs. But it's exceedingly hard to cover *all* the
possible attacks against your own design, for obvious reasons. So
we need everyone else to attack it also.

--
Greg Wooledge | "Truth belongs to everybody."
greg@wooledge.org | - The Red Hot Chili Peppers
http://wooledge.org/~greg/ |

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

RE: SRS security solution [ In reply to ]

sethg at GoodmanAssociates

Mar 3, 2004, 5:08 PM

Post #8 of 10 (6714 views)

Permalink

> -----Original Message-----
> From: owner-srs-discuss@v2.listbox.com
> [mailto:owner-srs-discuss@v2.listbox.com]On Behalf Of Greg Wooledge
> Sent: Wednesday, March 03, 2004 5:15 PM
> To: srs-discuss@v2.listbox.com
> Subject: Re: [srs-discuss] SRS security solution
>
>
> Seth Goodman (sethg@GoodmanAssociates.com) wrote:
>
> > I also surprised by your first statement: that it's your job
> > to design the protocol and that you can somehow assign
> > someone else, who
> > does not work for you, the job of designing attacks against it.
>
> This is normal peer review. Sure, Shevek should attempt to attack
> his own designs. But it's exceedingly hard to cover *all* the
> possible attacks against your own design, for obvious reasons. So
> we need everyone else to attack it also.

Sure thing. Where is it?

Peer review is great but what about peer input? I wasn't aware that a
single individual was tasked (by whom?) with the creation of this
protocol.

--

Seth Goodman

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

Re: SRS security solution [ In reply to ]

mw-list-srs-discuss at csi

Mar 4, 2004, 10:13 AM

Post #9 of 10 (6695 views)

Permalink

On Wed, Mar 03, 2004 at 07:32:40PM +0000, spf@anarres.org wrote:
> On Wed, 3 Mar 2004 mw-list-srs-discuss@csi.hu wrote:
>
> > On Wed, Mar 03, 2004 at 09:42:01AM +0000, spf@anarres.org wrote:
> > > On Wed, 3 Mar 2004, David Woodhouse wrote:
> > >
> > > > On Wed, 2004-03-03 at 08:57 +0000, spf@anarres.org wrote:
> > > > > This leaves the 5 player game, which assumes that the spammer can set up a
> > > > > forwarder pointing to himself.
> > > >
> > > > Please could you explain this in more detail; in particular why the
> > > > forwarder actually needs to have an address pointing back at himself.
> > >
> > > It's my job to produce protocols, it's your job to produce attacks on the
> > > protocol.
> >
> > Could you tell us where the protocol is described?
>
> An earlier version of the documentation is available in srs.pdf from my
> web site at
> http://www.anarres.org/projects/srs/

As I pointed out before, I am not sure I would call this the SRS
protocol description. I thought a protocol description, in
particular, would describe what a mailer is supposed to do in every
possible situation.

For example, can I find out from your document what to do exactly in
the following problems:

1) One of my server's name is a.b, and it handles outgoing mail for
the domains b and c as well as relays for domains d and e. What
will be in the domain part of the SRS address?

2)

Outgoing mail:

orig -> relay_1 -> dest

Incoming mail:

dest -> relay_1 -> relay_2 -> orig

3)

Outgoing mail:

orig -> relay_1 -> relay_2 -> dest

Incoming mail:

dest -> relay_2 -> orig

4) What happens if mail is relayed according to the local part as well?

Mate
--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

Re: SRS security solution [ In reply to ]

spf at anarres

Mar 5, 2004, 3:51 AM

Post #10 of 10 (6720 views)

Permalink

On Thu, 4 Mar 2004 mw-list-srs-discuss@csi.hu wrote:

> On Wed, Mar 03, 2004 at 07:32:40PM +0000, spf@anarres.org wrote:
> > On Wed, 3 Mar 2004 mw-list-srs-discuss@csi.hu wrote:
> >
> > > On Wed, Mar 03, 2004 at 09:42:01AM +0000, spf@anarres.org wrote:
> > > > On Wed, 3 Mar 2004, David Woodhouse wrote:
> > > >
> > > > > On Wed, 2004-03-03 at 08:57 +0000, spf@anarres.org wrote:
> > > > > > This leaves the 5 player game, which assumes that the spammer can set up a
> > > > > > forwarder pointing to himself.
> > > > >
> > > > > Please could you explain this in more detail; in particular why the
> > > > > forwarder actually needs to have an address pointing back at himself.
> > > >
> > > > It's my job to produce protocols, it's your job to produce attacks on the
> > > > protocol.
> > >
> > > Could you tell us where the protocol is described?
> >
> > An earlier version of the documentation is available in srs.pdf from my
> > web site at
> > http://www.anarres.org/projects/srs/
>
> As I pointed out before, I am not sure I would call this the SRS
> protocol description. I thought a protocol description, in
> particular, would describe what a mailer is supposed to do in every
> possible situation.
>
> For example, can I find out from your document what to do exactly in
> the following problems:

I have added a section (currently hidden, until I get time to fix it
properly) to the document. Expect it in future versions.

I have released a new copy with what I hope are fixes for some of the
issues you described in your previous mails.

Thanks again.

S.

--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

Mailing List Archive

Mailing List Archive

Attached Files: