[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Straw poll on "From:" lines

To: mixminion-dev@freehaven.net
Subject: Re: Straw poll on "From:" lines
From: Michael Shinn <mike@shinn.net>
Date: 22 Jun 2003 01:22:22 -0400
Delivered-to: archiver@seul.org
Delivered-to: mixminion-dev-outgoing@seul.org
Delivered-to: mixminion-dev@seul.org
Delivery-date: Sun, 22 Jun 2003 01:22:24 -0400
In-reply-to: <1056231218.5872.1346.camel@totoro.wangafu.net>
Organization:
References: <1056231218.5872.1346.camel@totoro.wangafu.net>
Reply-to: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

On Sat, 2003-06-21 at 17:33, Nick Mathewson wrote: 
> I'm revising the E2E spec right now, and one of the features I'm adding
> is the ability for to _partially_ set "From:" lines.  I realize that the
> last time we walked this way, we got a massive flamew^W discussion going
> on, but since I've got to build the thing, I've got to walk over these
> trails again.
> 
> I have two questions for you all: (please reply personally if you only
> want to say "yes")
> 
> Q1. To everybody operating an exit node is: would you be willing to run
> an exit node that worked this way?

Probably not, but the proposal sounds reasonable regardless.  I say this
because, personally, I prefer the idea of a *real* e-mail address ala
nym style and would like to see that happen as soon as possible.  End
users are used to associating e-mail addresses, as totally forgable as
they are, with people and not all MUAs (Outlook for instance) display
from: lines completely, so I would still be concerned for those users.  

A long term proposition, I know, but I'd much rather see a "real"
solution.  If you want context, then setup a nym account.  IMHO, user
definable aspects of the from: line are only a smoke and mirrors
approach to what users really want, user identities, and if done
correctly (nyms) they could be strongly authenticated by the server and
make the abuse issue moot.

Regardless, I think your proposal is fine, from an abuse perspective,
although I suspect that there will still be users that will be tricked
by even the limited user definable portion of the from: line.

> Q2. To everybody who wants to set From lines: would an exit node that
> worked this way meet your needs?
> 
> Policy:
>         The administrator of every SMTP (mail) exit node configures a
>         tag (e.g., "Foo-Anon") and a mailbox (e.g., anon@foo.com).  The
>         user provides a "From" string containing no special[*]
>         characters (e.g., "Common Sense").  The exit node generates a
>         "From" line of the form:   
> 	        'From: "[Foo-Anon] Common Sense" <anon@foo.com>'.
> 
> (I've described the system below to Len, and he seems to be ok with it
> from an abuse POV.  [Len, feel free to recant and repudiate my
> impudence.] It also seems similar to what Noise was saying in
> http://archives.seul.org/mixminion/dev/Feb-2003/msg00069.html . [Noise,
> feel free to tell me that you were saying nothing of the sort.])

Sounds like a good solution.

-- 
Michael T. Shinn				   KeyID: 91C0781F
Key fingerprint = 05 81 9F 80 0E CE DB AE  02 6F 0D B8 D9 CC 0F A2
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91C0781F

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- Straw poll on "From:" lines
  - From: Nick Mathewson <nickm@freehaven.net>

Prev by Author: Re: Another newbie question
Next by Author: [ANN] Mixminion 0.0.4rc3: last chance for changes in 0.0.4
Previous by thread: Straw poll on "From:" lines
Next by thread: use regexp re-writes like mix (Re: Straw poll on "From:" lines)
Index(es):
- Author
- Thread