From exim@www1.ietf.org Mon Mar 1 11:20:29 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA13347 for ; Mon, 1 Mar 2004 11:05:14 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxpuO-0001uF-II for lemonade-archive@odin.ietf.org; Mon, 01 Mar 2004 11:04:44 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i21G4ilP007326 for lemonade-archive@odin.ietf.org; Mon, 1 Mar 2004 11:04:44 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxpuM-0001tv-O3 for lemonade-web-archive@optimus.ietf.org; Mon, 01 Mar 2004 11:04:44 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA12806 for ; Mon, 1 Mar 2004 11:04:38 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Axpt6-0003sw-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 11:03:24 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Axpmo-0001ZI-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 10:56:57 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AxpfI-0006hH-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 10:49:08 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxpfB-0000uy-3g; Mon, 01 Mar 2004 10:49:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxpeI-0000pS-Gw for lemonade@optimus.ietf.org; Mon, 01 Mar 2004 10:48:06 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08498 for ; Mon, 1 Mar 2004 10:48:02 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AxpeF-0006CG-00 for lemonade@ietf.org; Mon, 01 Mar 2004 10:48:03 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AxpJq-0007aF-00 for lemonade@ietf.org; Mon, 01 Mar 2004 10:27:01 -0500 Received: from lin1.andrew.cmu.edu ([128.2.6.59]) by ietf-mx with esmtp (Exim 4.12) id 1Axon5-0007YJ-00 for lemonade@ietf.org; Mon, 01 Mar 2004 09:53:07 -0500 Received: from SOURCEFOUR.andrew.cmu.edu (SOURCEFOUR.andrew.cmu.edu [128.2.122.8]) (user=rjs3 mech=GSSAPI (0 bits)) by lin1.andrew.cmu.edu (8.12.10/8.12.10) with ESMTP id i21Er6FK031976; Mon, 1 Mar 2004 09:53:06 -0500 Date: Mon, 1 Mar 2004 09:53:06 -0500 (EST) From: Rob Siemborski X-X-Sender: rjs3@sourcefour.andrew.cmu.edu To: "Marcus D. Leech" cc: lemonade@ietf.org Subject: Re: [lemonade] Comments on PUSH and PULL drafts In-Reply-To: <404293D2.5418C007@nortelnetworks.com> Message-ID: References: <404293D2.5418C007@nortelnetworks.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 On Sun, 29 Feb 2004, Marcus D. Leech wrote: > I've had a look at these two drafts, and I find that from a security > point of view, I'm > uncomfortable with the PULL concept. It (I think unnecessarily) > creates what I call > "trust inflation"--the IMAP server must trust some other party to ask > for chunks of > e-mail messages to be forwarded onwards. Making this work "right" > requires a bunch of > new security technology that is likely to be a fruitful spawning > ground for security > bugs. I'm not sure I understand what you mean -- currently an IMAP server has to "trust some other party to ask for chunks of e-mail messages to be forwarded onwards" -- that is, the client, and even then this only applies if the IMAP server somehow *cares* that the message gets forwarded (I don't believe it does). Indeed, there are new security issues to be looked at with URLAUTH -- but there are also ones present in a "push" model -- that is, the SUBMIT server needs to trust the IMAP server to submit messages on behalf of the user. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski | Andrew Systems Group * Research Systems Programmer PGP:0x5CE32FCC | Cyert Hall 207 * rjs3@andrew.cmu.edu * 412.268.7456 -----BEGIN GEEK CODE BLOCK---- Version: 3.12 GCS/IT/CM/PA d- s+: a-- C++++$ ULS++++$ P+++$ L+++ E W+ N(-) o? K- w-- O- M-- V-- PS+ PE+ Y+ PGP+ t+@ 5+++ X- R@ tv-- b+ DI+++ D++ G e++ h+ r- y? ------END GEEK CODE BLOCK----- _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Mon Mar 1 11:44:52 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19252 for ; Mon, 1 Mar 2004 11:42:36 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxqUZ-0007V1-P9 for lemonade-archive@odin.ietf.org; Mon, 01 Mar 2004 11:42:08 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i21Gg7qf028816 for lemonade-archive@odin.ietf.org; Mon, 1 Mar 2004 11:42:07 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxqUX-0007UF-RF for lemonade-web-archive@optimus.ietf.org; Mon, 01 Mar 2004 11:42:06 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18628 for ; Mon, 1 Mar 2004 11:42:02 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AxqI9-00046D-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 11:29:17 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AxqGV-0003iH-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 11:27:36 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1AxqE8-0002do-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 11:25:08 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1AxqE8-0001NR-Dj for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 11:25:08 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxqE4-0005Yg-6J; Mon, 01 Mar 2004 11:25:04 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxqDF-0005Un-Ks for lemonade@optimus.ietf.org; Mon, 01 Mar 2004 11:24:13 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA16092 for ; Mon, 1 Mar 2004 11:24:11 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AxqB0-0001ts-00 for lemonade@ietf.org; Mon, 01 Mar 2004 11:21:54 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AxqA9-0001O3-00 for lemonade@ietf.org; Mon, 01 Mar 2004 11:21:02 -0500 Received: from mxout2.cac.washington.edu ([140.142.33.4]) by ietf-mx with esmtp (Exim 4.12) id 1Axq9V-0001ID-00 for lemonade@ietf.org; Mon, 01 Mar 2004 11:20:21 -0500 Received: from shiva1.cac.washington.edu (shiva1.cac.washington.edu [140.142.100.201]) by mxout2.cac.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i21GKJlw006144; Mon, 1 Mar 2004 08:20:19 -0800 Received: from localhost (mrc@localhost) by shiva1.cac.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i21GKJeC025438; Mon, 1 Mar 2004 08:20:19 -0800 Date: Mon, 1 Mar 2004 08:20:19 -0800 (PST) From: Mark Crispin To: Rob Siemborski cc: "Marcus D. Leech" , lemonade@ietf.org Subject: Re: [lemonade] Comments on PUSH and PULL drafts In-Reply-To: Message-ID: References: <404293D2.5418C007@nortelnetworks.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 On Mon, 1 Mar 2004, Rob Siemborski wrote: > there are also ones present in a "push" model -- that is, the SUBMIT > server needs to trust the IMAP server to submit messages on behalf of the > user. The security arguments that are advanced to favor PUSH over PULL all seem to assume that SUBMIT servers are SMTP servers with no authentication. Since such SUBMIT servers promiscuously trust everybody, there are no added security considerations in trusting an IMAP server. Many of us are deploying SUBMIT servers which require authentication; and the SUBMIT authentication credentials are not necessarily the same as those for an IMAP server. The PUSH model makes no attempt to acknowledge that such a concept exists, much less support this environment. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Mon Mar 1 13:44:50 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA27196 for ; Mon, 1 Mar 2004 13:44:50 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxsOt-0008G6-JJ for lemonade-archive@odin.ietf.org; Mon, 01 Mar 2004 13:44:23 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i21IiNFs031742 for lemonade-archive@odin.ietf.org; Mon, 1 Mar 2004 13:44:23 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Axq8c-0004uK-CM for lemonade-web-archive@optimus.ietf.org; Mon, 01 Mar 2004 11:19:26 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA14457 for ; Mon, 1 Mar 2004 11:06:31 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AxpVC-0003Cf-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 10:38:42 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Axp4C-0003cW-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 10:10:51 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1AxoYm-0003rW-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 09:38:20 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Axo7u-0000IY-EX for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 09:10:34 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Axo7s-0000w0-08 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 09:10:32 -0500 Date: Mon, 01 Mar 2004 09:10:31 -0500 Message-ID: <20040301141031.27462.58789.Mailman@www1.ietf.org> Subject: ietf.org mailing list memberships reminder From: mailman-owner@www1.ietf.org To: lemonade-web-archive@ietf.org X-No-Archive: yes X-Ack: no Sender: mailman-admin@ietf.org Errors-To: mailman-admin@ietf.org X-BeenThere: mailman@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.4 required=5.0 tests=AWL,NO_REAL_NAME autolearn=no version=2.60 This is a reminder, sent out once a month, about your ietf.org mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, lemonade-request@ietf.org) containing just the word 'help' in the message body, and an email message will be sent to you with instructions. *************************************************************************** Note Well All statements related to the activities of the IETF and addressed to the IETF are subject to all provisions of Section 10 of RFC 2026, which grants to the IETF and its participants certain licenses and rights in such statements. Such statements include verbal statements in IETF meetings, as well as written and electronic communications made at any time or place, which are addressed to * the IETF plenary session, * any IETF working group or portion thereof, * the IESG, or any member thereof on behalf of the IESG, * the IAB or any member thereof on behalf of the IAB, * any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices, * the RFC Editor or the Internet-Drafts function Statements made outside of an IETF meeting, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not subject to these provisions. *************************************************************************** If you have questions, problems, comments, etc, send them to mailman-owner@www1.ietf.org. Thanks! Passwords for lemonade-web-archive@ietf.org: List Password // URL ---- -------- lemonade@ietf.org ewunaw https://www1.ietf.org/mailman/options/lemonade/lemonade-web-archive%40ietf.org From exim@www1.ietf.org Mon Mar 1 20:30:33 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA19912 for ; Mon, 1 Mar 2004 20:30:33 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxyjW-00071J-Ek for lemonade-archive@odin.ietf.org; Mon, 01 Mar 2004 20:30:06 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i221U6Ow026983 for lemonade-archive@odin.ietf.org; Mon, 1 Mar 2004 20:30:06 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxyjV-000717-WF for lemonade-web-archive@optimus.ietf.org; Mon, 01 Mar 2004 20:30:06 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA19827 for ; Mon, 1 Mar 2004 20:30:02 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AxyjT-0007lr-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 20:30:03 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AxyiV-0007dY-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 20:29:04 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1Axyha-0007V7-00 for lemonade-web-archive@ietf.org; Mon, 01 Mar 2004 20:28:06 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AxyhV-0006bD-KM; Mon, 01 Mar 2004 20:28:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Axygq-0006XZ-0q for lemonade@optimus.ietf.org; Mon, 01 Mar 2004 20:27:20 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA19681 for ; Mon, 1 Mar 2004 20:27:16 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Axygn-0007NF-00 for lemonade@ietf.org; Mon, 01 Mar 2004 20:27:17 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Axyfv-0007Dp-00 for lemonade@ietf.org; Mon, 01 Mar 2004 20:26:24 -0500 Received: from joy.songbird.com ([208.184.79.7]) by ietf-mx with esmtp (Exim 4.12) id 1Axyer-0006wL-00 for lemonade@ietf.org; Mon, 01 Mar 2004 20:25:17 -0500 Received: from BBFUJIP.brandenburg.com (jay.songbird.com [208.184.79.253]) by joy.songbird.com (8.11.6/8.11.6) with ESMTP id i221XTd02036; Mon, 1 Mar 2004 17:33:30 -0800 Date: Tue, 2 Mar 2004 10:24:39 +0900 From: Dave Crocker Reply-To: Dave Crocker Organization: Brandenburg InternetWorking X-Priority: 3 (Normal) Message-ID: <856686908.20040302102439@brandenburg.com> To: "Marcus D. Leech" CC: lemonade@ietf.org Subject: Re: [lemonade] Comments on PUSH and PULL drafts In-Reply-To: <404293D2.5418C007@nortelnetworks.com> References: <404293D2.5418C007@nortelnetworks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.7 required=5.0 tests=AWL,PRIORITY_NO_NAME autolearn=no version=2.60 Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Marcus, MDL> "trust inflation"--the IMAP server must trust some other party to MDL> ask for chunks of e-mail messages to be forwarded onwards. Making MDL> this work "right" requires a bunch of new security technology MDL> that is likely to be a fruitful spawning ground for security MDL> bugs. The IMAP server produces message contents to clients that have authenticated themselves. Like most such services, it uses a session model. The PULL mechanism uses a transaction-based, one-time authentication mechanism, carried with the retrieval request. At this level of description it does not sound as if the security exposures are all that different. The fact that the one-time mechanism uses an authentication string that is, itself, generated by the IMAP service, whereas the session model uses one that comes from unknown methods, might be interesting, but it is difficult to see how that increases risk. The fact that the transaction security string is passed to an IMAP client that, in turns, passes it to the SUBMIT server which does the PULL certainly makes the security of the two transfers significant. However it is hard to see how this poses a serious challenge or significantly raises risk. The fact that the transaction security string is good for retrieving only the associated data constrains the exposure. It's not clear what "new security technology" is required. A similar, third-party, security-based retrieval string scheme is exactly the basis for Tumbleweed's business and they have had pretty good success selling it for its security properties and, alas, for getting a patent on the technique. No, that does not mean the technique offers valid security or that it does not pose serious risk, but it is a nicely concrete demonstration that the methodology is not new. So your concern about "inflation" would be worth expanding on, please. We should also pay attention to the history of software complexity being a source of security exposure, too. If this is more difficult to implement in IMAP servers -- and they are already painfully complicated -- then it is likely that those servers will be even easier to break into. d/ d/ -- Dave Crocker Brandenburg InternetWorking Sunnyvale, CA USA _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 15:36:16 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA29656 for ; Tue, 2 Mar 2004 15:36:16 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyGcF-0007KX-UL for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 15:35:48 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i22KZlPM028175 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 15:35:47 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyGcF-0007KM-M1 for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 15:35:47 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA29649 for ; Tue, 2 Mar 2004 15:35:45 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyGcE-0001yx-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 15:35:46 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyGbJ-0001s7-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 15:34:49 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyGac-0001kx-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 15:34:06 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyGaX-0007Bw-D0; Tue, 02 Mar 2004 15:34:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyGaM-00078a-4R for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 15:33:50 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA29606 for ; Tue, 2 Mar 2004 15:33:47 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyGaK-0001jn-00 for lemonade@ietf.org; Tue, 02 Mar 2004 15:33:48 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyGZO-0001cg-00 for lemonade@ietf.org; Tue, 02 Mar 2004 15:32:50 -0500 Received: from goalie.snowshore.com ([216.57.133.4] helo=webshield.office.snowshore.com) by ietf-mx with smtp (Exim 4.12) id 1AyGZ9-0001VO-00 for lemonade@ietf.org; Tue, 02 Mar 2004 15:32:35 -0500 Received: from zoe.office.snowshore.com(192.168.1.172) by webshield.office.snowshore.com via csmap id 24779; Tue, 02 Mar 2004 15:32:00 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 2 Mar 2004 15:32:05 -0500 Message-ID: <4A3384433CE2AB46A63468CB207E209DB1A257@zoe.office.snowshore.com> Thread-Topic: Meeting Info Thread-Index: AcQAlWILHFqeoPc/SJuKBcghrcJvPw== From: "Eric Burger" To: "IETF LEMONADE (E-mail)" Content-Transfer-Encoding: quoted-printable Subject: [lemonade] Meeting Info Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable Drafts, etc. are still at http://flyingfox.snowshore.com/i-d/lemonade/ Meeting slides, agenda, etc. are at http://flyingfox.snowshore.com/i-d/lemonade/slides59/index.html The meeting page will get updated in real time if there are any changes. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 16:03:16 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01063 for ; Tue, 2 Mar 2004 16:03:16 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyH2N-0002G0-Mj for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 16:02:48 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i22L2l81008676 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 16:02:47 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyH2M-0002Fr-Vw for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 16:02:47 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01022 for ; Tue, 2 Mar 2004 16:02:44 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyH2L-0005Vm-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 16:02:45 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyH1Q-0005OY-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 16:01:49 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyH0h-0005HN-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 16:01:03 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyH0f-0001yg-94; Tue, 02 Mar 2004 16:01:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Axwji-0007ig-Mf for lemonade@optimus.ietf.org; Mon, 01 Mar 2004 18:22:11 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA12597 for ; Mon, 1 Mar 2004 18:22:06 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Axwjf-0007dW-00 for lemonade@ietf.org; Mon, 01 Mar 2004 18:22:07 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Axwif-0007Ws-00 for lemonade@ietf.org; Mon, 01 Mar 2004 18:21:06 -0500 Received: from joy.songbird.com ([208.184.79.7]) by ietf-mx with esmtp (Exim 4.12) id 1Axwhs-0007Lj-00 for lemonade@ietf.org; Mon, 01 Mar 2004 18:20:16 -0500 Received: from BBFUJIP.brandenburg.com (jay.songbird.com [208.184.79.253]) by joy.songbird.com (8.11.6/8.11.6) with ESMTP id i21NSNd26669; Mon, 1 Mar 2004 15:28:24 -0800 Date: Tue, 2 Mar 2004 07:06:09 +0900 From: Dave Crocker Organization: Brandenburg InternetWorking X-Priority: 3 (Normal) Message-ID: <1148521083.20040302070609@brandenburg.com> To: "Marcus D. Leech" CC: lemonade@ietf.org Subject: Re: [lemonade] Comments on PUSH and PULL drafts In-Reply-To: <404293D2.5418C007@nortelnetworks.com> References: <404293D2.5418C007@nortelnetworks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.8 required=5.0 tests=AWL,PRIORITY_NO_NAME autolearn=no version=2.60 Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Marcus, MDL> "trust inflation"--the IMAP server must trust some other party to MDL> ask for chunks of e-mail messages to be forwarded onwards. Making MDL> this work "right" requires a bunch of new security technology MDL> that is likely to be a fruitful spawning ground for security MDL> bugs. The IMAP server produces message contents to clients that have authenticated themselves. Like most such services, it uses a session model. The PULL mechanism uses a transaction-based, one-time authentication mechanism, carried with the retrieval request. At this level of description it does not sound as if the security exposures are all that different. The fact that the one-time mechanism uses an authentication string that is, itself, generated by the IMAP service, whereas the session model uses one that comes from unknown methods, might be interesting, but it is difficult to see how that increases risk. The fact that the transaction security string is passed to an IMAP client that, in turns, passes it to the SUBMIT server which does the PULL certainly makes the security of the two transfers significant. However it is hard to see how this poses a serious challenge or significantly raises risk. The fact that the transaction security string is good for retrieving only the associated data constrains the exposure. It's not clear what "new security technology" is required. A similar, third-party, security-based retrieval string scheme is exactly the basis for Tumbleweed's business and they have had pretty good success selling it for its security properties and, alas, for getting a patent on the technique. No, that does not mean the technique offers valid security or that it does not pose serious risk, but it is a nicely concrete demonstration that the methodology is not new. So your concern about "inflation" would be worth expanding on, please. We should also pay attention to the history of software complexity being a source of security exposure, too. If this is more difficult to implement in IMAP servers -- and they are already painfully complicated -- then it is likely that those servers will be even easier to break into. d/ d/ -- Dave Crocker Brandenburg InternetWorking Sunnyvale, CA USA _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 16:26:18 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01758 for ; Tue, 2 Mar 2004 16:26:18 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyHOf-0004i2-UU for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 16:25:50 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i22LPnBl018100 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 16:25:49 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyHOf-0004hq-LC for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 16:25:49 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01745 for ; Tue, 2 Mar 2004 16:25:46 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyHOd-0000nR-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 16:25:47 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyHNm-0000eu-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 16:24:54 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyHMu-0000U4-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 16:24:00 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyHMu-0004WO-R5; Tue, 02 Mar 2004 16:24:00 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyHMi-0004Vj-Jh for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 16:23:51 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01698 for ; Tue, 2 Mar 2004 16:23:45 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyHMg-0000Ru-00 for lemonade@ietf.org; Tue, 02 Mar 2004 16:23:46 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyHLn-0000Kw-00 for lemonade@ietf.org; Tue, 02 Mar 2004 16:22:52 -0500 Received: from ihemail2.lucent.com ([192.11.222.163] helo=ihemail2.firewall.lucent.com) by ietf-mx with esmtp (Exim 4.12) id 1AyHLJ-0000CS-00 for lemonade@ietf.org; Tue, 02 Mar 2004 16:22:21 -0500 Received: from il0015exch001h.wins.lucent.com (h135-1-23-83.lucent.com [135.1.23.83]) by ihemail2.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i22LLmr29151 for ; Tue, 2 Mar 2004 15:21:49 -0600 (CST) Received: by il0015exch001h.ih.lucent.com with Internet Mail Service (5.5.2657.72) id <15V7PPY3>; Tue, 2 Mar 2004 15:21:47 -0600 Message-ID: <54E40201497DF142B06B27255953F7970B258032@il0015exch007u.ih.lucent.com> From: "Vaudreuil, Greg M (Greg)" To: Mark Crispin , Rob Siemborski Cc: "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts Date: Tue, 2 Mar 2004 15:21:40 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 While submission servers can and should authenticate using per-user credentials, this still seems to be an operational exception rather than the rule. The Pull proposal counts upon operational behavior change here, and I am not yet convinced that it is reasonable. One possible example: - For ISP's and the like, the submit server lives in a DMZ-like environment where there are requirements to limit access to sensitive data like user credentials. It is more "secure" from some perspectives to authorize based on source IP address (is it on my network) than to expose and use per-user authentication. Here anti-spam and authentication database protection are somewhat at odds. Greg V. -----Original Message----- From: Mark Crispin [mailto:mrc@CAC.Washington.EDU] Sent: Tuesday, March 02, 2004 1:20 AM To: Rob Siemborski Cc: Marcus D. Leech; lemonade@ietf.org Subject: Re: [lemonade] Comments on PUSH and PULL drafts On Mon, 1 Mar 2004, Rob Siemborski wrote: > there are also ones present in a "push" model -- that is, the SUBMIT > server needs to trust the IMAP server to submit messages on behalf of the > user. The security arguments that are advanced to favor PUSH over PULL all seem to assume that SUBMIT servers are SMTP servers with no authentication. Since such SUBMIT servers promiscuously trust everybody, there are no added security considerations in trusting an IMAP server. Many of us are deploying SUBMIT servers which require authentication; and the SUBMIT authentication credentials are not necessarily the same as those for an IMAP server. The PUSH model makes no attempt to acknowledge that such a concept exists, much less support this environment. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 16:37:31 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA02340 for ; Tue, 2 Mar 2004 16:37:31 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyHZX-0005QN-MX for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 16:37:04 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i22Lb39t020832 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 16:37:03 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyHZX-0005Pk-2y for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 16:37:03 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA02326 for ; Tue, 2 Mar 2004 16:37:00 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyHZV-0002Ll-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 16:37:01 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyHYc-0002CX-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 16:36:07 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyHXi-00023S-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 16:35:10 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyHXa-0005EI-7s; Tue, 02 Mar 2004 16:35:02 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyHXO-0005Dr-EU for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 16:34:50 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA02172 for ; Tue, 2 Mar 2004 16:34:47 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyHXM-000223-00 for lemonade@ietf.org; Tue, 02 Mar 2004 16:34:48 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyHWS-0001v0-00 for lemonade@ietf.org; Tue, 02 Mar 2004 16:33:53 -0500 Received: from mxout3.cac.washington.edu ([140.142.32.166]) by ietf-mx with esmtp (Exim 4.12) id 1AyHVu-0001ni-00 for lemonade@ietf.org; Tue, 02 Mar 2004 16:33:18 -0500 Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.9]) by mxout3.cac.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i22LXGWS017349; Tue, 2 Mar 2004 13:33:16 -0800 Received: from Tomobiki-Cho.CAC.Washington.EDU (tomobiki-cho.cac.washington.edu [128.95.135.58]) (authenticated bits=0) by smtp.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i22LXFv2000938 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 2 Mar 2004 13:33:16 -0800 Date: Tue, 2 Mar 2004 13:33:16 -0800 (Pacific Standard Time) From: Mark Crispin To: "Vaudreuil, Greg M (Greg)" cc: Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts In-Reply-To: <54E40201497DF142B06B27255953F7970B258032@il0015exch007u.ih.lucent.com> Message-ID: References: <54E40201497DF142B06B27255953F7970B258032@il0015exch007u.ih.lucent.com> Organization: Networks & Distributed Computing MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 On Tue, 2 Mar 2004, Vaudreuil, Greg M (Greg) wrote: > While submission servers can and should authenticate using per-user > credentials, this still seems to be an operational exception rather than > the rule. Is that really true? None of the submission servers that I have access to permit access without per-user credentials. > - For ISP's and the like, the submit server lives in a DMZ-like > environment where there are requirements to limit access to sensitive > data like user credentials. It is more "secure" from some perspectives > to authorize based on source IP address (is it on my network) than to > expose and use per-user authentication. This observation may have been valid 10 years ago, but subsequent events have overtaken it. The technology of IP address spoofing is well-developed and used by the bad guys to defeat those who believe that source IP address validation is good enough. Authentication technologies exist that do not convey useful information to a third-party monitoring the authentication. SSL/TLS is widely deployed, and effectively defeats monitoring. New technology being defined today should consider the environment being deployed now and in the future, and not create needless dependencies on the environment that was deployed in the past. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 17:25:19 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA04877 for ; Tue, 2 Mar 2004 17:25:19 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyIJn-0001z1-Se for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 17:24:52 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i22MOpdu007617 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 17:24:51 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyIJn-0001ym-Jd for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 17:24:51 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA04849 for ; Tue, 2 Mar 2004 17:24:48 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyIJl-0001hV-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 17:24:49 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyIIu-0001Yi-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 17:23:56 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyII0-0001Q0-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 17:23:00 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyII1-0001XC-2D; Tue, 02 Mar 2004 17:23:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyIHn-0001We-Re for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 17:22:48 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA04777 for ; Tue, 2 Mar 2004 17:22:44 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyIHl-0001Nw-00 for lemonade@ietf.org; Tue, 02 Mar 2004 17:22:45 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyIGn-0001FY-00 for lemonade@ietf.org; Tue, 02 Mar 2004 17:21:46 -0500 Received: from auemail1.lucent.com ([192.11.223.161] helo=auemail1.firewall.lucent.com) by ietf-mx with esmtp (Exim 4.12) id 1AyIFp-000103-00 for lemonade@ietf.org; Tue, 02 Mar 2004 17:20:45 -0500 Received: from il0015exch001h.wins.lucent.com (h135-1-23-83.lucent.com [135.1.23.83]) by auemail1.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i22MKCA08912 for ; Tue, 2 Mar 2004 16:20:12 -0600 (CST) Received: by il0015exch001h.ih.lucent.com with Internet Mail Service (5.5.2657.72) id <15V7PWV4>; Tue, 2 Mar 2004 16:20:11 -0600 Message-ID: <54E40201497DF142B06B27255953F7970B25810C@il0015exch007u.ih.lucent.com> From: "Vaudreuil, Greg M (Greg)" To: Mark Crispin Cc: Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts Date: Tue, 2 Mar 2004 16:20:09 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 Thanks for the quick reply, i'd like to come to better understanding in these hours before our face-to-face. TLS/SSL hides addresses over the network, but that is not the threat I am concerned with. The threat is that an attacker will gain control over the Submission server and use it to harvest credentials buried within the inner security ring of a service provider. In general, connections from the dirty internet are to bastion, sacrificial servers with minimal value-add, and which pass the protocol or data to a more trusted host within the defended network. It is this model I want to support with any solution we deploy. Again, it may be possible to support this with an SMTP-level protocol proxy, but if I already have an IMAP-level proxy, then I'd rather re-use it. And of course, Ned loves to tell stories about how brain-dead SMTP proxies have made the world a better place :-( I'm sure you can tell stories of why IMAP proxies are equally nasty. Maybe we can agree that one of these things is better than two? In the interests of addressing my needs within the context of the pull proposal, can you describe what new developments in the past ten years make my customers paranoid DMZ-based approach less necessary? I see only further examples of such paranoia, such as enterprises allowing submission only from clients residing within the corporate network, an inconvenience requiring me to use a VPN or SSL to send mail from the IETF! Greg V. -----Original Message----- From: Mark Crispin [mailto:MRC@CAC.Washington.EDU] Sent: Wednesday, March 03, 2004 6:33 AM To: Vaudreuil, Greg M (Greg) Cc: Rob Siemborski; Marcus D. Leech; lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts On Tue, 2 Mar 2004, Vaudreuil, Greg M (Greg) wrote: > While submission servers can and should authenticate using per-user > credentials, this still seems to be an operational exception rather than > the rule. Is that really true? None of the submission servers that I have access to permit access without per-user credentials. > - For ISP's and the like, the submit server lives in a DMZ-like > environment where there are requirements to limit access to sensitive > data like user credentials. It is more "secure" from some perspectives > to authorize based on source IP address (is it on my network) than to > expose and use per-user authentication. This observation may have been valid 10 years ago, but subsequent events have overtaken it. The technology of IP address spoofing is well-developed and used by the bad guys to defeat those who believe that source IP address validation is good enough. Authentication technologies exist that do not convey useful information to a third-party monitoring the authentication. SSL/TLS is widely deployed, and effectively defeats monitoring. New technology being defined today should consider the environment being deployed now and in the future, and not create needless dependencies on the environment that was deployed in the past. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 18:16:27 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA07756 for ; Tue, 2 Mar 2004 18:16:27 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJ7I-0003w6-8R for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 18:16:00 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i22NG0Bj015124 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 18:16:00 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJ7I-0003vr-1p for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 18:16:00 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA07698 for ; Tue, 2 Mar 2004 18:15:55 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyJ7F-0000j0-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 18:15:57 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyJ6E-0000cJ-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 18:14:54 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyJ5Q-0000Uv-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 18:14:04 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJ5M-00039G-RU; Tue, 02 Mar 2004 18:14:00 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJ5H-000350-6I for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 18:13:55 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA07485 for ; Tue, 2 Mar 2004 18:13:50 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyJ5E-0000UF-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:13:52 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyJ4J-0000NF-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:12:56 -0500 Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx with esmtp (Exim 4.12) id 1AyJ3b-0000Fm-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:12:11 -0500 Received: from magus.qualcomm.com (magus.qualcomm.com [129.46.61.148]) by ithilien.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id i22NC9vf000466; Tue, 2 Mar 2004 15:12:09 -0800 (PST) Received: from [172.16.41.239] (vpn-10-50-0-43.qualcomm.com [10.50.0.43]) by magus.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id i22NBmVM029023; Tue, 2 Mar 2004 15:12:02 -0800 (PST) Mime-Version: 1.0 Message-Id: In-Reply-To: References: X-Mailer: Eudora for Mac OS X v6.1a Date: Tue, 2 Mar 2004 15:02:03 -0800 To: Pete Resnick , Steve Hole From: Randall Gellens Subject: Re: [lemonade] Re: Can I offer you some lemonade? Cc: lemonade@ietf.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Random-Sig-Tag: 1.0b26 Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 At 12:57 PM -0600 2/18/04, Pete Resnick wrote: > The pull mechanism envisioned here is that the client issues > effectively a special DATA command where it can say, "Here's some > message headers" followed by "here's a URI to some data to insert > here", followed by more text or more URIs. I'm not asking about > limiting it to one URI scheme. I'm asking what you would think if > we limited it to a single URI per command, with no surrounding > text. That is, what would you think if composition was always done > elsewhere and the submit server was only ever handed a single URI > to a completed message? Since the limitation you describe is a subset of the general case (where the client is able to issue multiple BURL commands), I'm not sure why it's needed or useful. Especially if the initial version limits the URLs to IMAP URLs. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly-selected tag: --------------- 1.) If the document should exist, it doesn't. 2.) If the document does exist, it's out of date. 3.) Only documentation for useless programs transcends the first two laws. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 18:28:35 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA08864 for ; Tue, 2 Mar 2004 18:28:35 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJJ2-00073U-O6 for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 18:28:09 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i22NS8oG027114 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 18:28:08 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJJ2-00073F-65 for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 18:28:08 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA08802 for ; Tue, 2 Mar 2004 18:28:03 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyJIz-0002mm-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 18:28:05 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyJI4-0002aG-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 18:27:08 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyJGx-0002Kq-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 18:25:59 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJGz-0006iM-5m; Tue, 02 Mar 2004 18:26:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJGC-0006J7-G5 for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 18:25:12 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA08511 for ; Tue, 2 Mar 2004 18:25:07 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyJG9-0002Ao-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:25:09 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyJFG-00020c-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:24:14 -0500 Received: from mxout6.cac.washington.edu ([140.142.33.20]) by ietf-mx with esmtp (Exim 4.12) id 1AyJEY-0001qQ-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:23:30 -0500 Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.9]) by mxout6.cac.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i22NNNX7018646; Tue, 2 Mar 2004 15:23:24 -0800 Received: from Tomobiki-Cho.CAC.Washington.EDU (tomobiki-cho.cac.washington.edu [128.95.135.58]) (authenticated bits=0) by smtp.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i22NNNfK016026 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 2 Mar 2004 15:23:23 -0800 Date: Tue, 2 Mar 2004 15:23:23 -0800 (Pacific Standard Time) From: Mark Crispin To: "Vaudreuil, Greg M (Greg)" cc: Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts In-Reply-To: <54E40201497DF142B06B27255953F7970B25810C@il0015exch007u.ih.lucent.com> Message-ID: References: <54E40201497DF142B06B27255953F7970B25810C@il0015exch007u.ih.lucent.com> Organization: Networks & Distributed Computing MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 Much of this becomes clearer when you consider a SUBMIT server to be a separate service from the SMTP server. As such, it is an authenticated service just as the IMAP service is. Such servers are not in the DMZ, unless being in the DMZ is a requirement to make outgoing SMTP connections. Of course, if you wish to allow submissions from outside, then it would have to be in the DMZ. However, this is pretty useless unless you also allow IMAP access from outside. In which case you don't really have a DMZ. So, for the purpose of discussion a DMZ type environment, this doesn't apply. Whether the SUBMIT server shares authentication credentials with the IMAP server, or has independent authentication credentials, is orthogonal. The key point to understand is that it does not impact Pull in either case. The reason is URLAUTH. URLAUTH restricts the access of the SUBMIT server to that data -- and only that data -- authorized by the sender of the message. There are additional value-added bells and whistles in URLAUTH so that, for example, the SUBMIT server may be required to authenticate itself as the SUBMIT server before it can use URLAUTH credentials. In Pull, there is no need for the IMAP server to have any credentials on the SUBMIT server. Nor is there a need for the SUBMIT server to have per-user credentials on the IMAP server (it *may* have credentials to prove that it's the SUBMIT server as value-added paranoia). Push, on the other hand, presumes an authentication model in which either the SUBMIT server trusts the IMAP server completely, or the SUBMIT server is passed the credentials from the IMAP server. As for your question as to which is better, an IMAP proxy or an SMTP proxy. Both are evil and fiendishly difficult to get right. However, having written both, an SMTP proxy is much simpler than an IMAP proxy. Finally, your comment about being required to use VPN or SSL/TLS to send mail from the IETF is what I'm talking about. For people like me, this is nothing new. For a few years now, I can not submit without authenticating to the SUBMIT server first, and unless I have Kerberos credentials I can't authenticate to the SUBMIT server without negotiating TLS with it first. We still have a path in which clients from "good IP addresses" are allowed to submit without authentication. That path periodically causes our outgoing mailers (which are different from the SUBMIT servers) to get listed in various RBLs. Thanks to virus authors and spammers, non-authenticated submission from "trusted" addresses is on its way out. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 18:50:22 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA10286 for ; Tue, 2 Mar 2004 18:50:22 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJe7-0001lP-Mj for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 18:49:57 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i22NntbG006778 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 18:49:55 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJe7-0001lF-EH for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 18:49:55 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA10278 for ; Tue, 2 Mar 2004 18:49:50 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyJe4-0006GD-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 18:49:52 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyJd8-00069G-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 18:48:54 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyJcO-00062Q-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 18:48:08 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJcI-0001AN-Oq; Tue, 02 Mar 2004 18:48:02 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJcB-0001A8-1e for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 18:47:55 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA10184 for ; Tue, 2 Mar 2004 18:47:50 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyJc7-00061T-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:47:52 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyJbF-0005uq-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:46:58 -0500 Received: from mxout2.cac.washington.edu ([140.142.33.4]) by ietf-mx with esmtp (Exim 4.12) id 1AyJas-0005nd-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:46:34 -0500 Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.9]) by mxout2.cac.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i22NkXV5020027; Tue, 2 Mar 2004 15:46:33 -0800 Received: from Tomobiki-Cho.CAC.Washington.EDU (tomobiki-cho.cac.washington.edu [128.95.135.58]) (authenticated bits=0) by smtp.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i22NkXBG018996 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 2 Mar 2004 15:46:33 -0800 Date: Tue, 2 Mar 2004 15:46:33 -0800 (Pacific Standard Time) From: Mark Crispin To: "Vaudreuil, Greg M (Greg)" cc: Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts In-Reply-To: <54E40201497DF142B06B27255953F7970B2581A5@il0015exch007u.ih.lucent.com> Message-ID: References: <54E40201497DF142B06B27255953F7970B2581A5@il0015exch007u.ih.lucent.com> Organization: Networks & Distributed Computing MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 On Tue, 2 Mar 2004, Vaudreuil, Greg M (Greg) wrote: > A quibble... I view the IMAP server in the push model to be the submit > server... no reason to pass credentials to a subsequent submit server, > the user is already authenticated. That still presumes that credentials to access mail are equivalent to credentials to post mail. That's not always the case now. If mobile clients make that a requirement, that will limit the cases in which mobile clients can be used. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 19:15:18 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA11881 for ; Tue, 2 Mar 2004 19:15:18 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyK2F-0005Sz-3f for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 19:14:51 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i230EpF1021012 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 19:14:51 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyK2E-0005Sp-TN for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 19:14:50 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA11858 for ; Tue, 2 Mar 2004 19:14:47 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyK2D-0002DZ-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 19:14:49 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyK1J-00025U-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 19:13:53 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyK0Q-0001x9-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 19:12:58 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyK0Q-0005J3-Jc; Tue, 02 Mar 2004 19:12:58 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyK0I-0005Ik-Jd for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 19:12:50 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA11723 for ; Tue, 2 Mar 2004 19:12:47 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyK0H-0001vZ-00 for lemonade@ietf.org; Tue, 02 Mar 2004 19:12:49 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyJzI-0001n1-00 for lemonade@ietf.org; Tue, 02 Mar 2004 19:11:48 -0500 Received: from mxout5.cac.washington.edu ([140.142.32.135]) by ietf-mx with esmtp (Exim 4.12) id 1AyJyH-0001Y3-00 for lemonade@ietf.org; Tue, 02 Mar 2004 19:10:45 -0500 Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.9]) by mxout5.cac.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i230AeLo028374; Tue, 2 Mar 2004 16:10:40 -0800 Received: from Tomobiki-Cho.CAC.Washington.EDU (tomobiki-cho.cac.washington.edu [128.95.135.58]) (authenticated bits=0) by smtp.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i230AeNO021796 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 2 Mar 2004 16:10:40 -0800 Date: Tue, 2 Mar 2004 16:10:40 -0800 (Pacific Standard Time) From: Mark Crispin To: "Vaudreuil, Greg M (Greg)" cc: Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts In-Reply-To: <54E40201497DF142B06B27255953F7970B2581C2@il0015exch007u.ih.lucent.com> Message-ID: References: <54E40201497DF142B06B27255953F7970B2581C2@il0015exch007u.ih.lucent.com> Organization: Networks & Distributed Computing MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 On Tue, 2 Mar 2004, Vaudreuil, Greg M (Greg) wrote: > Can you describe some mobile client cases that would be precluded? I > was assuming the credentials for access and submission were the same.... Consider a public/group access IMAP server where you don't have an individual account. You can choose to preclude mobile client use with such servers, but you need to recognize that you are doing that. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 19:23:28 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA12417 for ; Tue, 2 Mar 2004 19:23:28 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyKA9-0006zC-LB for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 19:23:01 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i230N1Pa026853 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 19:23:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyKA9-0006z2-GT for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 19:23:01 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA12377 for ; Tue, 2 Mar 2004 19:22:58 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyKA8-0003Jp-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 19:23:00 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyK98-0003BI-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 19:22:00 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyK8O-00033N-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 19:21:12 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyK8I-0006fa-9p; Tue, 02 Mar 2004 19:21:06 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyK7F-0006Ru-N4 for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 19:20:01 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA12212 for ; Tue, 2 Mar 2004 19:19:58 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyK7E-0002tv-00 for lemonade@ietf.org; Tue, 02 Mar 2004 19:20:00 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyK6H-0002lM-00 for lemonade@ietf.org; Tue, 02 Mar 2004 19:19:02 -0500 Received: from goalie.snowshore.com ([216.57.133.4] helo=webshield.office.snowshore.com) by ietf-mx with smtp (Exim 4.12) id 1AyK5L-0002VV-00 for lemonade@ietf.org; Tue, 02 Mar 2004 19:18:03 -0500 Received: from zoe.office.snowshore.com(192.168.1.172) by webshield.office.snowshore.com via csmap id 26702; Tue, 02 Mar 2004 19:17:29 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 2 Mar 2004 19:17:26 -0500 Message-ID: <4A3384433CE2AB46A63468CB207E209DB1A25D@zoe.office.snowshore.com> Thread-Topic: Security Review of URLAUTH Thread-Index: AcQAtOSsKLf/siFZQCuagF359I04bA== From: "Eric Burger" To: "IETF LEMONADE (E-mail)" Content-Transfer-Encoding: quoted-printable Subject: [lemonade] Security Review of URLAUTH Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable The following is a security review that we requested. It is in a raw = format, and may be updated. Since we didn't have time to ask for = permission, we're posting it anonymously. Ted asked us to post it; he would have done it if his e-mail wasn't = broken :-/ We have not reviewed it and has no endorsement or discussion from the = Work Group Chairs. Overview > > > draft-crispin-imap-urlauth-06.txt > describes extensions to the IMAP URL to > add a capability cookie. This cookie > is stored in the URLAUTH parameter. > The cookie transforms the URL into a > capability for accessing a message or > part of a message on the IMAP server. > The capability can be restricted to be > valid for a single user, or for any > user that can perform one of a listed > set of roles. One of the roles is > anonymous; such a URL serves as a > capability for anyone who knows the URL > to access the resource. > >This feature is desirable at least in part because of small clients >trying to send large message attachments. For example, you receive a >large powerpoint presentation on your phone and wish to forward it to >someone else. You don't want to download the entire presentation only >to upload it to your message composition server. So instead, you >generate one of these URLs and provide that URL to your message server >. That grants your composition server the capability of getting the >presentation from your IMAP server to include in your outgoing mail. > >Two mechanisms are provided for generating these URLs. The first is a >signurl command. The client provides a URL without the URLAUTH >parameter and the server adds a signature in some >implementation-specified manner. The client can distribute the URL >which can later be used as an argument to the fetchurl command. > >Alternatively, there is a mechanism specified so that the client can >generate URLAUTH parameters on its own without involving the server. >The client retrieves the mailbox's "signature" key and generates a >URLAUTh parameter. Note that the signature is typically a symmetric >authentication code, not a public-key signature. > >A mechanism is provided to generate a new mailbox signature key, >invalidating all existing URLs. > > The HMAC-md5 Signature Mechanism > >The most significant problem with the document is the HMAC-MD5 >signature mechanism. This mechanism is defined in a single paragraph >and allows clients to sign URLs without involving the server. > >I believe there is a high cost to standardizing mechanisms to allow >clients to sign URLs without involving the server. If there is an >error or cryptographic deficiency in such a mechanism then this error >needs to be corrected by standards action. We need to wait for all >the clients to be updated. Server implementers need to make choices >about whether accepting the weak mechanism is an acceptable security >risk. > >However if we require the signurl command be used then the >cryptography used is entirely an internal matter for the IMAP server. >If problems are found, they can be fixed between server versions. > >The disadvantage of not having a client-side signature solution is >that clients will need another round trip to sign a part of a message. >I'd recommend that we try to see how bad this is in practice and only >standardize a client-side signature mechanism if a clear need exists >for it. > >If we do standardize a client-side signature mechanism it should not >be based on MD5. Instead a more modern hash (SHA-1 or SHA-2) should >be used. In addition, test vectors should be included and the >specification should be more clear on what data is included in the >checksum. If the working group does decide to get into the business >of designing cryptographic protocols for client-side signature >mechanisms, these protocols should be carefully reviewed. > > > Internal Signature Mechanism > >The document defines the internal mechanism which can be used with the >signurl command. Especially if the HMAC-MD5 mechanism is removed, an >example of how an internal mechanism could be implemented should be >provided. Also, security discussion describing problems to avoid >would be very useful. > > Basic security Concerns > >The mechanism seems reasonably sound. However, the definition of the >URLAUTH attribute requires that the signature is at most 128 bits: > > When ";URLAUTH=3D" is used, this indicates a = authentication > signature mechanism name and a 128-bit authentication signature, > represented as an ASCII-encoded hexadecimal string, which is used = to > authorize the URL. The calculation of the authentication = signature > depends upon the mechanism used. > >I believe that larger signatures should be used. I would expect You'd >want to at least allow for SHA-1 or SHA-2 checksums to be used as part >of signatures. > >The document does not address URL canonicalization issues. The >suggested signature mechanisms all depend on bit level equivalence of >URLs. We should confirm with the URI community that depending on >clients not to modify URIs is reasonable and make sure they have >reviewed this draft. > >The document introduces a new architectural complexity in the message >storage/delivery. The composition server is expected to contact the >user's IMAP server. The composition server needs authenticate to the >user's IMAP server as some composition role account. These >architectural issues should be considered. They clearly have security >implications. For example, the composition and IMAP server's firewall >configuration must permit the connection. The servers must share a >SASL mechanism and some authentication crdentials. These issues >should be considered. I think the proposed extension is still >justified, but these architectural issues should be discussed both >within the working group and within the resulting document. > >The procedure for generating signatures and discussing signature >validation assumes that signatures are deterministic. This may be a >reasonable assumption to make but it should be made explicitly. > > Technical Nits > >Reviewing this draft was difficult because it includes no section >numbers, no page breaks and no page numbers. Referring to specific >parts of the draft is thus impossible. > > >The draft claims that anonymous role URLs MUST NOT be sent over >unencrypted connections. Why not? This mechanism seems reasonable to >publish parts of a message archive on the web even if the archive as a >whole is restricted. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 2 21:22:35 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21494 for ; Tue, 2 Mar 2004 21:22:35 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyM1Q-0000kv-6o for lemonade-archive@odin.ietf.org; Tue, 02 Mar 2004 21:22:08 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i232M8tG002904 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 21:22:08 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyM1Q-0000kl-1b for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 21:22:08 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21448 for ; Tue, 2 Mar 2004 21:22:05 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyM1N-0007KC-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 21:22:05 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyM0R-0007AM-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 21:21:07 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AyLzV-00072M-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 21:20:09 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyLzQ-0000Px-A4; Tue, 02 Mar 2004 21:20:04 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyLyQ-0000Ol-3Q for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 21:19:02 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21406 for ; Tue, 2 Mar 2004 21:18:59 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyLyN-0006u5-00 for lemonade@ietf.org; Tue, 02 Mar 2004 21:18:59 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyLxV-0006kk-00 for lemonade@ietf.org; Tue, 02 Mar 2004 21:18:05 -0500 Received: from goalie.snowshore.com ([216.57.133.4] helo=webshield.office.snowshore.com) by ietf-mx with smtp (Exim 4.12) id 1AyLwb-0006VC-00 for lemonade@ietf.org; Tue, 02 Mar 2004 21:17:09 -0500 Received: from zoe.office.snowshore.com(192.168.1.172) by webshield.office.snowshore.com via csmap id 24797; Tue, 02 Mar 2004 21:16:34 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 2 Mar 2004 21:16:40 -0500 Message-ID: <4A3384433CE2AB46A63468CB207E209DB1A262@zoe.office.snowshore.com> Thread-Topic: Author of the URLAUTH Security Review Thread-Index: AcQAxY2tZoFmwyj8SgiZR9vZGF5mvA== From: "Eric Burger" To: "IETF LEMONADE (E-mail)" Content-Transfer-Encoding: quoted-printable Subject: [lemonade] Author of the URLAUTH Security Review Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable Is Sam Hartman. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Wed Mar 3 23:57:15 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA27636 for ; Wed, 3 Mar 2004 23:57:15 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Aykud-0008G8-RJ for lemonade-archive@odin.ietf.org; Wed, 03 Mar 2004 23:56:48 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i244ulah031742 for lemonade-archive@odin.ietf.org; Wed, 3 Mar 2004 23:56:47 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Aykud-0008Ft-Mv for lemonade-web-archive@optimus.ietf.org; Wed, 03 Mar 2004 23:56:47 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA27478 for ; Wed, 3 Mar 2004 23:56:44 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Aykub-00019S-00 for lemonade-web-archive@ietf.org; Wed, 03 Mar 2004 23:56:45 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Ayksu-0000dT-00 for lemonade-web-archive@ietf.org; Wed, 03 Mar 2004 23:55:01 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1AykrI-0000KL-02 for lemonade-web-archive@ietf.org; Wed, 03 Mar 2004 23:53:20 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1AykiU-00062y-Os for lemonade-web-archive@ietf.org; Wed, 03 Mar 2004 23:44:14 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AykiI-0006xy-DO; Wed, 03 Mar 2004 23:44:02 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ayki1-0006wd-DI for lemonade@optimus.ietf.org; Wed, 03 Mar 2004 23:43:45 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA26536 for ; Wed, 3 Mar 2004 23:43:42 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Aykhz-0006Is-00 for lemonade@ietf.org; Wed, 03 Mar 2004 23:43:43 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Aykgh-00060I-00 for lemonade@ietf.org; Wed, 03 Mar 2004 23:42:24 -0500 Received: from goalie.snowshore.com ([216.57.133.4] helo=webshield.office.snowshore.com) by ietf-mx with smtp (Exim 4.12) id 1Aykfc-0005Wd-00 for lemonade@ietf.org; Wed, 03 Mar 2004 23:41:16 -0500 Received: from zoe.office.snowshore.com(192.168.1.172) by webshield.office.snowshore.com via csmap id 18244; Wed, 03 Mar 2004 23:40:38 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Wed, 3 Mar 2004 23:40:47 -0500 Message-ID: <4A3384433CE2AB46A63468CB207E209DB1A29B@zoe.office.snowshore.com> Thread-Topic: [AVT] Updated RFCs on Copyright and IPR in relation to IETF Thread-Index: AcP21GDrnK/LPVbBSAilswRKNVniugKzZXSQ From: "Eric Burger" To: "IETF LEMONADE (E-mail)" Content-Transfer-Encoding: quoted-printable Subject: [lemonade] FW: Updated RFCs on Copyright and IPR in relation to IETF Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable -----Original Message----- From: Magnus Westerlund Hi, I would like to make all WG participants aware of that 3 RFC has been=20 published that updates your rights in submission to the IETF. I would=20 recommend that you look at them. Reasons why you should look at them = are: - RFC 3667 updates what an Internet draft needs to contain, thus it is=20 important that any document editor reads this. - RFC 3667 also regulates what rights you grant with any contribution to = the IETF. Please note that as contribution is also counted email to the=20 WG, speaking at the WG meeting. Please read the RFC for authoritative=20 text on this. - RFC 3668 describes what rules that apply for IPR disclosures, thus it=20 applies to any contributing to the IETF. - RFC 3669 contains guidelines for how to handle IPR in the WG. This can = be useful reading for people discussing, having or disclosing IPR. See document information, abstract and links below. Cheers Magnus BCP 78 RFC 3667 Title: IETF Rights in Contributions Author(s): S. Bradner Status: Best Current Practice Date: February 2004 Mailbox: sob@harvard.edu Pages: 18 Characters: 43297 SeeAlso: BCP 78 I-D Tag: draft-ietf-ipr-submission-rights-08.txt URL: ftp://ftp.rfc-editor.org/in-notes/rfc3667.txt The IETF policies about rights in Contributions to the IETF are designed to ensure that such Contributions can be made available to the IETF and Internet communities while permitting the authors to retain as many rights as possible. This memo details the IETF policies on rights in Contributions to the IETF. It also describes the objectives that the policies are designed to meet. This memo updates RFC 2026, and, with RFC 3668, replaces Section 10 of RFC 2026. BCP 79 RFC 3668 Title: Intellectual Property Rights in IETF Technology Author(s): S. Bradner Status: Best Current Practice Date: February 2004 Mailbox: sob@harvard.edu Pages: 17 Characters: 41365 SeeAlso: BCP 79 I-D Tag: draft-ietf-ipr-technology-rights-12.txt URL: ftp://ftp.rfc-editor.org/in-notes/rfc3668.txt The IETF policies about Intellectual Property Rights (IPR), such as patent rights, relative to technologies developed in the IETF are designed to ensure that IETF working groups and participants have as much information about any IPR constraints on a technical proposal as possible. The policies are also intended to benefit the Internet community and the public at large, while respecting the legitimate rights of IPR holders. This memo details the IETF policies concerning IPR related to technology worked on within the IETF. It also describes the objectives that the policies are designed to meet. This memo updates RFC 2026 and, with RFC 3667, replaces Section 10 of RFC 2026. This memo also updates paragraph 4 of Section 3.2 of RFC 2028, for all purposes, including reference [2] in RFC 2418. RFC 3669 Title: Guidelines for Working Groups on Intellectual Property Issues Author(s): S. Brim Status: Informational Date: February 2004 Mailbox: sbrim@cisco.com Pages: 17 Characters: 40946 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-ipr-wg-guidelines-05.txt URL: ftp://ftp.rfc-editor.org/in-notes/rfc3669.txt This memo lays out a conceptual framework and rules of thumb useful for working groups dealing with Intellectual Property Rights (IPR) issues. It documents specific examples of how IPR issues have been dealt with in the IETF. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Thu Mar 4 20:41:44 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26902 for ; Thu, 4 Mar 2004 20:41:44 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4Kz-0004gN-1L for lemonade-archive@odin.ietf.org; Thu, 04 Mar 2004 20:41:17 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i251fHYb017993 for lemonade-archive@odin.ietf.org; Thu, 4 Mar 2004 20:41:17 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4Ky-0004g8-T1 for lemonade-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 20:41:16 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26739 for ; Thu, 4 Mar 2004 20:41:14 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Az4Kw-0000JW-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:41:14 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Az4JY-0007ca-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:39:49 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1Az4I3-0007IP-02 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:38:15 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Az43L-0006TH-Tn for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:23:03 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az43J-0002Ju-RV; Thu, 04 Mar 2004 20:23:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az42O-000283-D9 for lemonade@optimus.ietf.org; Thu, 04 Mar 2004 20:22:04 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26000 for ; Thu, 4 Mar 2004 20:22:01 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Az42M-0004cw-00 for lemonade@ietf.org; Thu, 04 Mar 2004 20:22:02 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Az41S-0004Sx-00 for lemonade@ietf.org; Thu, 04 Mar 2004 20:21:06 -0500 Received: from goalie.snowshore.com ([216.57.133.4] helo=webshield.office.snowshore.com) by ietf-mx with smtp (Exim 4.12) id 1Az40z-0004Fo-00 for lemonade@ietf.org; Thu, 04 Mar 2004 20:20:37 -0500 Received: from zoe.office.snowshore.com(192.168.1.172) by webshield.office.snowshore.com via csmap id 29402; Thu, 04 Mar 2004 20:19:55 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Thu, 4 Mar 2004 20:19:58 -0500 Message-ID: <4A3384433CE2AB46A63468CB207E209DB1A2BF@zoe.office.snowshore.com> Thread-Topic: Number of recipients in messages (list admin) Thread-Index: AcQCT+FDbSOV12a0TW6X3jrmkQeOCw== From: "Eric Burger" To: "IETF LEMONADE (E-mail)" Content-Transfer-Encoding: quoted-printable Subject: [lemonade] Number of recipients in messages (list admin) Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable Folks - I just Approved a bunch of messages that were held because they had too = many recipients (To: and Cc:). We get a ton of spam; we can only get to the spam bucket "every now and = then". We do our best to clear out the list, and we have absolutely no = intention of stifling discussion. However, with the amount of spam we get, it is very easy to accidentally = delete a real message. Please, please, please trim the To: and Cc: to *the person* you are = responding to, if at all. It is a bit silly to Cc: someone that is = already on the list! Thanks. -- - Eric _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Thu Mar 4 20:41:47 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26931 for ; Thu, 4 Mar 2004 20:41:47 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L1-0004hB-PX for lemonade-archive@odin.ietf.org; Thu, 04 Mar 2004 20:41:20 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i251fJCe018043 for lemonade-archive@odin.ietf.org; Thu, 4 Mar 2004 20:41:19 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L1-0004gu-AZ for lemonade-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 20:41:19 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26752 for ; Thu, 4 Mar 2004 20:41:16 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Az4Kz-0000K3-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:41:17 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Az4Jb-0007d6-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:39:52 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1Az4I4-0007IP-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:38:16 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Az42M-0006RQ-8o for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:22:02 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az427-0001tI-9N; Thu, 04 Mar 2004 20:21:47 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyaDv-0008Of-JU for lemonade@optimus.ietf.org; Wed, 03 Mar 2004 12:31:59 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA12156 for ; Wed, 3 Mar 2004 12:31:56 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyaDu-0002gR-00 for lemonade@ietf.org; Wed, 03 Mar 2004 12:31:58 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyaCd-0002It-00 for lemonade@ietf.org; Wed, 03 Mar 2004 12:30:40 -0500 Received: from mxout3.cac.washington.edu ([140.142.32.166]) by ietf-mx with esmtp (Exim 4.12) id 1AyaBU-00024o-00 for lemonade@ietf.org; Wed, 03 Mar 2004 12:29:29 -0500 Received: from shiva1.cac.washington.edu (shiva1.cac.washington.edu [140.142.100.201]) by mxout3.cac.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i23HTQ9K011625; Wed, 3 Mar 2004 09:29:26 -0800 Received: from localhost (mrc@localhost) by shiva1.cac.washington.edu (8.12.11+UW04.02/8.12.11+UW04.02) with ESMTP id i23HTQdq011139; Wed, 3 Mar 2004 09:29:26 -0800 Date: Wed, 3 Mar 2004 09:29:26 -0800 (PST) From: Mark Crispin To: Rob Siemborski cc: "Vaudreuil, Greg M (Greg)" , Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts In-Reply-To: Message-ID: References: <54E40201497DF142B06B27255953F7970B2581A5@il0015exch007u.ih.lucent.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 On Wed, 3 Mar 2004, Rob Siemborski wrote: > > A quibble... I view the IMAP server in the push model to be the submit > > server... > This doesn't hold up if we are, indeed, only solving the > forward-without-download problem. Such clients still need to be able to > access an SMTP server for mail submission that is not > forward-without-download. > As many people are fond of saying on this list, solving anything beyond > forward-without-download is outside of our charter. That's a good point. If (as was said in Seoul) one of the purpose of Push is to insulate mobile clients from changes in SMTP, then the current Push proposal is not good enough since it exposes SMTP details. In order to insulate mobile clients from changes in SMTP via Push, you need a complete abstraction in IMAP -- essentially a new submit protocol layered in IMAP. And that is out of charter. That is the choice faced in the Push world: (1) create an SMTP-free way to do submit, overcoming charter objections, and hope that it stays useful after SMTP changes. (2) jacket SMTP-in-IMAP (as the current Push proposal does) and hope that changes in IMAP do not break it (3) create a mechanism which is only useful for forward-without-download, thus forcing all clients to implement two mechanisms to send mail. I find none of these choices appealing. (2) is a wretched compromise between the out-of-charter (1) and the obviously unsatisfactory (3). Wretched compromises lead to wretched implementations. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Thu Mar 4 20:41:48 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26945 for ; Thu, 4 Mar 2004 20:41:48 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L2-0004hZ-Ey for lemonade-archive@odin.ietf.org; Thu, 04 Mar 2004 20:41:20 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i251fKGd018067 for lemonade-archive@odin.ietf.org; Thu, 4 Mar 2004 20:41:20 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L2-0004hK-88 for lemonade-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 20:41:20 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26755 for ; Thu, 4 Mar 2004 20:41:17 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Az4Kz-0000KB-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:41:17 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Az4Jc-0007dL-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:39:53 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1Az4I4-0007IP-01 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:38:16 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Az42L-0006Rh-Py for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:22:01 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az429-0001u9-RL; Thu, 04 Mar 2004 20:21:49 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Ayf8i-0002GS-7j for lemonade@optimus.ietf.org; Wed, 03 Mar 2004 17:46:56 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA02318 for ; Wed, 3 Mar 2004 17:46:52 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Ayf8f-0000TV-00 for lemonade@ietf.org; Wed, 03 Mar 2004 17:46:53 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Ayf7h-0000Bq-00 for lemonade@ietf.org; Wed, 03 Mar 2004 17:45:54 -0500 Received: from ihemail2.lucent.com ([192.11.222.163] helo=ihemail2.firewall.lucent.com) by ietf-mx with esmtp (Exim 4.12) id 1Ayf6B-0007M1-00 for lemonade@ietf.org; Wed, 03 Mar 2004 17:44:19 -0500 Received: from il0015exch001h.wins.lucent.com (h135-1-23-83.lucent.com [135.1.23.83]) by ihemail2.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i23Mhk019584 for ; Wed, 3 Mar 2004 16:43:46 -0600 (CST) Received: by il0015exch001h.ih.lucent.com with Internet Mail Service (5.5.2657.72) id <15V7T66F>; Wed, 3 Mar 2004 16:43:45 -0600 Message-ID: <54E40201497DF142B06B27255953F7970B330E9B@il0015exch007u.ih.lucent.com> From: "Vaudreuil, Greg M (Greg)" To: Steve Hole , "Vaudreuil, Greg M (Greg)" Cc: Mark Crispin , Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts Date: Wed, 3 Mar 2004 16:43:36 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 Thanks to all who have responded on this point... call me more fully educated and now convinced that submission authentication is moving towards being the norm. I have also been convinced that my concern about authenticating the Submit path without granting access to the credential database to the submission server in the DMZ can be securely addressed in a number of ways, so I withdrawal that objection as well. On to the next issues. Greg V. -----Original Message----- From: Steve Hole [mailto:steve.hole@messagingdirect.com] Sent: Thursday, March 04, 2004 7:01 AM To: Vaudreuil, Greg M (Greg) Cc: Mark Crispin; Rob Siemborski; Marcus D. Leech; lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts On Tue, 2 Mar 2004 15:21:40 -0600 "Vaudreuil, Greg M (Greg)" wrote: > > While submission servers can and should authenticate using per-user > credentials, this still seems to be an operational exception rather than > the rule. The Pull proposal counts upon operational behavior change > here, and I am not yet convinced that it is reasonable. The whole thing is an operational change Greg. Beside, Sendmail has had SASL support for a long time now with all of the appropriate semantics for doing relay forwarding in authenticated state. Lot's of people use it that way for that purpose alone. This generalization that few people are doing this way is debatable at the very least. --- Steve Hole Chief Technology Officer - Billing and Payment Systems ACI Worldwide Phone: 780-424-4922 _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Thu Mar 4 20:41:48 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26951 for ; Thu, 4 Mar 2004 20:41:48 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L3-0004hr-49 for lemonade-archive@odin.ietf.org; Thu, 04 Mar 2004 20:41:21 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i251fLPD018085 for lemonade-archive@odin.ietf.org; Thu, 4 Mar 2004 20:41:21 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L2-0004hc-Tn for lemonade-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 20:41:21 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26772 for ; Thu, 4 Mar 2004 20:41:18 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Az4L0-0000KI-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:41:18 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Az4Jd-0007dY-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:39:54 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1Az4I4-0007IP-02 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:38:16 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Az42L-0006Rg-My for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:22:01 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az428-0001tf-ED; Thu, 04 Mar 2004 20:21:48 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyeT1-00072g-7Z for lemonade@optimus.ietf.org; Wed, 03 Mar 2004 17:03:51 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA29304 for ; Wed, 3 Mar 2004 17:03:48 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyeSz-0007Zq-00 for lemonade@ietf.org; Wed, 03 Mar 2004 17:03:49 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyeSc-0007R9-00 for lemonade@ietf.org; Wed, 03 Mar 2004 17:03:26 -0500 Received: from rembrandt.esys.ca ([198.161.92.131]) by ietf-mx with esmtp (Exim 4.12) id 1AyeRk-0007Cs-00 for lemonade@ietf.org; Wed, 03 Mar 2004 17:02:32 -0500 Received: from kepler.esys.ca (kepler.esys.ca [198.161.92.108]) (authenticated) by rembrandt.esys.ca (8.11.6/8.11.0.Beta0) with ESMTP id i23M0d529877; Wed, 3 Mar 2004 15:00:40 -0700 From: Steve Hole Date: Wed, 3 Mar 2004 15:01:12 -0700 To: "Vaudreuil, Greg M (Greg)" Subject: RE: [lemonade] Comments on PUSH and PULL drafts Cc: Mark Crispin , Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org In-Reply-To: <54E40201497DF142B06B27255953F7970B258032@il0015exch007u.ih.lucent.com> References: <54E40201497DF142B06B27255953F7970B258032@il0015exch007u.ih.lucent.com> Message-ID: Priority: NORMAL X-Mailer: Execmail for Linux 6.0.0 beta Build (1) MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable On Tue, 2 Mar 2004 15:21:40 -0600 "Vaudreuil, Greg M (Greg)"=20 wrote: >=20 > While submission servers can and should authenticate using per-user=20 > credentials, this still seems to be an operational exception rather tha= n=20 > the rule. The Pull proposal counts upon operational behavior change=20 > here, and I am not yet convinced that it is reasonable. The whole thing is an operational change Greg. Beside, Sendmail has had= =20 SASL support for a long time now with all of the appropriate semantics fo= r doing relay forwarding in authenticated state. Lot's of people use it=20 that way for that purpose alone. This generalization that few people are doing this way is debatable at th= e very least.=20 --- Steve Hole Chief Technology Officer - Billing and Payment Systems ACI Worldwide Phone: 780-424-4922 _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Thu Mar 4 20:41:49 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26969 for ; Thu, 4 Mar 2004 20:41:49 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L3-0004i9-Kz for lemonade-archive@odin.ietf.org; Thu, 04 Mar 2004 20:41:21 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i251fLbx018103 for lemonade-archive@odin.ietf.org; Thu, 4 Mar 2004 20:41:21 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L3-0004hu-F2 for lemonade-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 20:41:21 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26781 for ; Thu, 4 Mar 2004 20:41:18 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Az4L1-0000KR-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:41:19 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Az4Je-0007dk-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:39:55 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1Az4I4-0007IP-03 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:38:16 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Az42I-0006RK-Ri for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:22:00 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az421-0001rk-Gi; Thu, 04 Mar 2004 20:21:41 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJpi-0003O3-JZ for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 19:01:54 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA10772 for ; Tue, 2 Mar 2004 19:01:49 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyJpf-00001T-00 for lemonade@ietf.org; Tue, 02 Mar 2004 19:01:51 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyJoi-0007f8-00 for lemonade@ietf.org; Tue, 02 Mar 2004 19:00:53 -0500 Received: from hoemail1.lucent.com ([192.11.226.161] helo=hoemail1.firewall.lucent.com) by ietf-mx with esmtp (Exim 4.12) id 1AyJnl-0007Qz-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:59:53 -0500 Received: from il0015exch001h.wins.lucent.com (h135-1-23-83.lucent.com [135.1.23.83]) by hoemail1.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i22NxCD02337 for ; Tue, 2 Mar 2004 17:59:16 -0600 (CST) Received: by il0015exch001h.ih.lucent.com with Internet Mail Service (5.5.2657.72) id <15V7QATP>; Tue, 2 Mar 2004 17:59:11 -0600 Message-ID: <54E40201497DF142B06B27255953F7970B2581C2@il0015exch007u.ih.lucent.com> From: "Vaudreuil, Greg M (Greg)" To: Mark Crispin , "Vaudreuil, Greg M (Greg)" Cc: Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts Date: Tue, 2 Mar 2004 17:59:05 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 Can you describe some mobile client cases that would be precluded? I was assuming the credentials for access and submission were the same.... I am also in favor of the simplifying assumption that the submission server is associated with the IMAP store from which the content is being retrieved. I know that may not be the general case for full-featured desktop clients, but it seems reasonable given our requirement to support limited capability clients. This restriction makes simpler the authentication of the submit server to the IMAP store, an important security requirement for some.... (Those who don't trust authorization without authentication) Maybe I am mixing "Lemonade profile" requirements with the requirements for the underlying extensions... the clearly the Lemonade profile can be more restrictive. (I believe the profile is charter deliverable #3) Greg V. -----Original Message----- From: Mark Crispin [mailto:MRC@CAC.Washington.EDU] Sent: Wednesday, March 03, 2004 8:47 AM To: Vaudreuil, Greg M (Greg) Cc: Rob Siemborski; Marcus D. Leech; lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts On Tue, 2 Mar 2004, Vaudreuil, Greg M (Greg) wrote: > A quibble... I view the IMAP server in the push model to be the submit > server... no reason to pass credentials to a subsequent submit server, > the user is already authenticated. That still presumes that credentials to access mail are equivalent to credentials to post mail. That's not always the case now. If mobile clients make that a requirement, that will limit the cases in which mobile clients can be used. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Thu Mar 4 20:41:50 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26998 for ; Thu, 4 Mar 2004 20:41:50 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L4-0004iS-DZ for lemonade-archive@odin.ietf.org; Thu, 04 Mar 2004 20:41:22 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i251fMaH018122 for lemonade-archive@odin.ietf.org; Thu, 4 Mar 2004 20:41:22 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L4-0004iC-4P for lemonade-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 20:41:22 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26785 for ; Thu, 4 Mar 2004 20:41:19 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Az4L1-0000KW-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:41:19 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Az4Jf-0007dx-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:39:55 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1Az4I4-0007IP-04 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:38:16 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Az42J-0006RN-Hv for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:22:00 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az424-0001sQ-EQ; Thu, 04 Mar 2004 20:21:44 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyM77-0001wP-8C for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 21:28:01 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21837 for ; Tue, 2 Mar 2004 21:27:58 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyM74-0000MM-00 for lemonade@ietf.org; Tue, 02 Mar 2004 21:27:58 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyM6H-0000EQ-00 for lemonade@ietf.org; Tue, 02 Mar 2004 21:27:10 -0500 Received: from numenor.qualcomm.com ([129.46.51.58]) by ietf-mx with esmtp (Exim 4.12) id 1AyM5K-00006W-00 for lemonade@ietf.org; Tue, 02 Mar 2004 21:26:10 -0500 Received: from magus.qualcomm.com (magus.qualcomm.com [129.46.61.148]) by numenor.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id i232Q6np013104 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 2 Mar 2004 18:26:06 -0800 (PST) Received: from [172.16.41.239] (vpn-10-50-16-61.qualcomm.com [10.50.16.61]) by magus.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id i232PuVM004845; Tue, 2 Mar 2004 18:26:03 -0800 (PST) Mime-Version: 1.0 Message-Id: In-Reply-To: <54E40201497DF142B06B27255953F7970B25810C@il0015exch007u.ih.lucent.com > References: <54E40201497DF142B06B27255953F7970B25810C@il0015exch007u.ih.lucent.com > X-Mailer: Eudora for Mac OS X v6.1a Date: Tue, 2 Mar 2004 15:51:17 -0800 To: "Vaudreuil, Greg M (Greg)" , Mark Crispin From: Randall Gellens Subject: RE: [lemonade] Comments on PUSH and PULL drafts Cc: Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Random-Sig-Tag: 1.0b26 Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 At 4:20 PM -0600 3/2/04, Greg M (Greg) Vaudreuil wrote: > Again, it may be possible to support this with an SMTP-level > protocol proxy, but if I already have an IMAP-level proxy, then I'd > rather re-use it. And of course, Ned loves to tell stories about > how brain-dead SMTP proxies have made the world a better place :-( > I'm sure you can tell stories of why IMAP proxies are equally > nasty. Maybe we can agree that one of these things is better than > two? I think that basing an important technical decision on the issue of one versus two proxies (in the rather special case of those who deploy proxies) would be a mistake. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly-selected tag: --------------- Man is a rational animal who always loses his temper when he is called upon to act in accordance with the dictates of reason. --Oscar Wilde _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Thu Mar 4 20:41:50 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA27002 for ; Thu, 4 Mar 2004 20:41:50 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L4-0004ik-US for lemonade-archive@odin.ietf.org; Thu, 04 Mar 2004 20:41:22 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i251fMNf018140 for lemonade-archive@odin.ietf.org; Thu, 4 Mar 2004 20:41:22 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L4-0004iV-Pj for lemonade-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 20:41:22 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26788 for ; Thu, 4 Mar 2004 20:41:20 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Az4L2-0000Ka-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:41:20 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Az4Jg-0007e7-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:39:56 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1Az4I4-0007IP-05 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:38:17 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Az42I-0006RJ-KT for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:21:58 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az422-0001rw-H7; Thu, 04 Mar 2004 20:21:42 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyJXY-0000Lz-2I for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 18:43:08 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA09902 for ; Tue, 2 Mar 2004 18:43:03 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyJXV-0005GN-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:43:05 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyJWT-00051Y-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:42:01 -0500 Received: from auemail2.lucent.com ([192.11.223.163] helo=auemail2.firewall.lucent.com) by ietf-mx with esmtp (Exim 4.12) id 1AyJVR-0004e4-00 for lemonade@ietf.org; Tue, 02 Mar 2004 18:40:57 -0500 Received: from il0015exch001h.wins.lucent.com (h135-1-23-83.lucent.com [135.1.23.83]) by auemail2.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i22NeP326910 for ; Tue, 2 Mar 2004 17:40:25 -0600 (CST) Received: by il0015exch001h.ih.lucent.com with Internet Mail Service (5.5.2657.72) id <15V7P02W>; Tue, 2 Mar 2004 17:40:24 -0600 Message-ID: <54E40201497DF142B06B27255953F7970B2581A5@il0015exch007u.ih.lucent.com> From: "Vaudreuil, Greg M (Greg)" To: Mark Crispin , "Vaudreuil, Greg M (Greg)" Cc: Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts Date: Tue, 2 Mar 2004 17:40:23 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 A quibble... I view the IMAP server in the push model to be the submit server... no reason to pass credentials to a subsequent submit server, the user is already authenticated. The IMAP server can pass the message onto any ordinary outbound SMTP relay. Whether an implementor choses to separate these roles for some reason is irrelevant to the protocol standard. Greg V. -----Original Message----- From: Mark Crispin [mailto:MRC@CAC.Washington.EDU] Sent: Wednesday, March 03, 2004 8:23 AM To: Vaudreuil, Greg M (Greg) Cc: Rob Siemborski; Marcus D. Leech; lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts Much of this becomes clearer when you consider a SUBMIT server to be a separate service from the SMTP server. As such, it is an authenticated service just as the IMAP service is. Such servers are not in the DMZ, unless being in the DMZ is a requirement to make outgoing SMTP connections. Of course, if you wish to allow submissions from outside, then it would have to be in the DMZ. However, this is pretty useless unless you also allow IMAP access from outside. In which case you don't really have a DMZ. So, for the purpose of discussion a DMZ type environment, this doesn't apply. Whether the SUBMIT server shares authentication credentials with the IMAP server, or has independent authentication credentials, is orthogonal. The key point to understand is that it does not impact Pull in either case. The reason is URLAUTH. URLAUTH restricts the access of the SUBMIT server to that data -- and only that data -- authorized by the sender of the message. There are additional value-added bells and whistles in URLAUTH so that, for example, the SUBMIT server may be required to authenticate itself as the SUBMIT server before it can use URLAUTH credentials. In Pull, there is no need for the IMAP server to have any credentials on the SUBMIT server. Nor is there a need for the SUBMIT server to have per-user credentials on the IMAP server (it *may* have credentials to prove that it's the SUBMIT server as value-added paranoia). Push, on the other hand, presumes an authentication model in which either the SUBMIT server trusts the IMAP server completely, or the SUBMIT server is passed the credentials from the IMAP server. As for your question as to which is better, an IMAP proxy or an SMTP proxy. Both are evil and fiendishly difficult to get right. However, having written both, an SMTP proxy is much simpler than an IMAP proxy. Finally, your comment about being required to use VPN or SSL/TLS to send mail from the IETF is what I'm talking about. For people like me, this is nothing new. For a few years now, I can not submit without authenticating to the SUBMIT server first, and unless I have Kerberos credentials I can't authenticate to the SUBMIT server without negotiating TLS with it first. We still have a path in which clients from "good IP addresses" are allowed to submit without authentication. That path periodically causes our outgoing mailers (which are different from the SUBMIT servers) to get listed in various RBLs. Thanks to virus authors and spammers, non-authenticated submission from "trusted" addresses is on its way out. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Thu Mar 4 20:41:51 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA27023 for ; Thu, 4 Mar 2004 20:41:51 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L5-0004j2-HB for lemonade-archive@odin.ietf.org; Thu, 04 Mar 2004 20:41:23 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i251fN4N018158 for lemonade-archive@odin.ietf.org; Thu, 4 Mar 2004 20:41:23 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L5-0004in-B4 for lemonade-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 20:41:23 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26793 for ; Thu, 4 Mar 2004 20:41:20 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Az4L3-0000Kg-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:41:21 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Az4Jh-0007fS-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:39:58 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1Az4I5-0007IP-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:38:17 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Az42J-0006RM-4s for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:21:59 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az423-0001sA-AA; Thu, 04 Mar 2004 20:21:43 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyM74-0001vO-2I for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 21:27:58 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21813 for ; Tue, 2 Mar 2004 21:27:54 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyM71-0000Lt-00 for lemonade@ietf.org; Tue, 02 Mar 2004 21:27:55 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyM66-0000De-00 for lemonade@ietf.org; Tue, 02 Mar 2004 21:26:59 -0500 Received: from numenor.qualcomm.com ([129.46.51.58]) by ietf-mx with esmtp (Exim 4.12) id 1AyM5G-00005v-00 for lemonade@ietf.org; Tue, 02 Mar 2004 21:26:07 -0500 Received: from magus.qualcomm.com (magus.qualcomm.com [129.46.61.148]) by numenor.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id i232Q1np013100 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 2 Mar 2004 18:26:02 -0800 (PST) Received: from [172.16.41.239] (vpn-10-50-16-61.qualcomm.com [10.50.16.61]) by magus.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id i232PuVK004845; Tue, 2 Mar 2004 18:25:58 -0800 (PST) Mime-Version: 1.0 Message-Id: In-Reply-To: <54E40201497DF142B06B27255953F7970B258032@il0015exch007u.ih.lucent.com > References: <54E40201497DF142B06B27255953F7970B258032@il0015exch007u.ih.lucent.com > X-Mailer: Eudora for Mac OS X v6.1a Date: Tue, 2 Mar 2004 15:48:41 -0800 To: "Vaudreuil, Greg M (Greg)" , Mark Crispin , Rob Siemborski From: Randall Gellens Subject: RE: [lemonade] Comments on PUSH and PULL drafts Cc: "Marcus D. Leech" , lemonade@ietf.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Random-Sig-Tag: 1.0b26 Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 At 3:21 PM -0600 3/2/04, Greg M (Greg) Vaudreuil wrote: > While submission servers can and should authenticate using per-user > credentials, this still seems to be an operational exception rather > than the rule. The Pull proposal counts upon operational behavior > change here, and I am not yet convinced that it is reasonable. Not every organization or ISP will update to what we produce, regardless of push versus pull. However, I do see increasing use of authenticated submission, especially from ISPs, because it solves the mobile user problem. > One possible example: > > - For ISP's and the like, the submit server lives in a DMZ-like > environment where there are requirements to limit access to > sensitive data like user credentials. It is more "secure" from some > perspectives to authorize based on source IP address (is it on my > network) than to expose and use per-user authentication. Here > anti-spam and authentication database protection are somewhat at > odds. The submit server can authenticate users without risking exposure of the credentials. For example, the submit server can use challenge/response, and pass the data to a AAA or LDAP server for validation. But the issue is even worse for pull, because then the entire IMAP server must be in the DMZ, and hence can compromise all user data. (If you want to argue proxies in the DMZ, that applies to IMAP and to submission servers.) -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly-selected tag: --------------- Chance that an American cannot name a single right protected by the First Amendment: 1 in 3. (Harper's Index) _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Thu Mar 4 20:41:51 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA27042 for ; Thu, 4 Mar 2004 20:41:51 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L6-0004jK-5R for lemonade-archive@odin.ietf.org; Thu, 04 Mar 2004 20:41:24 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i251fOGB018176 for lemonade-archive@odin.ietf.org; Thu, 4 Mar 2004 20:41:24 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az4L6-0004j5-0d for lemonade-web-archive@optimus.ietf.org; Thu, 04 Mar 2004 20:41:24 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA26797 for ; Thu, 4 Mar 2004 20:41:21 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1Az4L3-0000Kl-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:41:21 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Az4Ji-0007fg-00 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:39:59 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1Az4I5-0007IP-01 for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:38:17 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1Az42I-0006RL-SH for lemonade-web-archive@ietf.org; Thu, 04 Mar 2004 20:21:59 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1Az425-0001sw-Hm; Thu, 04 Mar 2004 20:21:45 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyXFi-0003QI-AL for lemonade@optimus.ietf.org; Wed, 03 Mar 2004 09:21:38 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA29332 for ; Wed, 3 Mar 2004 09:21:36 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyXFg-0004TD-00 for lemonade@ietf.org; Wed, 03 Mar 2004 09:21:36 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyXEk-0004HQ-00 for lemonade@ietf.org; Wed, 03 Mar 2004 09:20:39 -0500 Received: from lin1.andrew.cmu.edu ([128.2.6.59]) by ietf-mx with esmtp (Exim 4.12) id 1AyXDw-000452-00 for lemonade@ietf.org; Wed, 03 Mar 2004 09:19:48 -0500 Received: from SOURCEFOUR.andrew.cmu.edu (SOURCEFOUR.andrew.cmu.edu [128.2.122.8]) (user=rjs3 mech=GSSAPI (0 bits)) by lin1.andrew.cmu.edu (8.12.10/8.12.10) with ESMTP id i23EJgFK004393; Wed, 3 Mar 2004 09:19:42 -0500 Date: Wed, 3 Mar 2004 09:19:42 -0500 (EST) From: Rob Siemborski To: "Vaudreuil, Greg M (Greg)" cc: Mark Crispin , Rob Siemborski , "Marcus D. Leech" , lemonade@ietf.org Subject: RE: [lemonade] Comments on PUSH and PULL drafts In-Reply-To: <54E40201497DF142B06B27255953F7970B2581A5@il0015exch007u.ih.lucent.com> Message-ID: References: <54E40201497DF142B06B27255953F7970B2581A5@il0015exch007u.ih.lucent.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 On Tue, 2 Mar 2004, Vaudreuil, Greg M (Greg) wrote: > A quibble... I view the IMAP server in the push model to be the submit > server... no reason to pass credentials to a subsequent submit server, > the user is already authenticated. The IMAP server can pass the message > onto any ordinary outbound SMTP relay. Whether an implementor choses to > separate these roles for some reason is irrelevant to the protocol > standard. This doesn't hold up if we are, indeed, only solving the forward-without-download problem. Such clients still need to be able to access an SMTP server for mail submission that is not forward-without-download. As many people are fond of saying on this list, solving anything beyond forward-without-download is outside of our charter. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski | Andrew Systems Group * Research Systems Programmer PGP:0x5CE32FCC | Cyert Hall 207 * rjs3@andrew.cmu.edu * 412.268.7456 -----BEGIN GEEK CODE BLOCK---- Version: 3.12 GCS/IT/CM/PA d- s+: a-- C++++$ ULS++++$ P+++$ L+++ E W+ N(-) o? K- w-- O- M-- V-- PS+ PE+ Y+ PGP+ t+@ 5+++ X- R@ tv-- b+ DI+++ D++ G e++ h+ r- y? ------END GEEK CODE BLOCK----- _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 9 16:41:42 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA00406 for ; Tue, 9 Mar 2004 16:41:41 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B0oyP-00063d-J8 for lemonade-archive@odin.ietf.org; Tue, 09 Mar 2004 16:41:13 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i29LfDm4023276 for lemonade-archive@odin.ietf.org; Tue, 9 Mar 2004 16:41:13 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B0oyP-00063K-1J for lemonade-web-archive@optimus.ietf.org; Tue, 09 Mar 2004 16:41:13 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA00389 for ; Tue, 9 Mar 2004 16:41:10 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B0oyN-0006lt-00 for lemonade-web-archive@ietf.org; Tue, 09 Mar 2004 16:41:11 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B0oxg-0006Yw-00 for lemonade-web-archive@ietf.org; Tue, 09 Mar 2004 16:40:29 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1B0owT-0006FT-00 for lemonade-web-archive@ietf.org; Tue, 09 Mar 2004 16:39:13 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1B0owU-0001hS-BQ for lemonade-web-archive@ietf.org; Tue, 09 Mar 2004 16:39:14 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B0owG-0005t0-Ql; Tue, 09 Mar 2004 16:39:00 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B0ow5-0005sU-7o for lemonade@optimus.ietf.org; Tue, 09 Mar 2004 16:38:49 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA29925 for ; Tue, 9 Mar 2004 16:38:46 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B0ow3-00064J-00 for lemonade@ietf.org; Tue, 09 Mar 2004 16:38:47 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B0oue-0005iC-00 for lemonade@ietf.org; Tue, 09 Mar 2004 16:37:21 -0500 Received: from goalie.snowshore.com ([216.57.133.4] helo=webshield.office.snowshore.com) by ietf-mx with smtp (Exim 4.12) id 1B0osv-0004sh-00 for lemonade@ietf.org; Tue, 09 Mar 2004 16:35:33 -0500 Received: from zoe.office.snowshore.com(192.168.1.172) by webshield.office.snowshore.com via csmap id 846; Tue, 09 Mar 2004 16:34:32 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 9 Mar 2004 16:35:03 -0500 Message-ID: <4A3384433CE2AB46A63468CB207E209DB24389@zoe.office.snowshore.com> Thread-Topic: Last Call: 'Internet Voice Messaging' to Proposed Standard Thread-Index: AcQGGo2Oqcetyn3TRIuQljfHUdYFTQAA8qRA From: "Eric Burger" To: "IETF LEMONADE (E-mail)" Content-Transfer-Encoding: quoted-printable Subject: [lemonade] FW: Last Call: 'Internet Voice Messaging' to Proposed Standard Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable The IESG has received a request from the Voice Profile for Internet Mail = WG=20 to consider the following document: - 'Internet Voice Messaging ' as a Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send any comments to the iesg@ietf.org or ietf@ietf.org mailing lists by 2004-03-23. The file can be obtained via http://www.ietf.org/internet-drafts/draft-ietf-vpim-ivm-05.txt _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Thu Mar 11 11:44:18 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA10467 for ; Thu, 11 Mar 2004 11:44:17 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B1THi-0000yy-30 for lemonade-archive@odin.ietf.org; Thu, 11 Mar 2004 11:43:50 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2BGhnuA003770 for lemonade-archive@odin.ietf.org; Thu, 11 Mar 2004 11:43:49 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B1THh-0000yj-4q for lemonade-web-archive@optimus.ietf.org; Thu, 11 Mar 2004 11:43:49 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA10456 for ; Thu, 11 Mar 2004 11:43:46 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B1THg-000487-00 for lemonade-web-archive@ietf.org; Thu, 11 Mar 2004 11:43:48 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B1TGq-0003z3-00 for lemonade-web-archive@ietf.org; Thu, 11 Mar 2004 11:42:57 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1B1TG7-0003pw-00 for lemonade-web-archive@ietf.org; Thu, 11 Mar 2004 11:42:11 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B1TFx-0000cL-9I; Thu, 11 Mar 2004 11:42:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B1TFe-0000Zo-Mb for lemonade@optimus.ietf.org; Thu, 11 Mar 2004 11:41:42 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA10322 for ; Thu, 11 Mar 2004 11:41:40 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B1TFd-0003mF-00 for lemonade@ietf.org; Thu, 11 Mar 2004 11:41:41 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B1TEk-0003d9-00 for lemonade@ietf.org; Thu, 11 Mar 2004 11:40:47 -0500 Received: from goalie.snowshore.com ([216.57.133.4] helo=webshield.office.snowshore.com) by ietf-mx with smtp (Exim 4.12) id 1B1TDo-0003M8-00 for lemonade@ietf.org; Thu, 11 Mar 2004 11:39:48 -0500 Received: from zoe.office.snowshore.com(192.168.1.172) by webshield.office.snowshore.com via csmap id 26670; Thu, 11 Mar 2004 11:38:40 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C40787.65FE70B0" Date: Thu, 11 Mar 2004 11:39:18 -0500 Message-ID: <4A3384433CE2AB46A63468CB207E209DB243C1@zoe.office.snowshore.com> X-MS-Has-Attach: yes Thread-Topic: I-D ACTION:draft-maes-lemonade-p-imap-01.txt Thread-Index: AcQG48PPZNioyD/CRFqAn8w7IPCVtAAo5ahA From: "Eric Burger" To: "IETF LEMONADE (E-mail)" Subject: [lemonade] I-D ACTION:draft-maes-lemonade-p-imap-01.txt Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 This is a multi-part message in MIME format. ------_=_NextPart_001_01C40787.65FE70B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable A New Internet-Draft is available from the on-line Internet-Drafts = directories. Title : The Push-IMAP Protocol (P-IMAP) Author(s) : S. Maes Filename : draft-maes-lemonade-p-imap-01.txt Pages : 32 Date : 2004-3-10 =09 The Push-IMAP protocol (P-IMAP) defines extensions to the IMAPv4 rev1=20 protocol [RFC3501] for optimization in a mobile setting, aimed at=20 delivering extended functionality for mobile devices with limited=20 resources. The first enhancement of P-IMAP is that unlike a standard = IMAPv4 Rev1 server, which relies on the client to constantly initiate = contact to ask for state changes, the P-IMAP server can push crucial=20 changes to a client. In addition, P-IMAP contains extensions for=20 email filter management, message delivery, and maintaining up-to-date = personal information. Bindings to specific transport are explicitly=20 defined. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-maes-lemonade-p-imap-01.txt To remove yourself from the IETF Announcement list, send a message to=20 ietf-announce-request with the word unsubscribe in the body of the = message. Internet-Drafts are also available by anonymous FTP. Login with the = username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-maes-lemonade-p-imap-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html=20 or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-maes-lemonade-p-imap-01.txt". =09 NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. =09 =09 Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. ------_=_NextPart_001_01C40787.65FE70B0 Content-Type: application/octet-stream; name="ATT726748.TXT" Content-Description: ATT726748.TXT Content-Disposition: attachment; filename="ATT726748.TXT" Content-Transfer-Encoding: base64 Q29udGVudC1UeXBlOiBNZXNzYWdlL0V4dGVybmFsLWJvZHk7DQoJYWNjZXNzLXR5cGU9Im1haWwt c2VydmVyIjsNCglzZXJ2ZXI9Im1haWxzZXJ2QGlldGYub3JnIg0KDQpDb250ZW50LVR5cGU6IHRl eHQvcGxhaW4NCkNvbnRlbnQtSUQ6CTwyMDA0LTMtMTAxNTA0NDcuSS1EQGlldGYub3JnPg0KDQpF TkNPRElORyBtaW1lDQpGSUxFIC9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtbWFlcy1sZW1vbmFkZS1w LWltYXAtMDEudHh0DQo= ------_=_NextPart_001_01C40787.65FE70B0 Content-Type: application/octet-stream; name="draft-maes-lemonade-p-imap-01.URL" Content-Description: draft-maes-lemonade-p-imap-01.URL Content-Disposition: attachment; filename="draft-maes-lemonade-p-imap-01.URL" Content-Transfer-Encoding: base64 W0ludGVybmV0U2hvcnRjdXRdDQpVUkw9ZnRwOi8vZnRwLmlldGYub3JnL2ludGVybmV0LWRyYWZ0 cy9kcmFmdC1tYWVzLWxlbW9uYWRlLXAtaW1hcC0wMS50eHQNCg== ------_=_NextPart_001_01C40787.65FE70B0-- _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Fri Mar 19 18:19:58 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA01487 for ; Fri, 19 Mar 2004 18:19:58 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B4TH1-0005oL-37 for lemonade-archive@odin.ietf.org; Fri, 19 Mar 2004 18:19:31 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2JNJVa3022333 for lemonade-archive@odin.ietf.org; Fri, 19 Mar 2004 18:19:31 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B4TH0-0005o8-Rr for lemonade-web-archive@optimus.ietf.org; Fri, 19 Mar 2004 18:19:30 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA01481 for ; Fri, 19 Mar 2004 18:19:26 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B4TGy-0000S4-00 for lemonade-web-archive@ietf.org; Fri, 19 Mar 2004 18:19:28 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B4TG7-0000Nq-00 for lemonade-web-archive@ietf.org; Fri, 19 Mar 2004 18:18:37 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1B4TFg-0000Ig-00 for lemonade-web-archive@ietf.org; Fri, 19 Mar 2004 18:18:08 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B4TFZ-0005JO-GR; Fri, 19 Mar 2004 18:18:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B4TF8-0005CX-Od for lemonade@optimus.ietf.org; Fri, 19 Mar 2004 18:17:34 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA01358 for ; Fri, 19 Mar 2004 18:17:30 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B4TF5-0000Hc-00 for lemonade@ietf.org; Fri, 19 Mar 2004 18:17:31 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B4TEF-0000CA-00 for lemonade@ietf.org; Fri, 19 Mar 2004 18:16:40 -0500 Received: from rufus.isode.com ([62.3.217.251]) by ietf-mx with esmtp (Exim 4.12) id 1B4TDs-000070-00 for lemonade@ietf.org; Fri, 19 Mar 2004 18:16:16 -0500 Received: from isode.com (shiny.isode.com [62.3.217.250]) by rufus.isode.com via TCP (with SMTP (internal)) with ESMTPA; Fri, 19 Mar 2004 23:15:22 +0000 Message-ID: <405B7F09.9030307@isode.com> Date: Fri, 19 Mar 2004 23:15:21 +0000 From: Alexey Melnikov User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: IMAP Extensions WG , IETF LEMONADE Content-Type: multipart/mixed; boundary="------------020800050600040405020904" Subject: [lemonade] [Fwd: I-D ACTION:draft-melnikov-imap-postaddress-00.txt] Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.5 required=5.0 tests=AWL,HTML_MESSAGE, HTML_TAG_EXISTS_TBODY,HTML_TITLE_EMPTY autolearn=no version=2.60 This is a multi-part message in MIME format. --------------020800050600040405020904 Content-Type: multipart/alternative; boundary="------------070507000308070702030705" --------------070507000308070702030705 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit I've submitted a new draft that might be interesting to both IMAPEXT and LEMONADE folks. IMAP POSTADDRESS extension is another way to address FCC problem. -------- Original Message -------- Subject: I-D ACTION:draft-melnikov-imap-postaddress-00.txt Date: Mon, 15 Mar 2004 15:55:24 -0500 From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org To: IETF-Announce: ; A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : IMAP4 POSTADDRESS extension Author(s) : A. Melnikov Filename : draft-melnikov-imap-postaddress-00.txt Pages : 0 Date : 2004-3-15 The POSTADDRESS extension of the Internet Message Access Protocol [IMAP4] permits a client to discover an email address that can be used to send messages to an IMAP mailbox. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-melnikov-imap-postaddress-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-melnikov-imap-postaddress-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-melnikov-imap-postaddress-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. Alexey __________________________________________ Isode Limited, http://www.isode.com IETF standard related pages: http://www.melnikov.ca/mel/devel/Links.html Personal Home Page: http://www.melnikov.ca __________________________________________ --------------070507000308070702030705 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit I've submitted a new draft that might be interesting to both IMAPEXT and LEMONADE folks.
IMAP POSTADDRESS extension is another way to address FCC problem.

-------- Original Message --------
Subject: I-D ACTION:draft-melnikov-imap-postaddress-00.txt
Date: Mon, 15 Mar 2004 15:55:24 -0500
From: Internet-Drafts@ietf.org
Reply-To: Internet-Drafts@ietf.org
To: IETF-Announce: ; 


A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title		: IMAP4 POSTADDRESS extension
	Author(s)	: A. Melnikov
	Filename	: draft-melnikov-imap-postaddress-00.txt
	Pages		: 0
	Date		: 2004-3-15
	
The POSTADDRESS extension of the Internet Message Access
    Protocol [IMAP4] permits a client to discover an email address
    that can be used to send messages to an IMAP mailbox.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-melnikov-imap-postaddress-00.txt

To remove yourself from the IETF Announcement list, send a message to 
ietf-announce-request with the word unsubscribe in the body of the message.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-melnikov-imap-postaddress-00.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-melnikov-imap-postaddress-00.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.


Alexey
__________________________________________
Isode Limited, http://www.isode.com

IETF standard related pages:
http://www.melnikov.ca/mel/devel/Links.html

Personal Home Page: http://www.melnikov.ca
__________________________________________
--------------070507000308070702030705-- --------------020800050600040405020904 Content-Type: Message/External-body; name="draft-melnikov-imap-postaddress-00.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="draft-melnikov-imap-postaddress-00.txt" Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Content-Type: text/plain Content-ID: <2004-3-15142641.I-D@ietf.org> --------------020800050600040405020904-- _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Wed Mar 24 12:50:43 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA09081 for ; Wed, 24 Mar 2004 12:50:43 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B6CW8-0003ov-2b for lemonade-archive@odin.ietf.org; Wed, 24 Mar 2004 12:50:16 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2OHoG0p014679 for lemonade-archive@odin.ietf.org; Wed, 24 Mar 2004 12:50:16 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B6CW7-0003og-Q4 for lemonade-web-archive@optimus.ietf.org; Wed, 24 Mar 2004 12:50:15 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA09066 for ; Wed, 24 Mar 2004 12:50:12 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B6CW6-00070a-00 for lemonade-web-archive@ietf.org; Wed, 24 Mar 2004 12:50:14 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B6CV8-0006xp-00 for lemonade-web-archive@ietf.org; Wed, 24 Mar 2004 12:49:14 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1B6CUD-0006to-00 for lemonade-web-archive@ietf.org; Wed, 24 Mar 2004 12:48:17 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B6CU7-0003hv-7t; Wed, 24 Mar 2004 12:48:11 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B6CTN-0003fl-Rd for lemonade@optimus.ietf.org; Wed, 24 Mar 2004 12:47:25 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA08944 for ; Wed, 24 Mar 2004 12:47:22 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B6CTM-0006mg-00 for lemonade@ietf.org; Wed, 24 Mar 2004 12:47:24 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B6CSN-0006is-00 for lemonade@ietf.org; Wed, 24 Mar 2004 12:46:24 -0500 Received: from goalie.snowshore.com ([216.57.133.4] helo=webshield.office.snowshore.com) by ietf-mx with smtp (Exim 4.12) id 1B6CRi-0006c8-00 for lemonade@ietf.org; Wed, 24 Mar 2004 12:45:42 -0500 Received: from zoe.office.snowshore.com(192.168.1.172) by webshield.office.snowshore.com via csmap id 24294; Wed, 24 Mar 2004 12:43:45 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C411C7.AE9E971E" Date: Wed, 24 Mar 2004 12:44:39 -0500 Message-ID: <4A3384433CE2AB46A63468CB207E209DB24440@zoe.office.snowshore.com> X-MS-Has-Attach: yes Thread-Topic: I-D ACTION:draft-newman-lemonade-burl-00.txt Thread-Index: AcQRG2+SfDoteHmURAWMU2qjf67VlAArDZ9Q From: "Eric Burger" To: "IETF LEMONADE (E-mail)" Subject: [lemonade] FW: I-D ACTION:draft-newman-lemonade-burl-00.txt Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 This is a multi-part message in MIME format. ------_=_NextPart_001_01C411C7.AE9E971E Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable A New Internet-Draft is available from the on-line Internet-Drafts = directories. Title : Message Submission BURL Extension Author(s) : C. Newman Filename : draft-newman-lemonade-burl-00.txt Pages : 11 Date : 2004-3-23 =09 The submission profile of Simple Mail Transfer Protocol (SMTP) provides a standard way for an email client to submit a complete message for delivery. This specification extends the submission profile by adding a new BURL command which can be used to fetch submission data from an Internet Message Access Protocol (IMAP) server. This permits a mail client to inject content from an IMAP server into the SMTP infrastructure without downloading it to the client and uploading it back to the server. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-newman-lemonade-burl-00.txt To remove yourself from the IETF Announcement list, send a message to=20 ietf-announce-request with the word unsubscribe in the body of the = message. Internet-Drafts are also available by anonymous FTP. Login with the = username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-newman-lemonade-burl-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html=20 or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-newman-lemonade-burl-00.txt". =09 NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. =09 =09 Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. ------_=_NextPart_001_01C411C7.AE9E971E Content-Type: application/octet-stream; name="ATT820459.TXT" Content-Description: ATT820459.TXT Content-Disposition: attachment; filename="ATT820459.TXT" Content-Transfer-Encoding: base64 Q29udGVudC1UeXBlOiBNZXNzYWdlL0V4dGVybmFsLWJvZHk7DQoJYWNjZXNzLXR5cGU9Im1haWwt c2VydmVyIjsNCglzZXJ2ZXI9Im1haWxzZXJ2QGlldGYub3JnIg0KDQpDb250ZW50LVR5cGU6IHRl eHQvcGxhaW4NCkNvbnRlbnQtSUQ6CTwyMDA0LTMtMjMxNTU1MzUuSS1EQGlldGYub3JnPg0KDQpF TkNPRElORyBtaW1lDQpGSUxFIC9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtbmV3bWFuLWxlbW9uYWRl LWJ1cmwtMDAudHh0DQo= ------_=_NextPart_001_01C411C7.AE9E971E Content-Type: application/octet-stream; name="draft-newman-lemonade-burl-00.URL" Content-Description: draft-newman-lemonade-burl-00.URL Content-Disposition: attachment; filename="draft-newman-lemonade-burl-00.URL" Content-Transfer-Encoding: base64 W0ludGVybmV0U2hvcnRjdXRdDQpVUkw9ZnRwOi8vZnRwLmlldGYub3JnL2ludGVybmV0LWRyYWZ0 cy9kcmFmdC1uZXdtYW4tbGVtb25hZGUtYnVybC0wMC50eHQNCg== ------_=_NextPart_001_01C411C7.AE9E971E-- _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Wed Mar 24 13:11:10 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10507 for ; Wed, 24 Mar 2004 13:11:10 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B6Cpt-0005wY-FU for lemonade-archive@odin.ietf.org; Wed, 24 Mar 2004 13:10:41 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2OIAfQw022840 for lemonade-archive@odin.ietf.org; Wed, 24 Mar 2004 13:10:41 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B6Cpt-0005wJ-9w for lemonade-web-archive@optimus.ietf.org; Wed, 24 Mar 2004 13:10:41 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10384 for ; Wed, 24 Mar 2004 13:10:39 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B6Cpr-0000mQ-00 for lemonade-web-archive@ietf.org; Wed, 24 Mar 2004 13:10:39 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B6CoN-0000Ux-00 for lemonade-web-archive@ietf.org; Wed, 24 Mar 2004 13:09:08 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1B6Cmu-0000Hd-01 for lemonade-web-archive@ietf.org; Wed, 24 Mar 2004 13:07:36 -0500 Received: from optimus22.ietf.org ([132.151.6.22] helo=optimus.ietf.org) by mx2.foretec.com with esmtp (Exim 4.24) id 1B6Cdh-0003r0-4a for lemonade-web-archive@ietf.org; Wed, 24 Mar 2004 12:58:05 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B6Cdc-0004aZ-Ur; Wed, 24 Mar 2004 12:58:00 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B6Ccz-0004Up-4E for lemonade@optimus.ietf.org; Wed, 24 Mar 2004 12:57:21 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA09476 for ; Wed, 24 Mar 2004 12:57:17 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B6Ccx-0007UG-00 for lemonade@ietf.org; Wed, 24 Mar 2004 12:57:19 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B6Cc8-0007Q0-00 for lemonade@ietf.org; Wed, 24 Mar 2004 12:56:28 -0500 Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx with esmtp (Exim 4.12) id 1B6CbG-0007I1-00 for lemonade@ietf.org; Wed, 24 Mar 2004 12:55:34 -0500 Received: from neophyte.qualcomm.com (neophyte.qualcomm.com [129.46.61.149]) by ithilien.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id i2OHt20k020726 for ; Wed, 24 Mar 2004 09:55:02 -0800 (PST) Received: from [129.46.227.161] (carbuncle.qualcomm.com [129.46.227.161]) by neophyte.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id i2OHsxvx004003 for ; Wed, 24 Mar 2004 09:54:59 -0800 (PST) Mime-Version: 1.0 X-Sender: hardie@mage.qualcomm.com Message-Id: Date: Wed, 24 Mar 2004 09:54:57 -0800 To: lemonade@ietf.org From: Ted Hardie Content-Type: text/plain; charset="us-ascii" ; format="flowed" Subject: [lemonade] security analyses? Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 Several folks at the meeting in Seoul noted that they intended to submit security analyses of the PUSH/PULL models. I haven't seen any sent to the list, and I am concerned that we're not making progress on this question. Can those that have promised security analyses send them to the list as soon as possible? Ted _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Mon Mar 29 10:32:16 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08172 for ; Mon, 29 Mar 2004 10:32:16 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B7yju-0008Ch-6b for lemonade-archive@odin.ietf.org; Mon, 29 Mar 2004 10:31:50 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2TFVouM031535 for lemonade-archive@odin.ietf.org; Mon, 29 Mar 2004 10:31:50 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B7yju-0008CY-1L for lemonade-web-archive@optimus.ietf.org; Mon, 29 Mar 2004 10:31:50 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08163 for ; Mon, 29 Mar 2004 10:31:46 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B7yjr-0003na-00 for lemonade-web-archive@ietf.org; Mon, 29 Mar 2004 10:31:47 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B7yj1-0003e3-00 for lemonade-web-archive@ietf.org; Mon, 29 Mar 2004 10:30:56 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1B7yiI-0003Uj-00 for lemonade-web-archive@ietf.org; Mon, 29 Mar 2004 10:30:10 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B7yi9-0007vn-3Y; Mon, 29 Mar 2004 10:30:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B7yhp-0007um-Pz for lemonade@optimus.ietf.org; Mon, 29 Mar 2004 10:29:41 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA08015 for ; Mon, 29 Mar 2004 10:29:37 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B7yhn-0003RD-00 for lemonade@ietf.org; Mon, 29 Mar 2004 10:29:39 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B7ygy-0003JE-00 for lemonade@ietf.org; Mon, 29 Mar 2004 10:28:49 -0500 Received: from goalie.snowshore.com ([216.57.133.4] helo=webshield.office.snowshore.com) by ietf-mx with smtp (Exim 4.12) id 1B7yg6-00031s-00 for lemonade@ietf.org; Mon, 29 Mar 2004 10:27:54 -0500 Received: from zoe.office.snowshore.com(192.168.1.172) by webshield.office.snowshore.com via csmap id 8082; Mon, 29 Mar 2004 10:25:39 -0500 (EST) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Mon, 29 Mar 2004 10:27:16 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Message-ID: <4A3384433CE2AB46A63468CB207E209DB1A3E8@zoe.office.snowshore.com> content-class: urn:content-classes:message Thread-Topic: Lemonade Minutes from IETF 59 Thread-Index: AcQVnqxwbhKHXugTTYmgcbq7P/cZ9wAA43vg From: "Eric Burger" To: "IETF LEMONADE (E-mail)" Content-Transfer-Encoding: quoted-printable Subject: [lemonade] FW: Lemonade Minutes from IETF 59 Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable Any comments? We have to submit by 4/1. -----Original Message----- From: Vaudreuil, Greg M (Greg) [mailto:gregv@lucent.com] Sent: Monday, March 29, 2004 10:00 AM To: gregv@lucent.com; Eric Burger Cc: Glenn Parsons (E-mail) Subject: Lemonade Minutes from IETF 59 Jabber Scribe: Tony Hansen Agenda accepted as revised WG attendees affirmed consensus to not extend charter to create a = general composition protocol. WG reviewed WG documents without presentations - Goals: Awaiting ID Nits review, then WG last-call - Channel: On hold pending Push/Pull decision - MMS Mapping: No dependencies, waiting for WG attention .. doc is = expired - Update with substantial additions ready for posting in a few weeks - S2S Notifications: In Nits review prior to a WG last-call - Medis Size: an individual contribution slated for AD review need update reflrecting neds comments - Future Delivery: =20 - defer decision on wg status till af5ter push/pull - Sense of room on whether revocation is an important requirement - Group hum suggests most see revocation is a "nice to have",=20 small group thinks it is a requirement Push vs Pull discussion - Chair presented market realities, demonstrating haste is of essence - Alexi presented overview of pull mechanism, sense of room requested = on=20 - Sense that need to pick a pull proposal to know what group is = humming for. - Some desire to have a hybrid option between options 2 and 3 - Peter Presented Push draft - No presentation made (so scribe has to type) Practical stuff - Afraid folks will implement push anyway... and do it wrong. see M-IMAP. - Is pull easily understandable? Depends upon the varient Security - The space does not seem fully understood - Push seems more secure .. fewer clients to authorization DB Architecture issues - Not sure why push is long-term limited as asserted GV mentioued a fourth, race conditions Open Discussion - Notes lost. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 30 18:03:15 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA23793 for ; Tue, 30 Mar 2004 18:03:14 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8Rja-0006Xa-2U for lemonade-archive@odin.ietf.org; Tue, 30 Mar 2004 17:29:26 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i22IerjK015481 for lemonade-archive@odin.ietf.org; Tue, 2 Mar 2004 13:40:53 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyEp3-00041c-6d for lemonade-web-archive@optimus.ietf.org; Tue, 02 Mar 2004 13:40:53 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA24062 for ; Tue, 2 Mar 2004 13:40:50 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyEp1-00022c-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 13:40:51 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyEo8-0001sW-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 13:39:56 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1AyEnN-0001h5-00 for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 13:39:09 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by mx2.foretec.com with esmtp (Exim 4.24) id 1AyEnO-0007c7-VF for lemonade-web-archive@ietf.org; Tue, 02 Mar 2004 13:39:11 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyEnG-0003a8-Gj; Tue, 02 Mar 2004 13:39:02 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyEn1-0003YC-L8 for lemonade@optimus.ietf.org; Tue, 02 Mar 2004 13:38:47 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA23761 for ; Tue, 2 Mar 2004 13:38:45 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyEmz-0001cc-00 for lemonade@ietf.org; Tue, 02 Mar 2004 13:38:45 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyElM-0001An-00 for lemonade@ietf.org; Tue, 02 Mar 2004 13:37:05 -0500 Received: from goalie.snowshore.com ([216.57.133.4] helo=webshield.office.snowshore.com) by ietf-mx with smtp (Exim 4.12) id 1AyEjD-0000Rf-00 for lemonade@ietf.org; Tue, 02 Mar 2004 13:34:52 -0500 Received: from zoe.office.snowshore.com(192.168.1.172) by webshield.office.snowshore.com via csmap id 24801; Tue, 02 Mar 2004 13:34:17 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 2 Mar 2004 13:34:21 -0500 Message-ID: <4A3384433CE2AB46A63468CB207E209DB1A240@zoe.office.snowshore.com> Thread-Topic: For the Remote Audience Thread-Index: AcQAhH9i/Zq0nQxARr6VJS39rc+9yA== From: "Eric Burger" To: "IETF LEMONADE (E-mail)" Content-Transfer-Encoding: quoted-printable Subject: [lemonade] For the Remote Audience Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60 Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable Do you have a Jabber client? If not, check out = http://www.xmpp.org/ietf-chat.html A secret they don't tell you is to NOT create your account or log in to = ietf.xmpp.org. Create your account first at jabber.org. Then log in to jabber.org. Then join the conference at ietf.xmpp.org/lemonade. This is the official way to get your questions and comments in. I will = try to setup a SIP UAS for voice, but it was spotty yesterday. Jabber = seems to work a bit better. If you have trouble getting Jabber to work (seems to be some Mac client = issues for first time users), contact me directly and we can try a = point-to-point IM session with AIM or Y!IM. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Tue Mar 30 18:12:41 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26283 for ; Tue, 30 Mar 2004 18:12:41 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8RjU-0006ZK-RM for lemonade-archive@odin.ietf.org; Tue, 30 Mar 2004 17:29:21 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i239R2rO007153 for lemonade-archive@odin.ietf.org; Wed, 3 Mar 2004 04:27:02 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AySeN-0001nG-RC for lemonade-web-archive@optimus.ietf.org; Wed, 03 Mar 2004 04:26:57 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA13396 for ; Wed, 3 Mar 2004 04:26:25 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AySe0-0006xz-00 for lemonade-web-archive@ietf.org; Wed, 03 Mar 2004 04:26:24 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyScs-0006hJ-00 for lemonade-web-archive@ietf.org; Wed, 03 Mar 2004 04:25:15 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1AySbs-0006WP-00 for lemonade-web-archive@ietf.org; Wed, 03 Mar 2004 04:24:12 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AySbk-0000uJ-TR; Wed, 03 Mar 2004 04:24:04 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AyRTh-0002sv-LL for lemonade@optimus.ietf.org; Wed, 03 Mar 2004 03:11:46 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA09792 for ; Wed, 3 Mar 2004 03:11:18 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AyRTJ-00028U-00 for lemonade@ietf.org; Wed, 03 Mar 2004 03:11:17 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AyRSQ-0001zk-00 for lemonade@ietf.org; Wed, 03 Mar 2004 03:10:22 -0500 Received: from joy.songbird.com ([208.184.79.7]) by ietf-mx with esmtp (Exim 4.12) id 1AyRRi-0001mI-00 for lemonade@ietf.org; Wed, 03 Mar 2004 03:09:38 -0500 Received: from BBFUJIP.brandenburg.com (jay.songbird.com [208.184.79.253]) by joy.songbird.com (8.11.6/8.11.6) with ESMTP id i238Hqd18852; Wed, 3 Mar 2004 00:17:52 -0800 Date: Wed, 3 Mar 2004 17:08:58 +0900 From: Dave Crocker Organization: Brandenburg InternetWorking X-Priority: 3 (Normal) Message-ID: <1614423098.20040303170858@brandenburg.com> To: "Eric Burger" CC: "IETF LEMONADE (E-mail)" Subject: Re: [lemonade] Security Review of URLAUTH In-Reply-To: <4A3384433CE2AB46A63468CB207E209DB1A25D@zoe.office.snowshore.com> References: <4A3384433CE2AB46A63468CB207E209DB1A25D@zoe.office.snowshore.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.7 required=5.0 tests=AWL,PRIORITY_NO_NAME autolearn=no version=2.60 Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Eric, EB> Since we didn't have time to ask for permission, we're posting it anonymously. without violating the anonymity, can you describe the qualifications of the review's author? not lots of detail, just basic stuff. thanks. d/ -- Dave Crocker Brandenburg InternetWorking Sunnyvale, CA USA _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Wed Mar 31 16:25:45 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13789 for ; Wed, 31 Mar 2004 16:25:45 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8nD4-0006Yf-E8 for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 16:25:18 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2VLPIIs025210 for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 16:25:18 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8nD4-0006YX-8S for lemonade-web-archive@optimus.ietf.org; Wed, 31 Mar 2004 16:25:18 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13767 for ; Wed, 31 Mar 2004 16:25:15 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8nD2-0003AN-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 16:25:16 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8nC6-00037J-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 16:24:19 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1B8nBv-000368-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 16:24:07 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8nBp-0006OC-8g; Wed, 31 Mar 2004 16:24:01 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8nB9-0006Na-Hy for lemonade@optimus.ietf.org; Wed, 31 Mar 2004 16:23:19 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13728 for ; Wed, 31 Mar 2004 16:23:16 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8nB7-00035a-00 for lemonade@ietf.org; Wed, 31 Mar 2004 16:23:17 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8nAF-000342-00 for lemonade@ietf.org; Wed, 31 Mar 2004 16:22:24 -0500 Received: from zcars0m9.nortelnetworks.com ([47.129.242.157]) by ietf-mx with esmtp (Exim 4.12) id 1B8n9S-0002zT-00 for lemonade@ietf.org; Wed, 31 Mar 2004 16:21:34 -0500 Received: from zcard309.ca.nortel.com (zcard309.ca.nortel.com [47.129.242.69]) by zcars0m9.nortelnetworks.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id i2VLKwL11778 for ; Wed, 31 Mar 2004 16:20:58 -0500 (EST) Received: by zcard309.ca.nortel.com with Internet Mail Service (5.5.2653.19) id ; Wed, 31 Mar 2004 16:20:59 -0500 Message-ID: From: "Glenn Parsons" To: lemonade@ietf.org Date: Wed, 31 Mar 2004 16:20:55 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C41766.0D3EFC92" Subject: [lemonade] Interim meeting Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.8 required=5.0 tests=AWL,HTML_30_40, HTML_FONTCOLOR_BLUE,HTML_MESSAGE autolearn=no version=2.60 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C41766.0D3EFC92 Content-Type: text/plain; charset="iso-8859-1" Folks, We had agreed on the need for an interim at IETF 59. As a catalyst to get the push/pull documents updated and get some sort of decision before this meeting (which we also agreed :-), I think we need to set a date .... My suggestion is for a one day face-to-face meeting: Wednesday, May 5th Nortel Networks Campus Richardson, TX Let me know if that is agreeable. I'll need to confirm a room and we need to officially announce it... At this meeting I would like to spend our time (in order of priority): - summarizing the push or pull decision for extending IMAP - working out the details of forwarding messages without download based on the chosen model - progressing work on server-server notifications - progressing work on IMAP channel - progressing work on IMAP profile This means that before the meeting I would like to see: - more security reviews of push and pull models (Sam, Derek, Ned, Pete, ...) - updated drafts on push focusing on the authors' mechanism of choice (Pete, Randy, ...) - updated drafts on pull focusing on the authors' mechanism of choice (Mark, Chris, ...) - drafts 'cheerleading' the advantages of push and/or/vs pull ( ???) - solicitation of vendor preference (chairs) - a decision (all :-) Cheers, Glenn. ------_=_NextPart_001_01C41766.0D3EFC92 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Interim meeting

Folks,

We had agreed on the = need for an interim at IETF 59.

As a catalyst to get = the push/pull documents updated and get some sort of decision before = this meeting (which we also agreed :-), I think we need to set a date = ....

My suggestion is for = a one day face-to-face meeting:

   = Wednesday, May 5th
   Nortel = Networks Campus
   = Richardson, TX

Let me know if that = is agreeable.  I'll need to confirm a room and we need to = officially announce it...

At this meeting I = would like to spend our time (in order of priority):

 - summarizing = the push or pull decision for extending IMAP
 - working out = the details of forwarding messages without download based on the chosen = model
 - progressing = work on server-server notifications
 - progressing = work on IMAP channel
 - progressing = work on IMAP profile
 
This means that = before the meeting I would like to see:

 - more = security reviews of push and pull models (Sam, Derek, Ned, Pete, = ...)
 - updated = drafts on push focusing on the authors' mechanism of choice (Pete, = Randy, ...)
 - updated = drafts on pull focusing on the authors' mechanism of choice (Mark, = Chris, ...)
 - drafts = 'cheerleading' the advantages of push and/or/vs pull ( ???)
 - = solicitation of vendor preference (chairs)
 - a decision = (all :-)

Cheers,
Glenn.

------_=_NextPart_001_01C41766.0D3EFC92-- _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Wed Mar 31 17:19:11 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA16274 for ; Wed, 31 Mar 2004 17:19:11 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8o2l-0003Ij-PC for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 17:18:44 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2VMIhEl012690 for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 17:18:43 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8o2l-0003Ib-C5 for lemonade-web-archive@optimus.ietf.org; Wed, 31 Mar 2004 17:18:43 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA16242 for ; Wed, 31 Mar 2004 17:18:39 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8o2j-0005wA-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 17:18:41 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8o1j-0005mr-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 17:17:40 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1B8nzy-0005Yw-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 17:15:50 -0500 Received: from optimus22.ietf.org ([132.151.6.22] helo=optimus.ietf.org) by mx2.foretec.com with esmtp (Exim 4.24) id 1B8nzz-0003Eb-1X for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 17:15:51 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8nrQ-0001og-CS; Wed, 31 Mar 2004 17:07:00 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8nr2-0001jd-Rd for lemonade@optimus.ietf.org; Wed, 31 Mar 2004 17:06:36 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA15477 for ; Wed, 31 Mar 2004 17:06:32 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8nr0-00054b-00 for lemonade@ietf.org; Wed, 31 Mar 2004 17:06:34 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8nq8-00053I-00 for lemonade@ietf.org; Wed, 31 Mar 2004 17:05:41 -0500 Received: from mxout1.cac.washington.edu ([140.142.32.134]) by ietf-mx with esmtp (Exim 4.12) id 1B8npG-0004zp-00 for lemonade@ietf.org; Wed, 31 Mar 2004 17:04:46 -0500 Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.9]) by mxout1.cac.washington.edu (8.12.11+UW04.02/8.12.11+UW04.03) with ESMTP id i2VM4hNj011750; Wed, 31 Mar 2004 14:04:43 -0800 Received: from Tomobiki-Cho.CAC.Washington.EDU (tomobiki-cho.cac.washington.edu [128.95.135.58]) (authenticated bits=0) by smtp.washington.edu (8.12.11+UW04.02/8.12.11+UW04.03) with ESMTP id i2VM4hTW010947 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 31 Mar 2004 14:04:43 -0800 Date: Wed, 31 Mar 2004 14:02:54 -0800 (Pacific Standard Time) From: Mark Crispin To: Glenn Parsons cc: lemonade@ietf.org Subject: Re: [lemonade] Interim meeting In-Reply-To: Message-ID: References: Organization: Networks & Distributed Computing MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 On Wed, 31 Mar 2004, Glenn Parsons wrote: > Wednesday, May 5th > Nortel Networks Campus > Richardson, TX Given that several (most?) of the critical people for this debate are on the west coast, shouldn't a face-to-face be held someplace like San Francisco? Do we really need a face-to-face? -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Wed Mar 31 17:38:32 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA17453 for ; Wed, 31 Mar 2004 17:38:32 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8oLV-0005bE-Jr for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 17:38:05 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2VMc5KN021522 for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 17:38:05 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8oLV-0005b3-BI for lemonade-web-archive@optimus.ietf.org; Wed, 31 Mar 2004 17:38:05 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA17442 for ; Wed, 31 Mar 2004 17:38:01 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8oLS-0007II-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 17:38:02 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8oKU-0007CP-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 17:37:03 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1B8oJb-00076b-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 17:36:07 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8oJW-0005HG-2G; Wed, 31 Mar 2004 17:36:02 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8oJ8-0005Gm-JM for lemonade@optimus.ietf.org; Wed, 31 Mar 2004 17:35:38 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA17208 for ; Wed, 31 Mar 2004 17:35:34 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8oJ6-00074d-00 for lemonade@ietf.org; Wed, 31 Mar 2004 17:35:36 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8oIC-00070z-00 for lemonade@ietf.org; Wed, 31 Mar 2004 17:34:41 -0500 Received: from 216-43-25-66.ip.mcleodusa.net ([216.43.25.66] helo=episteme-software.com) by ietf-mx with esmtp (Exim 4.12) id 1B8oHr-0006zE-00 for lemonade@ietf.org; Wed, 31 Mar 2004 17:34:20 -0500 Received: from [216.43.25.67] (216.43.25.67) by episteme-software.com with ESMTP (Eudora Internet Mail Server X 3.2.3); Wed, 31 Mar 2004 16:33:49 -0600 Mime-Version: 1.0 X-Sender: resnick@resnick1.qualcomm.com Message-Id: X-Mailer: Eudora [Macintosh version 6.1a16] Date: Wed, 31 Mar 2004 16:33:47 -0600 To: Lemonade From: Pete Resnick Cc: Michael StJohns , Derek Atkins Content-Type: text/plain; charset="us-ascii" ; format="flowed" Subject: [lemonade] Push/pull security hallway conversation Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=1.9 required=5.0 tests=AWL,FORGED_MUA_EUDORA autolearn=no version=2.60 I was supposed to get to this right after I got back from Seoul, but never did. I had a hallway conversation with Derek Atkins and Mike St. Johns about security issues in push/pull. The conclusion was that Derek thought doing push or pull was pretty much even security-wise, while Mike thought that pull was *less* secure than push. Derek's analysis pretty much agreed with what's been on the list to date, and he can elaborate in response to this if he wants. (I've Cc'ed Derek, so he can speak for himself.) But Mike's argument seemed pretty persuasive to me (and I seriously tried to argue against it) and he suggested that I post a synopsis of his argument to the list and let him join the discussion as he sees fit. There are two parts Mike's argument which I'll call "Point vs. Continuous Attacks" and "Security Balances". 1. Point vs. Continuous Attacks When calculating the cost of attack for any system, one thing you can look at is whether the attack is a point attack or a continuous attack. Using his terminology, a continuous attack is one where you must break into the system you wish to attack and stay on for some period of time before you can get at the data you are interested in attacking. I take the canonical case here to be a man-in-the-middle attack where you listen for traffic over a period of time and make your attack when the data of interest is available. A point attack is one where you get in, make the attack immediately, and then leave. The example here would be breaking in a stealing a file from a known location on the system and then getting off of the compromised system immediately. Since continuous attacks take indeterminate amounts of time to perpetrate, they are often easier to detect and are therefore harder to accomplish. Point attacks are much harder to defend against. Current IMAP servers are of course subject to some point attacks: If you are able to compromise the IMAP system, you can often get at the user data immediately and get off of the system without being noticed. Current submission servers are really only subject to continuous attacks to steal data: You have to compromise the system and wait for a client to send the data before you can steal the data. In a push scenario, each server still has similar vulnerability: The IMAP server is still subject to point attacks (with the possible added avenue of the attacker being to push his acquired data through SUBMIT, for what that's worth) and the submission server is still subject to continuous attacks. However, in a pull scenario, Mike argues that submission servers will now be subject to point attacks: An attacker who gains access to the submission server will potentially get access to a pull token. Once stolen, the pull token can then be taken and the attacker can leave the submission server, able to download the data from the IMAP server from another machine before the submission server has a chance to actually get the data. This would make the risk scenario for the submission server much different than the current state of affairs. 2. Security Balances Mike described a simple set of security balances that have to be made in any system: Cost of Protection < Cost of Attack Cost of Attack > Value of Data Value of Data > Cost of Protection On any IMAP server now, you protect it according to the above guidelines. So, the cost of attacking the IMAP server must be greater than the value of the data on that IMAP server, which must be greater than the cost of protecting it. Therefore, you protect it (with passwords, firewalling it off, etc.) to the extent that you can get that formula to hold true. Different IMAP servers have different values of the data on them, so each will have different formulas and the cost of protection will be different for each. (Since submission servers require continuous attacks to get at data, the cost of attacks is normally much higher and the cost of protection much lower than the IMAP servers it might serve.) Now you go to introduce the submit mechanism. With push, the equations stay pretty much the same: Whatever the value of the data on the IMAP server, you protect it to the extent that the protection is less than the cost of attack and less than the value of the data. There is an additional piece to protect (the risk that the data will be available through the submission pipe), but since the data gets to that submission pipe through the IMAP server, overall the assessment stays pretty similar. With pull, things change a bit. With point attacks being a possibility, the costs of attack drop on submission servers. Since it is possible for a single submission server to receive submissions from several IMAP servers, it means that you will have to protect the submission server to value of the data coming from the most valuable IMAP server. That potentially increases the cost of protection for the overall system (IMAP+submission) significantly more than with the push scenario. ------------- I hope I have done justice to these arguments. I am by no means a security geek, and I hope Mike will elaborate or correct what I have said as necessary. Everyone's feedback and analysis is requested. pr -- Pete Resnick QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102 _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Wed Mar 31 17:42:14 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA17982 for ; Wed, 31 Mar 2004 17:42:14 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8oP6-00066F-33 for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 17:41:48 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2VMfmT9023447 for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 17:41:48 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8oP5-000666-Of for lemonade-web-archive@optimus.ietf.org; Wed, 31 Mar 2004 17:41:47 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA17957 for ; Wed, 31 Mar 2004 17:41:43 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8oP3-00007V-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 17:41:45 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8oNx-0007i5-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 17:40:40 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1B8oMS-0007QW-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 17:39:04 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8oMS-0005mE-NX; Wed, 31 Mar 2004 17:39:04 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8oLW-0005bf-Np for lemonade@optimus.ietf.org; Wed, 31 Mar 2004 17:38:08 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA17449 for ; Wed, 31 Mar 2004 17:38:02 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8oLU-0007IX-00 for lemonade@ietf.org; Wed, 31 Mar 2004 17:38:04 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8oKX-0007Cf-00 for lemonade@ietf.org; Wed, 31 Mar 2004 17:37:05 -0500 Received: from 216-43-25-66.ip.mcleodusa.net ([216.43.25.66] helo=episteme-software.com) by ietf-mx with esmtp (Exim 4.12) id 1B8oJy-000767-00 for lemonade@ietf.org; Wed, 31 Mar 2004 17:36:30 -0500 Received: from [216.43.25.67] (216.43.25.67) by episteme-software.com with ESMTP (Eudora Internet Mail Server X 3.2.3); Wed, 31 Mar 2004 16:36:00 -0600 Mime-Version: 1.0 X-Sender: resnick@resnick1.qualcomm.com Message-Id: X-Mailer: Eudora [Macintosh version 6.1a16] Date: Wed, 31 Mar 2004 16:35:55 -0600 To: Lemonade From: Pete Resnick Cc: Michael StJohns , Derek Atkins Content-Type: text/plain; charset="us-ascii" ; format="flowed" Subject: [lemonade] Push/pull security hallway conversation Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=1.9 required=5.0 tests=AWL,FORGED_MUA_EUDORA autolearn=no version=2.60 [Apologies for the resend; I screwed up Derek's address in the first sending. Please reply to this instead.] I was supposed to get to this right after I got back from Seoul, but never did. I had a hallway conversation with Derek Atkins and Mike St. Johns about security issues in push/pull. The conclusion was that Derek thought doing push or pull was pretty much even security-wise, while Mike thought that pull was *less* secure than push. Derek's analysis pretty much agreed with what's been on the list to date, and he can elaborate in response to this if he wants. (I've Cc'ed Derek, so he can speak for himself.) But Mike's argument seemed pretty persuasive to me (and I seriously tried to argue against it) and he suggested that I post a synopsis of his argument to the list and let him join the discussion as he sees fit. There are two parts Mike's argument which I'll call "Point vs. Continuous Attacks" and "Security Balances". 1. Point vs. Continuous Attacks When calculating the cost of attack for any system, one thing you can look at is whether the attack is a point attack or a continuous attack. Using his terminology, a continuous attack is one where you must break into the system you wish to attack and stay on for some period of time before you can get at the data you are interested in attacking. I take the canonical case here to be a man-in-the-middle attack where you listen for traffic over a period of time and make your attack when the data of interest is available. A point attack is one where you get in, make the attack immediately, and then leave. The example here would be breaking in a stealing a file from a known location on the system and then getting off of the compromised system immediately. Since continuous attacks take indeterminate amounts of time to perpetrate, they are often easier to detect and are therefore harder to accomplish. Point attacks are much harder to defend against. Current IMAP servers are of course subject to some point attacks: If you are able to compromise the IMAP system, you can often get at the user data immediately and get off of the system without being noticed. Current submission servers are really only subject to continuous attacks to steal data: You have to compromise the system and wait for a client to send the data before you can steal the data. In a push scenario, each server still has similar vulnerability: The IMAP server is still subject to point attacks (with the possible added avenue of the attacker being to push his acquired data through SUBMIT, for what that's worth) and the submission server is still subject to continuous attacks. However, in a pull scenario, Mike argues that submission servers will now be subject to point attacks: An attacker who gains access to the submission server will potentially get access to a pull token. Once stolen, the pull token can then be taken and the attacker can leave the submission server, able to download the data from the IMAP server from another machine before the submission server has a chance to actually get the data. This would make the risk scenario for the submission server much different than the current state of affairs. 2. Security Balances Mike described a simple set of security balances that have to be made in any system: Cost of Protection < Cost of Attack Cost of Attack > Value of Data Value of Data > Cost of Protection On any IMAP server now, you protect it according to the above guidelines. So, the cost of attacking the IMAP server must be greater than the value of the data on that IMAP server, which must be greater than the cost of protecting it. Therefore, you protect it (with passwords, firewalling it off, etc.) to the extent that you can get that formula to hold true. Different IMAP servers have different values of the data on them, so each will have different formulas and the cost of protection will be different for each. (Since submission servers require continuous attacks to get at data, the cost of attacks is normally much higher and the cost of protection much lower than the IMAP servers it might serve.) Now you go to introduce the submit mechanism. With push, the equations stay pretty much the same: Whatever the value of the data on the IMAP server, you protect it to the extent that the protection is less than the cost of attack and less than the value of the data. There is an additional piece to protect (the risk that the data will be available through the submission pipe), but since the data gets to that submission pipe through the IMAP server, overall the assessment stays pretty similar. With pull, things change a bit. With point attacks being a possibility, the costs of attack drop on submission servers. Since it is possible for a single submission server to receive submissions from several IMAP servers, it means that you will have to protect the submission server to value of the data coming from the most valuable IMAP server. That potentially increases the cost of protection for the overall system (IMAP+submission) significantly more than with the push scenario. ------------- I hope I have done justice to these arguments. I am by no means a security geek, and I hope Mike will elaborate or correct what I have said as necessary. Everyone's feedback and analysis is requested. pr -- Pete Resnick QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102 _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Wed Mar 31 22:11:17 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA29049 for ; Wed, 31 Mar 2004 22:11:16 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8sbS-0005hY-Ag for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 22:10:50 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i313AoXE021917 for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 22:10:50 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8sbS-0005hQ-3q for lemonade-web-archive@optimus.ietf.org; Wed, 31 Mar 2004 22:10:50 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA29033 for ; Wed, 31 Mar 2004 22:10:46 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8sbP-0000o3-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 22:10:47 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8saT-0000jH-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 22:09:50 -0500 Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1B8sZw-0000gc-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 22:09:16 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8sZp-0005aH-3t; Wed, 31 Mar 2004 22:09:09 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8sZV-0005Yb-8K for lemonade@optimus.ietf.org; Wed, 31 Mar 2004 22:08:49 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA28993 for ; Wed, 31 Mar 2004 22:08:45 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8sZS-0000fQ-00 for lemonade@ietf.org; Wed, 31 Mar 2004 22:08:46 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8sYU-0000cZ-00 for lemonade@ietf.org; Wed, 31 Mar 2004 22:07:46 -0500 Received: from zcars04f.nortelnetworks.com ([47.129.242.57]) by ietf-mx with esmtp (Exim 4.12) id 1B8sXb-0000YM-00 for lemonade@ietf.org; Wed, 31 Mar 2004 22:06:51 -0500 Received: from zcard309.ca.nortel.com (zcard309.ca.nortel.com [47.129.242.69]) by zcars04f.nortelnetworks.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id i31368921046; Wed, 31 Mar 2004 22:06:08 -0500 (EST) Received: by zcard309.ca.nortel.com with Internet Mail Service (5.5.2653.19) id ; Wed, 31 Mar 2004 22:06:08 -0500 Message-ID: From: "Glenn Parsons" To: "'Mark Crispin'" Cc: lemonade@ietf.org Subject: RE: [lemonade] Interim meeting Date: Wed, 31 Mar 2004 22:06:07 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C41795.E55828A4" Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.8 required=5.0 tests=AWL,HTML_30_40, HTML_FONTCOLOR_BLUE,HTML_MESSAGE autolearn=no version=2.60 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C41795.E55828A4 Content-Type: text/plain; charset="iso-8859-1" > Given that several (most?) of the critical people for this debate are on > the west coast, shouldn't a face-to-face be held someplace like San > Francisco? > I am hoping the debate will happen before this meeting on the mailing list. > Do we really need a face-to-face? > I think so if we are to progress the work. Glenn. ------_=_NextPart_001_01C41795.E55828A4 Content-Type: text/html; charset="iso-8859-1" RE: [lemonade] Interim meeting

    Given that several (most?) of the critical people for this debate are on
    the west coast, shouldn't a face-to-face be held someplace like San
    Francisco?

I am hoping the debate will happen before this meeting on the mailing list.

    Do we really need a face-to-face?

I think so if we are to progress the work.

Glenn.

------_=_NextPart_001_01C41795.E55828A4-- _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade From exim@www1.ietf.org Wed Mar 31 22:39:48 2004 Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA29927 for ; Wed, 31 Mar 2004 22:39:48 -0500 (EST) Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8t34-0007UD-95 for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 22:39:22 -0500 Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i313dMwH028773 for lemonade-archive@odin.ietf.org; Wed, 31 Mar 2004 22:39:22 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8t33-0007Tz-R2 for lemonade-web-archive@optimus.ietf.org; Wed, 31 Mar 2004 22:39:22 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA29816 for ; Wed, 31 Mar 2004 22:39:17 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8t30-0002WO-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 22:39:18 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8t23-0002OO-00 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 22:38:20 -0500 Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1B8t0n-0002HA-04 for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 22:37:01 -0500 Received: from optimus22.ietf.org ([132.151.6.22] helo=optimus.ietf.org) by mx2.foretec.com with esmtp (Exim 4.24) id 1B8smI-0003n1-JO for lemonade-web-archive@ietf.org; Wed, 31 Mar 2004 22:22:02 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8smG-0006Ev-Ow; Wed, 31 Mar 2004 22:22:00 -0500 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B8sm6-0006Ea-FM for lemonade@optimus.ietf.org; Wed, 31 Mar 2004 22:21:50 -0500 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA29241 for ; Wed, 31 Mar 2004 22:21:46 -0500 (EST) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B8sm3-0001Qa-00 for lemonade@ietf.org; Wed, 31 Mar 2004 22:21:47 -0500 Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B8sl0-0001Mr-00 for lemonade@ietf.org; Wed, 31 Mar 2004 22:20:43 -0500 Received: from mxout2.cac.washington.edu ([140.142.33.4]) by ietf-mx with esmtp (Exim 4.12) id 1B8sk1-0001H3-00 for lemonade@ietf.org; Wed, 31 Mar 2004 22:19:41 -0500 Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.139]) by mxout2.cac.washington.edu (8.12.11+UW04.02/8.12.11+UW04.03) with ESMTP id i313JeDg012881; Wed, 31 Mar 2004 19:19:40 -0800 Received: from Tomobiki-Cho.CAC.Washington.EDU (tomobiki-cho.cac.washington.edu [128.95.135.58]) (authenticated bits=0) by smtp.washington.edu (8.12.11+UW04.02/8.12.11+UW04.03) with ESMTP id i313JeCd007939 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 31 Mar 2004 19:19:40 -0800 Date: Wed, 31 Mar 2004 19:19:26 -0800 (Pacific Standard Time) From: Mark Crispin To: Glenn Parsons cc: lemonade@ietf.org Subject: RE: [lemonade] Interim meeting In-Reply-To: Message-ID: References: Organization: Networks & Distributed Computing MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: lemonade-admin@ietf.org Errors-To: lemonade-admin@ietf.org X-BeenThere: lemonade@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: Enhancements to Internet email to support diverse service enivronments List-Post: List-Help: List-Subscribe: , X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60 I think that we should have a face-to-face or a mailing list discussion but not both. Past history suggests that a useful mailing list discussion won't happen since everybody will expect the "real" discussion to happen in the face-to-face and will wait for that. I also suggest again that if there must be a face-to-face (I remain skeptical) that it be held someplace more convenient than Texas. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade