[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Email passwords

To: asrg at ietf.org
Subject: Re: [Asrg] Email passwords
From: Jean-Jacques Puig <Jean-Jacques.Puig at int-evry.fr>
Date: Tue, 13 Jul 2004 11:07:39 +0200
In-reply-to: <005e01c468b6$67607dd0$6b06e29f@asrdxl>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Mail-followup-to: asrg at ietf.org
References: <40F39876.1000500@dwheeler.com> <005e01c468b6$67607dd0$6b06e29f@asrdxl>
Sender: asrg-bounces at ietf.org

Hi,

On Tue, Jul 13, 2004 at 04:50:09PM +0800, dongxiaoli wrote:
> yeah.I thought about the similar idear. I think this will work,but it is not proper for implement in lager-scale,and not too easy to deploy
> for example,you should have a homepage to give your email password.

I may be wrong, but I would say that, in a way, these passwords are
kind of authorization tokens.

There is a difficulty with this scheme: suppose you buy a product
and give your mail address for being informed about expedition,
availability, etc. Most on-line forms will not provide you any way
to put in the token / password.

A friend of mine played with this: he used email addresses built
like this: foo.bar+token at totodomain.net . This way, you give the
token when you give your mail address. Simultaneously, you may have
several tokens and invalidate tokens if it appears that the people /
business you gave it to further distributed your mail address, or
refresh tokens regularly.

Of course, the preferred way for authorizing your friends should be
PGP :). Authorization tokens is useful only for other parties.

I did not play myself with this token stuff because I did not know
how the incorporation of parameters to the mail address through
'+token' actually work; is-it a standardized way for adding
parameters ? Is-it only a name'hack for the domain SMTP server to
deal with ? Can someone point me to references on this point ?

BTW, the Active Spam Killer (ASK - http://www.paganini.net/ask/)
uses this password scheme, for those interested.

--
Jean-Jacques Puig
[homepage] http://www-lor.int-evry.fr/~puig/

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- [Asrg] Email passwords
  - From: David A. Wheeler
- Re: [Asrg] Email passwords
  - From: dongxiaoli

Prev by Date: Re: [Asrg] Email passwords
Next by Date: [Asrg] Email passwords
Previous by thread: Re: [Asrg] Email passwords
Next by thread: Re: [Asrg] Email passwords
Index(es):
- Date
- Thread