gmane.ietf.asrg

Call for Nominations: Applied Networking Research Prize 2012

Eggert, Lars — 2012-04-10T09:39:25

                       CALL FOR NOMINATIONS:
         
            APPLIED NETWORKING RESEARCH PRIZE (ANRP) 2012
               
                       http://irtf.org/anrp

***    Submit nominations for the 2012 award period of the        ***
***   Applied Networking Research Prize until May 13, 2012!       ***


The Applied Networking Research Prize (ANRP) is awarded for recent
results in applied networking research that are relevant for
transitioning into shipping Internet products and related
standardization efforts. Researchers with relevant, recently
published results are encouraged to apply for this prize, which will
offer them the opportunity to present and discuss their work with
the engineers, network operators, policy makers and scientists that
participate in the Internet Engineering Task Force (IETF) and its
research arm, the Internet Research Task Force (IRTF).

The goal of the Applied Networking Research Prize is to recognize
the best new ideas in networking, and bring them to the IETF and
IRT

[irsg] IRTF IPR Disclosure Rules (fwd)

John R. Levine — 2012-02-17T00:36:32

I don't recall IPR issues ever coming up in the ASRG, but in case they do, 
here is our clarified IPR policy.

Please note the parts about what you are required to disclose.

R's,
John

---------- Forwarded message ----------
Date: Thu, 16 Feb 2012 18:36:35
From: "Eggert, Lars" <lars< at >netapp.com>
Reply-To: "irtf-discuss< at >irtf.org" <irtf-discuss< at >irtf.org>
Subject: [irsg] IRTF IPR Disclosure Rules

Until now, the IRTF didn't have a clearly formulated statement of how IPR is handled by the organization. For the last year, the IRSG has been discussing this topic with the IETF's legal counsel and other community members with a deep understanding of the issues.

The result of this discussion is a short statement describing the IRTF's IPR disclosure rules, which you can find below as well as online at http://irtf.org/ipr. The short version is: the IRTF follows the IETF's IPR disclosure rules. Because researchers participating in the IRTF may not be very familiar with the IETF's rules, the IRTF IPR disclosure rules de

VB2012, Dallas: Call for papers

Martijn Grooten — 2012-02-08T15:30:32

See below. Submissions deadline is in just over a month from now.

Martijn.

Virus Bulletin is seeking submissions from those wishing to present
papers at VB2012, the 22nd Virus Bulletin International Conference,
which will take place 26-28 September 2012 at the Dallas Fairmont
hotel, Dallas, TX, USA.

The conference will include a programme of 30-minute presentations
running in two concurrent streams: Technical and Corporate.
Submissions are invited on all subjects relevant to anti-malware and
anti-spam. In particular, VB welcomes the submission of papers that
will provide delegates with ideas, advice and/or practical techniques,
and encourages presentations that include practical demonstrations of
techniques or new technologies.

Abstracts should be submitted via the online abstract submission
system at http://www.virusbtn.com/conference/abstracts/ and must be
submitted no later than FRIDAY 9th MARCH 2012.

Further details of the paper submission and selection process,
including a list of suggested topics

Paris IETF

John R. Levine — 2012-01-30T19:44:12

It's session scheduling time again.  I'm not going to ask for a session 
for ASRG, since we don't have anything going on to merit one, but if 
people will be there we could arrange to all have lunch one day.

Regards,
John Levine, johnl< at >iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

RFC 6471 and "listing the Internet" as a punishment

Martijn Grooten — 2012-01-24T15:07:50

It was nice to see the RFC being published. Good work.

Then I came across this:

http://blog.vamsoft.com/2012/01/24/ub-black-uribl-com-url-blacklist-started-to-block-everything/

(Vamsoft ORF is a spam-filter.) Basically uribl.com was returning 127.0.0.1 to _all_ queries from nameservers that are sending high volumes (presumably without paying for it) as some kind of punishment. http://uribl.com/ confirms that.

Now, as Vamsoft mentions, it is not a good idea to use third-party nameservers on a server you're making DNS requests from. (Although, unlike openDNS, Google's nameservers do return NXDOMAIN when they can't resolve a domain.) Moreover, it does seem Google's nameservers are now getting REFUSED as a response to any uribl.com request. I was just wondering whether the RFC says anything about this kind of behaviour ('listing' everything as a punishment). To my reading it doesn't.

Martijn.

Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.

FW: RFC 6471 on Overview of Best Email DNS-Based List (DNSBL) OperationalPractices

Murray S. Kucherawy — 2012-01-19T03:38:21

FYI
_______________________________________________
Asrg mailing list
Asrg< at >irtf.org
http://www.irtf.org/mailman/listinfo/asrg

Handling of abusive DNSBL/WL clients

2011-12-22T15:12:08

This spamassassin bug comment provides some information on what happens
when various methods of blocking abusive DNS queries are attempted.
The tests were conducted on dnswl.org, a public email whitelist enabled
by default in spamassassin, and presumably other things.

There seems to be a surprising lack, in RFCs and BCPs, of statements
that clients and forwarding DNS servers should stop querying if they
receive an NXDOMAIN, REFUSED, or an answer with the TLD of "invalid",
which seem likely to help if they were widely implemented.

It also seems like it would be good to define best practices for handling
this situation, quite possibly based on the information below.

SpamAssassin is currently asking DNS black/white list providers
to indicate the client is being blocked via a specified returned
IP value for all queries, in the case of DNSWL, 127.0.0.255.
There has been some debate on what would be an ideal value.
This is not in line with the blacklist BCP's suggestion to check
the values of 127.0.0.1 and 127.

Reminds me of this list the most

2011-12-11T19:24:32

http://tompreston.deviantart.com/art/Welcome-to-the-Internet-273281497

antiphishing idea

Christian Grunfeld — 2011-11-17T18:30:07

Hi,

I dont know if this is exactly the right place for discussing my idea
but I want to do a little bit of brainstorming with experts. I come
with a "crazy" thing but the logic is not so bad ! Please dont tell me
"you are crazy" ! .....at least at first time! :p

Users believe in what they read in the header from of the mail ! Users
don't also know about the existence and differences between envelope
and header From. And they also don't know that those addresses can be
forged. They blindly believe !

My idea is to invert the logic of DNSBLs. That is, instead of asking
third parties about spam/phishing why not asking the domain involved
in envelope and header itself about non-spam ?

Domains should have to publish in their DNSs the message-id (among any
other thing) through a TXT or A record of any legit mail sent by them.
The TTLs of those records can be adjusted to compensate for queued
mails, etc.

When you receive a mail from A and "aparently" from B you can query A
and B DNSs looking for the message-id

Phishing and domain reputation

Martijn Grooten — 2011-11-16T15:18:28

The anti-phishing working group (APWG) published a report on phishing in the first half of 2011:

  http://www.apwg.org/reports/APWG_GlobalPhishingSurvey_1H2011.pdf

Lots of statistics on phishing, such as a significant rise in attacks compared to the previous six months, which was largely due to attacks on Chinese organisations and their customers.

One thing I found interesting, and which prompted me to post about it here, is that only 2% of the phishing domains contained the brand name of a variation thereof (e.g. paypaI dot com) and they've only seen two examples of phishing attacks using IDNs and homographs (e.g. fácebook dot com) in since 2007.

Also, only 18% of the domains used (down from 28%) were registered by the phishers themselves; the other domains were hacked or compromised.

It suggests that phishers do care about the reputation of domains as used by email/web filters (does the domain have a history of legitimate content?), but little about reputation among users (does the domain look like t

anti-spam updates for ISOC from the ASRG (fwd)

John R. Levine — 2011-11-14T09:40:49

---------- Forwarded message ----------
Date: Mon, 14 Nov 2011 16:16:23 +0800
From: Joel M Snyder <Joel.Snyder< at >Opus1.COM>
Subject: anti-spam updates for ISOC from the ASRG

I am working with Sally Wentworth at ISOC on an update to ISOC's 
anti-spam web pages.  I wonder if the ASRG folks would be willing to take a 
look at what Sally sent out and offer up any comments or suggestions?

Sally's motivation is that some ITU Member States are proposing to define spam 
and include provisions related to spam in the ITR treaty at the WCIT.  In 
preparation for this, she thought it was time to update ISOC's anti-spam 
websites to highlight what the technical, policy and commercial communities are 
doing to combat spam and unwanted traffic (without the "assistance" of a 
treaty).

Here are the questions I have. I don't know whether you're comfortable with 
just passing them along (which would be fine with me) or whether you think I 
should try and connect more directly or whether you think  I should just go 
away and b

Request to publish draft-irtf-asrg-bcp-blacklists-10

Lars Eggert — 2011-10-24T06:32:28

Hi, RFC Editor,

please publish draft-irtf-asrg-bcp-blacklists-10 as an Informational IRTF RFC.

The document has been approved for publication by the IRSG and also received RFC5742 review by the IESG.

See http://trac.tools.ietf.org/group/irtf/trac/ticket/47 for details and history. Specifically, see this comment for edits to the document that you should perform: http://wiki.tools.ietf.org/group/irtf/trac/ticket/47#comment:7

Please copy all correspondence to the document shepherd, John Levine (johnl< at >iecc.com).

Thanks,
Lars_______________________________________________
Asrg mailing list
Asrg< at >irtf.org
http://www.irtf.org/mailman/listinfo/asrg

Greylisting BCP

Murray S. Kucherawy — 2011-10-18T19:01:21

After some chatter inside MAAWG and on the ietf-smtp mailing list, I've started an outline for a BCP on the practice of greylisting.  The main purpose is to explain what it is, discuss the pros and cons of its variants, and give some recommendations for implementation and configuration for a few example installations and policies.

The draft (which is currently only an outline) is here: https://datatracker.ietf.org/doc/draft-kucherawy-greylisting-bcp/

Comments welcome.

-MSK
_______________________________________________
Asrg mailing list
Asrg< at >irtf.org
http://www.irtf.org/mailman/listinfo/asrg

Opt-Out ideas/suggestions?

Fredrik Pettai — 2011-09-22T08:45:14

Hi,

I'm wondering where I can find any information about discussed opt-out ideas? I only found these old ones in the archives:

http://www.ietf.org/mail-archive/web/asrg/current/msg02082.html
http://www.ietf.org/mail-archive/web/asrg/current/msg02167.html
http://www.ietf.org/mail-archive/web/asrg/current/msg02252.html
http://www.ietf.org/mail-archive/web/asrg/current/msg02280.html

Has there been any more discussions regarding opt-out (which I must have missed), or is the opt-out track abandoned?
Is there a subgroup I should join for further discussions regarding opt-out?

Regards,
/P

Request for RFC5742 review of draft-irtf-asrg-bcp-blacklists

Lars Eggert — 2011-09-20T06:17:26

Hi, IESG secretary (BCC'ed),

this is a request for the IESG to perform a RFC5742 review of the following draft from the ASRG, to be published as an RFC on the IRTF Stream:

- draft-irtf-asrg-bcp-blacklists-10 (Informational RFC)

The document has been approved for publication by the IRSG. See http://trac.tools.ietf.org/group/irtf/trac/ticket/47 for details on prior reviews. Please copy all correspondence to the document shepherd, John Levine (johnl< at >iecc.com).

Thanks,
Lars
_______________________________________________
Asrg mailing list
Asrg< at >irtf.org
http://www.irtf.org/mailman/listinfo/asrg

[irsg] Comments on draft-irtf-asrg-bcp-blacklists-09 (fwd)

John R. Levine — 2011-09-12T13:08:22

These are the comments on the DNSBL BCP.  I think they are minor enough 
that we can just ask the RFC editor to deal with them.

Regards,
John Levine, johnl< at >iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

---------- Forwarded message ----------
Date: Mon, 25 Jul 2011 17:32:47 +0200
From: Olivier Festor <Olivier.Festor< at >inria.fr>
To: Lars Eggert <lars.eggert< at >nokia.com>, "<irsg< at >irtf.org>" <irsg< at >irtf.org>
Cc: Olivier Festor <Olivier.Festor< at >loria.fr>
Subject: [irsg] Comments on draft-irtf-asrg-bcp-blacklists-09

Dear Lars

Please find below my comments following the review of draft-irtf-asrg-bcp-blacklists-09.

Overall the document is of good quality and contains useful information for DNSBL operators as well as users. References are accurate.

I will also upload the comments on the tracking system as soon as I found out how to do it ;-)

Best Regards

/Olivier Festor

Detailed comments :

  Introduction

  RHSBL :

  ->give a

Blacklisting email accounts?

Jason W. — 2011-08-30T22:08:40

(Maybe my google-fu isn't up to par and this has been discussed
previously - if so, my apologies)

With PCs being owned and email accounts being owned, has anyone
considered blacklisting individual email accounts? Within the past
month, I've gotten an influx of spam from people who I have
communicated with. Given the content, I doubt these people would be
sending me random links to foreign websites designed to own my PC.
Some of these senders are people who I haven't communicated with in
years, but my email address is probably in their email box or address
book. It's all been consumer-grade email (Comcast, AOL, Yahoo, etc.)
from people for whom it would not be a stretch to imagine them getting
owned.

Considering that some of these providers don't seem to be interested
in cleaning up their outbound mail, has anyone considered blacklisting
email accounts like we do IPs/hostnames? I do this for my personal
mail stream, and it scales - get a spam from an owned person I don't
need email from, drop 'em in the loc

URL shorteners, spam and DNS

Martijn Grooten — 2011-08-22T16:35:05

URL shorteners (bit.ly, goo.gl, tinyurl.com etc.) have become popular in recent years for rather obvious reasons. They are being used by spammers for equally obvious reasons - both in email and on other platforms (e.g. Twitter).

A filter that checks URLs/domains against a blacklist will either miss the bad domains hidden behind the shorteners or, if they blacklist the shortener, find itself blocking legitimate messages. Do Not Use (third-party) URL Shorteners is sound advice to those sending email, but it's not going to stop random users from copying shortened URLs from Twitter or Facebook and pasting them into emails and shortened URLs are unlikely to stop featuring on Twitter.

Tell those providing shorteners to check URLs against blacklists is also a good idea - and probably necessary for them to stop ending up on blacklists themselves - but if a filter happens to prefer a different blacklist it doesn't help much. (I also don't know if checks are made every time someone clicks on the link or just when th

VB2011 Barcelona - Call for last-minute papers

Martijn Grooten — 2011-08-22T14:53:35

See below.

Martijn.



You may already have seen this elsewhere - in which case please
accept my apologies for bombarding you with the same information
- but I would like to bring to your attention the call for
last-minute papers for VB2011, the 21st Virus Bulletin
International anti-malware and anti-spam conference.

The conference will include a programme of 30-minute
presentations running in two concurrent streams: Technical and
Corporate, the running order for which has already been
finalized and can be seen at
http://www.virusbtn.com/conference/vb2011/programme/.

In addition to the scheduled presentations, a portion of the
technical stream has been set aside for last-minute
presentations. VB is now seeking submissions for these
last-minute presentations.

The last-minute presentations will be selected by a committee
who will be looking for presentations dealing with
up-to-the-minute specialist topics.

Those selected for the last-minute presentations will be
notified 18 days prior to the conference st

Call for Nominations: Applied Networking Research Prize(ANRP) for IETF-82

Lars Eggert — 2011-08-02T13:41:55


               CALL FOR NOMINATIONS:

      APPLIED NETWORKING RESEARCH PRIZE (ANRP)
      
               http://irtf.org/anrp


*** Submit nominations until August 28 for the ANRP for IETF-82,
*** November 13-18, 2011 in Taipei, Taiwan:
*** http://fit.nokia.com/anrp/82/

The Applied Networking Research Prize (ANRP) is awarded for
recent results in applied networking research that are relevant
for transitioning into shipping Internet products and related
standardization efforts. Researchers with relevant, recently
published results are encouraged to apply for this prize, which
will offer them the opportunity to present and discuss their work
with the engineers, network operators, policy makers and
scientists that participate in the Internet Engineering Task
Force (IETF) and its research arm, the Internet Research Task
Force (IRTF). Third-party nominations for this prize are also
encouraged. The goal of the Applied Networking Research Prize
(ANRP) is to recognize the best new ideas in networking, and
bring

ASRG lunch at IETF 81 ?

John R. Levine — 2011-07-06T18:32:37

I asked if anyone was interested in an ASRG lunch, and only saw one reply. 
I'm perfectly happy to have lunch only with him, but surely there's more 
than the two of us going.

Regards,
John Levine, johnl< at >iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly