On Sat, 17 Jan 2004, Keith Moore wrote:
> What I'm after is a means of automating tracing for abuse complaints.
me too. but I don't see how we can do that without providing
non-repudiation.
It is not clear to me that by "hash" you meant digital signature, but
clearly you need a signature for non-repudiation.
otherwise it becomes easy to DoS somebody by forging mail as if it
were from them and generating lots of complaints about it.
We need to be careful to avoid getting too wrapped up in DoS attacks.
The problem is that it's possible with or without a hash and a
signature.
So, I agree we should understand how any proposal permits or supports
DoS attacks, if it does, and we should certainly avoid any amplification
opportunities, but we're not going to prevent DoS with hash validation.
Jim