[Top] [All Lists]

Re: making mail traceable

2004-01-17 14:11:11

On Sat, 17 Jan 2004, Keith Moore wrote:

    > What I'm after is a means of automating tracing for abuse complaints.

    me too.  but I don't see how we can do that without providing

It is not clear to me that by "hash" you meant digital signature, but
clearly you need a signature for non-repudiation.

    otherwise it becomes easy to DoS somebody by forging mail as if it
    were from them and generating lots of complaints about it.

We need to be careful to avoid getting too wrapped up in DoS attacks.
The problem is that it's possible with or without a hash and a

So, I agree we should understand how any proposal permits or supports
DoS attacks, if it does, and we should certainly avoid any amplification
opportunities, but we're not going to prevent DoS with hash validation.