ietf-822
[Top] [All Lists]

Re: [ietf-822] one can re-sign without a permission to re-sign header

2014-05-05 21:34:46
On Mon, May 5, 2014 at 7:01 PM, John Levine <johnl(_at_)taugh(_dot_)com> wrote:

That would provide some replay protection, especially if the forwarder
checks for duplicate message-ids (the recipient could also check for
dupes). Without it, I could see one of your messages on a list, then
send messages to everyone on the list, pretending to be you.

You could, but now we're back to whether we believe that list managers
act to keep crud out of their lists.  In general, I observe that they
do, so I don't see any point to adding features that assume that
managers will just sit there and allow subscribers to abuse their
lists.


This sounds a lot like what ATPS turned out to be, except that it didn't
give much thought to replay protection.  Maybe we can build on that instead?

-MSK
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822