On Wed, 2 Apr 2003 14:23:52 -0800 (PST)
william <william(_at_)elan(_dot_)net> wrote:
But there is actually way to help the situation with porkhash. Since
we know that ever time email is received, there is a verification
request done to the origin server (and messageid is provided too!) -
too many verification requests would signal something maybe wrong
(i.e. you might expect 100 email from that client, maybe if they send
to large email list - 1000, but 1 million - you know something is
wrong). Plus the request can be doublechecked and matched to messageid
(though that requires verification server to be tied to
messagetracking - just like in my proposal).
I actually like this porkhash quite a bit. I'm thinking it can
actually work best if tied to messagetracking (so instead of
messagetracking being plaintext, we now have some crypto
authentication) plus it also ties nicely into opt-out system.
This is also a problem with porkhash: it disenfranchises those without
persistent connections (eg much of the third world). There's still a
heck of a lot of mail tunneled over UUCP these days, or which relies on
disconnected ETRN semantics.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw(_at_)kanga(_dot_)nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg