ietf-asrg
[Top] [All Lists]

Re: [Asrg] porkhash: flexible anti-impersonation mail signatures

2003-04-02 19:50:07

"Bob Atkinson" said:

The key, as I see it, is the use of a timestamp.  Spammers who wish to
replay a valid token, will then have to intercept a message with such
a
token within a small window of time *after* the message was posted
(and
presumably archived on a public webpage for example).

It's reasonably trivial, modulo the usual date-stamp-decoding logic,
to compare the Date header's timestamp with the MAC's timestamp.

But won't the spammer simply forge the timestamps/Date headers in his
message so as to match the MAC's inputs (which he can do no matter how
long ago he stole the MAC)? I guess I don't see how you can thus
usefully compare the MAC with the Date header or other message contents,
but perhaps I'm just being slow at the end of the day.

You might perhaps be able to compare the MAC's timestamp with a window
around the actual time of receipt of the mail, say the instant of the
corresponding STMP RCPT command (or a suitable stand-in). But then the
legitimate guy in the first place is faced with the problem of
predicting exactly when this will occur, which is a times difficult to
do.

Yes, this would have to happen -- forgot to mention that. ;)  And it's
true it's a bit of lossage.  But I reckon that even if the window was 5
days, it'd still hurt spammers without a noticeable degree of collateral
damage.

--j.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>