At 05:05 PM 5/15/2003 +0100, Jon Kyme wrote:
problem too. As I mentioned before, perhaps we should not store plain
email
addresses - but some form of checksum or something. Even though that
is
susceptible to dictionary attacks, the attacker must know what he is
looking for. This will at least protect against people snooping at
messages.
I don't think it's necc. to specify what steps an implementer needs to
take
to protect/hide the data - just an recommendation that they should take
steps is probably enough. Maybe?
In order to different C/R systems to interoperate they must know whether
a
plain email address is used or a checksum - leaving this to implementors
will kill interoperability. Perhaps this should be an optional feature of
the protocol?
I think you'll find the point raised was regarding stored data.
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg