On Sun, 30 Nov 2003 11:33:33 -0800, Claus Assmann
<ca+asrg(_at_)esmtp(_dot_)org> writes:
On Sun, Nov 30, 2003, Scott A Crosby wrote:
How to do it is all sending systems attach a nonce (a random number)
to an email. All DSN's must include a nonce indicating to what this is
a response to. Users have the option to filter based on whether a
correct nonce is attached.
There's no need to invent something new. Use the Message-Id: header.
Not quite. This would be something added on by the email server, and
it doesn't need to be unique among all messages and all senders. By
using cryptography, for instance encoding a counter and a MAC over
just the counter, the mechanism can be made *MUCH* cheaper than
recording the message ID's of all sent messages.
With this implementation, the sender doesn't need to record the nonces
on all outgoing emails. They can accept a DSN, read the counter and
verify its MAC, and accept the DSN only if the counter is both fresh
(less than 10 days old) and has been used at most 5 times.
Storage for the server is one MAC key, one counter, and a list of all
DSN's accepted for delivery in the last 10 days.
Depending on the disclosure or abuse risks of DSN's, (which I don't
fully understand) this could be simplified. We remove the list of
accepted DSN's. This means that a given counter may now be attached to
an unlimited number of times in a 10 day period. In exchange the
server now only needs to store two things, a counter and a MAC key.
Scott
[*] A MAC is a keyed cryptographic hash.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg