ietf-asrg
[Top] [All Lists]

Re: [Asrg] 3b. SMTP Session Verification - The Forwarding Problem

2004-02-10 18:19:41
I'll try to make this my last word on the subject, since the appropriate forum 
for this discussion is probably the new verification sub-group, and I haven't 
jumped through the necessary hoops to gain posting privs there.

Jon Kyme wrote:
But then, I still can't see what's wrong with tweaking the MAIL FROM.

In an off-list message, Jon clarified that he was alluding to the following 
document.

  http://spf.pobox.com/draft-mengwong-sender-rewrite-01.txt

I make the following observations.

* Sender rewriting is vulnerable to abuse as a mail relay unless the 
implementing MTA generates unique return addresses. (See "Hash Secrets" in 
the referenced document.) VIA has no such vulnerability.

* If "Hash Secrets" are used, then sender rewriting may lose its value as a 
diagnostic trace of the forwarding path. VIA is always useful as a diagnostic 
trace.

* If "Hash Secrets" are used, the implementing MTA must maintain several days 
of secret-to-email-addresse mapping data, or use a reversible cryptographic 
encoding. VIA requires no cryptographic techniques or additional maintenance 
of state.

* Sender rewriting can run afoul of address length limitations unless a "Hash 
Secret" regime is chosen to avoid it. VIA faces no such problem, as it does 
not overload any existing field.

* Sender rewriting makes the return path trustable, so that there is no 
concern of returning a bounce message to an unrelated third party. VIA can 
provide no direct assurance about the return path, but if you accept the 
lemma that "forwarded mail is only accepted from explicitly trusted parties", 
then VIA effectively provides the same assurance, as trusted parties provide 
trustworthy data.

* Sender rewriting introduces network overhead into the bounce process, as 
bounces will be "un-forwarded" through the MTAs they were initially forwarded 
through. VIA maintains the traditional "direct" method of returning bounces.

* I consider "anonymous remailers" to be "remailers" rather than "forwarders". 
If an anonymous remailer wishes to allow replies and/or bounces, it will be 
obliged to use a cryptographically secure mapping between its own addresses 
and the addresses of its clients. VIA is not relevant to this case.

Regards,
TFBW


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg