Sure; I glossed over that detail. You would keep a couple of
addresses that are valid for bounces, and then rotate them (maybe
every 4 days or so). I'm guessing that this is close to what you're
already doing.
That's basically what I'm doing. The signed bounce includes a day
number and a few characters of hash so bad guys can't guess what a
day's signature would be. Using the hash also means that the SMTP
server can reconstruct any day's signature on the fly, so it doesn't
have to keep a history of what address was used when.
So my question is: Beyond this technique, does the crypto piece add
enough additional value to be worth the trouble of key management,
etc.?
To me the answer is clearly no unless it can piggybank on key management
from another system like DK.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I shook hands with Senators Dole and Inouye," said Tom, disarmingly.