On Tue, 2005-01-18 at 10:23 -0800, william(at)elan.net wrote:
On Tue, 18 Jan 2005, Douglas Otis wrote:
If there is a revocation scheme using records just to revoke specific
accounts (identified within the header with u=xyz01234 as example), then
acceptance of the message may conditioned upon an address lookup of:
xyz01234._arl.<domain>.
Lets assume bad guy (a spammer) got hold of the domain-specific private key.
Removal of the selected domain key altogether could be a reasonable
approach. After all, loss of the private key should not happen very
often. Otherwise, there are more serious issues with the domain.
Let me tell you what is going to happen instead, spammer is going to either:
1. Use the same uid that legitimate domain owner used in recent emails OR
Although this is not done currently, with the exception of the signature
itself, signature header settings could be included within the
signature. As an alternative, this identifier could be required to
match that of a specific field contained already within the message. It
would be easier to keep this identifier independent. Perhaps the
identifier could be included within a separate header if required, but
then this opens the door for some spoofing.
With the signature header settings included, without the private portion
of the key, the spammer would not be able to create a valid signature
for a message with a forged identifier. With this identifier included
within the signature header, including this information via the message
would be impossible.
-Doug