John> Most of it's pretty good, but section 4.1 on replay attacks is
John> just wrong. It misunderstands what signatures do.
I've just reread it. I think everything in section 4.1 is correct and
accurate.
Hmmn. Can you give an operational definition of an SMTP replay attack
that doesn't involve reading the sender's mind? That's the problem.
As we all know, there's no technical difference between a replay
attack and a message that has a long bcc list.
Also, I am not prepared to concede that even if we can agree on what
an SMTP replay attack is (which I don't think we can), they'll be a
problem. S/MIME and PGP are subject to the exact same kind of
replays, and I'm not aware of that ever being a problem in practice.
Even if it does turn out to be a problem in practice, I don't see why
it is essential to have advance means to prevent replays rather than
going back later to deal with the misbehaving party. Signatures give
you an audit trail, after all.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"A book is a sneeze." - E.B. White, on the writing of Charlotte's Web
PS: Can you tell that I've spent the week hanging out with lawyers?