"william(at)elan" == william(at)elan net <william(_at_)elan(_dot_)net>
writes:
william(at)elan> On Thu, 10 Feb 2005, Sam Hartman wrote:
>> It is entirely appropriate to consider the effects of that
>> attack when evaluating whether MASS actually solves a problem.
>> It is entirely appropriate to try and design MASS to prevent
>> that attack, although as others have pointed out doing so seems
>> to violate other constraints.
william(at)elan> Ok, if you are saying we can design to prevent
william(at)elan> this attack, can you be more specific as to how?
I think John is right: this is a feature of SMTP. Until you are
willing to pay the cost of being able to cryptographically map from
message address to envelope address there doesn't seem to be much that
you can do other than consider the costs of revokation.
I was actually trying to say something much weaker. A valid issue has
been identified and it is appropriate to consider that issue when
evaluating MASS. Moreover the issue needs to either be "solved" or
documented. So far, we seem to be tending towards documenting this
issue rather than solving it.
--Sam