On Mar 9, 2005, at 11:08 AM, Michael Thomas wrote:
This is at best a theoretical problem at this
point, and one that's not likely to affect enterprise too much
(requires an inside job for the most part).
It only takes on compromised laptop in an enterprise to take advantage
of replay. I disagree with the assertion that replay is only a problem
for freemail providers.
A specialized DNS server for handling automated revocation is much more
likely to be affective in most enterprises than waiting on the mail
admins to roll keys once they have detected a replay attack, if they
ever do.
-andy