On Wed, 2005-03-09 at 11:16 -0500, Andrew Newton wrote:
On Mar 9, 2005, at 11:08 AM, Michael Thomas wrote:
This is at best a theoretical problem at this
point, and one that's not likely to affect enterprise too much
(requires an inside job for the most part).
It only takes on compromised laptop in an enterprise to take advantage
of replay. I disagree with the assertion that replay is only a problem
for freemail providers.
I'm sorry, you seem to be arriving at a conclusion that this
is the only way to prevent malicious replays. I'm not there
yet. Why wouldn't the outbound mailer be running spam filters,
for example? And why couldn't an enterprise install software
in both the laptops and edge routers, etc, to be looking for
Zombie-like behavior? I know that we have stuff that does both
of those things. Given these, I remain unconvinced that we need
to roll out a huge new infrastructure on a sort of day-one basis
with mail signing. If it's ultimately needed, fine, but I don't
see anything we're doing _now_ that would prevent us from retrofitting
this approach in _when_ it becomes a real live attack vector. We
have to balance our efforts against spammers make-work attacks
too.
Mike