On Mar 9, 2005, at 11:28 AM, Michael Thomas wrote:
I'm sorry, you seem to be arriving at a conclusion that this
is the only way to prevent malicious replays.
It doesn't prevent replay. As far as I know, there are no proposals to
prevent it. Should one be proposed, I'd be most interested in looking
at it.
I'm not there
yet. Why wouldn't the outbound mailer be running spam filters,
for example? And why couldn't an enterprise install software
in both the laptops and edge routers, etc, to be looking for
Zombie-like behavior? I know that we have stuff that does both
of those things.
But these measures are inexact at best. Reliance on external
activities to bridge this gap does not seem to be a very sure bet.
Given these, I remain unconvinced that we need
to roll out a huge new infrastructure on a sort of day-one basis
with mail signing.
The words "huge new infrastructure" are a gross mischaracterization of
the mechanism being proposed.
Also, the use of revocation IDs should be an option employed at the
signing domains discretion. Certainly, there will be some
administrative domains that are run on such a tight basis that replay
is not an issue. But for those that find this a problem, it would be
nice to offer some form of mitigation.
-andy