ietf-mailsig
[Top] [All Lists]

Re: ] Replay attacks and ISP business models

2005-08-05 06:52:55


On Aug 5, 2005, at 10:23 AM, Michael Thomas wrote:


william(at)elan.net wrote:




On Fri, 5 Aug 2005, Tony Finch wrote:


Its more or less up to the message signer if unique id is there what that unique id is common for. BTW - why do you think per-message keys are much worse (assuming that the settings is such that results are not to be cached)? In my view it cant be any worse then using DNSBL and that seems to be working ok with multiple lists tested for every received message.


I'm sorry, but I have a real hard time seeing how one can cry about the
sky falling wrt the prospects of some domains in the future delegating
large numbers of selectors while on the other hand saying that per- message
lookups to the home domain from every receiver will not. At the very
least, you can't have it both ways.

This "bad-list" lookup would have a minor impact as a negative result. This lookup would not need to be made when the HELO is with the signature's domain. A user-key lookup would likely be just as frequent due to DNS cache concerns. As least with the revocation- identifier there could be a method to eliminate the lookup in most cases. A bad identifier could be safely given a long time to live as well.

-Doug

<Prev in Thread] Current Thread [Next in Thread>