ietf-mxcomp
[Top] [All Lists]

Re: Bounce Address Tag Validation (BATV)

2004-05-19 04:06:31

Dave Crocker writes:
   <http://brandenburg.com/specifications/draft-crocker-marid-batv-00-06dc.html>

There must be something I've missed. Doesn't the following attack work?

1. Prepare message to be sent in some victim's name.
2. Send the victim some mail calculated to get a response.
3. Wait for the victim's response.
4. Quickly use the (opaque) localpart from step 3 to send the message from step 1.

Arnt


<Prev in Thread] Current Thread [Next in Thread>