ietf-mxcomp
[Top] [All Lists]

RE: comments on draft-rosenberg-sipping-spam-00.txt

2004-07-15 06:07:00

   Thus, instead of creating DNS entries containing the IP 
address of
   each legitimate relay for a domain, the provider can give each
   legitimate relay a certificate that allows them to authenticate
   themselves as coming from that domain.  Such a technique 
would work
   even in the face of IP address spoofing, which the marid 
techniques
   are susceptible to.

Once again, where is there a practical, or even possible, IP spoofing problem
where the source IP can be spoofed in a TCP (where you need to talk back to
the client machine) connection?

And asymmetric routing doesn't count, because the receiving end of the
asymmetric route isn't going to be in any domain's allowed hosts list (or
said host has worse security problems than being spoofed in a spam run).

-- 
PGP key (0x0AFA039E): 
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
Sometimes it's hard to tell where the game ends and where reality bites,
er, begins. <http://vmyths.com/resource.cfm?id=50&page=1>