ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The forged bounce question

2004-07-30 07:19:41
from [Sam Silberman] [Permanent Link] 


----- Original Message ----- 
From: "Michel Bouissou" <michel(_at_)bouissou(_dot_)net>
To: "IETF MARID WG" <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Friday, July 30, 2004 3:39 AM
Subject: Re: The forged bounce question


What about the following idea :

- Suppose that our outgoing SMTP servers encode _all_ of their outgoing

MAIL

FROM with SRS,


The trick is to encode SOMETHING into the 2821.MAILFROM.    MUA/MTAs that
don't know the 'secret' can't forge the MAILFROM.   Take your pick of
encodings BATV/SES/SRS/whatever.

This argument is orthogonal to 2822 identity checking.    Those method do
not need to use the LHS of the 2821.MAILFROM.  Both methods should work fine
in tandom.

-Sam
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Is the back door open?, Andrew Newton
Next by Date:  Re: The forged bounce question, Michel Bouissou
Previous by Thread:  Re: The forged bounce question, Douglas Otis
Next by Thread:  Re: Is the back door open?, Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]