ietf-mxcomp
[Top] [All Lists]

Re: marid-submitter-02: Recipient's point of view

2004-08-06 09:27:20

On Fri, Aug 06, 2004 at 03:03:14PM +0200, Stephane Bortzmeyer wrote:

They way I understand draft-ietf-marid-submitter-02, it is the
opposite. The SMTP client must derive the submitter from the
2822-headers (see 4.2 "Processing the SUBMITTER Parameter" and
4.3). So, there is no need to send SUBMITTER back into 2822-headers
(just a check, described in 4.3).

...
See above. For instance, I quote  draft-ietf-marid-submitter-02, 4.3 :
 
This should involve no information loss, since the SUBMITTER parameter
is required to contain information derived from the message headers.


HELLLOOOO. Wake Up! We are not playing card games here. 

  *** This is about _security_! ***

We try to defend against attackers here. Spammers, cheaters,
criminals. What makes you think that they will comply to this
requirement?  Expecting the sender to behave well and to provide
redundant information consistently is naive and opening the door to
attacks.


May I ask who in this working group has experience in designing
security protocols?

Hadmut


<Prev in Thread] Current Thread [Next in Thread>