ietf-mxcomp
[Top] [All Lists]

Re: So here it is one year later...

2005-02-01 01:20:30

On Mon, 2005-01-31 at 23:57, David Woodhouse wrote:
On Mon, 2005-01-31 at 18:23 -0800, Douglas Otis wrote:
I should also note that BATV does not require any outside service to
address abusive bounce messages.  Although SES is similar, it
introduces some security concerns by way of its syntax.

The syntax of each can be treated as if it's entirely opaque, and SES
without any form of validation at the _receiving_ side is then
indistinguishable from BATV in all but cosmetics, surely?

What are the security concerns of which you speak?

This was raised on the CLEAR mailing list by William Leibzon and
responded to by Tony Finch.  Follow the thread.

http://mipassoc.org/pipermail/ietf-clear/2004-November/000133.html

To discuss this issue, it would be best done on the CLEAR reflector:

http://mipassoc.org/mailman/listinfo/ietf-clear

-Doug