On Tue, 13 Nov 2007 18:32:49 PST, Douglas Otis said:
Message content offers little assurance of its origination. Where to
reach for the message is more significant. The TBR extension offers
both an assured last hop IP address and a domain of origination.
Often the origination of content is more important than the results
of a scanning process. Receivers would be foolish to trust the
results of content scanning alone.
OK. Let me get this straight. We get an inbound connection from a possibly
dodgy source address, like a probably compromised cablemodem box, and we
then take the address *they provide us* and use that as some sort of
"verification"?
What's wrong with this picture? (Hint - what are the chances that a hypothetical
connection from said abused cablemodem, if it uses TBR, will point at either
the *same* address, or yet another abused cablemodem? Consider the use of
fast-flux DNS changers when you ponder this - there's no reason why you won't
find that tbr-server.fast-flux-r-us.com *won't* point at a cablemodem.)
pgpd9l0CvBT8y.pgp
Description: PGP signature