On May 21, 2008, at 6:46 PM, Douglas Otis wrote:
RFC 3340,1,3 apex=
RFC 3191 [/] SMS= (example)
RFC 3192 FAX=
RFC 3804 VPIM=, VOICE=, AMIS=
http://www.openspf.org/SRS
(original paper used "#" instead of "=" and example uses "+")
http://www.libsrs2.org/srs/srs.pdf
SRS0=
SRS1=
http://cr.yp.to/proto/verp.txt
Where "=" replaces "@" for local-part cascaded addresses.
list-lp"-"subscrib-lp"="subscrib-dom(_at_)list-dom
This means verp overlaps with "tag=" convention.
By changing the BATV tag ABNF from:
tag-type = 1*( DIGIT / ALPHA / "-" )
to:
tag-type = ALPHA *( ALPHA / DIGIT )
BATV could then rely upon the use of the "-" in Verp to ensure
differentiation.
By omitting the timer, a need to standardize algorithms is driven
solely by the need to ensure compatible tag generation. When only a
secret change permits the generation of tags, some of the timer digits
should be allocated as selectors.
One implementation might be:
"pih="[pass-phrase:1][index:3][hash:4]"="
Where index is incremented when abuse is detected.
Another might be:
"pwh="[pass-phrase:1][week:2][hash:4]"=".
week = (((epoch-sec + hash(pass-phrase) % 604800) % 31449600) / 604800;
hash = hash(pass-phrase + email-address + week + tag) % 65535;
The week interval would include an induced error to distribute the
impact the change may make.
This would tend to automate dealing with abuse, rather than requiring
a response.
-Doug