On May 21, 2008, at 6:46 PM, Douglas Otis wrote:
RFC 3340,1,3 apex=
RFC 3191 [/] SMS= (example)
RFC 3192 FAX=
RFC 3804 VPIM=, VOICE=, AMIS=
(original paper used "#" instead of "=" and example uses "+")
Where "=" replaces "@" for local-part cascaded addresses.
This means verp overlaps with "tag=" convention.
By changing the BATV tag ABNF from:
tag-type = 1*( DIGIT / ALPHA / "-" )
tag-type = ALPHA *( ALPHA / DIGIT )
BATV could then rely upon the use of the "-" in Verp to ensure
By omitting the timer, a need to standardize algorithms is driven
solely by the need to ensure compatible tag generation. When only a
secret change permits the generation of tags, some of the timer digits
should be allocated as selectors.
One implementation might be:
Where index is incremented when abuse is detected.
Another might be:
week = (((epoch-sec + hash(pass-phrase) % 604800) % 31449600) / 604800;
hash = hash(pass-phrase + email-address + week + tag) % 65535;
The week interval would include an induced error to distribute the
impact the change may make.
This would tend to automate dealing with abuse, rather than requiring