[Top] [All Lists]

Re: Lose the time stamp in BATV

2008-05-22 10:52:48
On 2008-05-20 00:15:25 -0400, John R Levine wrote:
It occurs to me that the majority of BATV's interoperability problems are 
due to the time stamp.  Let's assume for the moment that we simplify a 
BATV signature to something like this:


The D is still a version number, and the HHH is a hash, but there's no 
timestamp.  Now, unless you change your key, which seems pretty rare in 
practice, a given plain address always turns into the same BATV address.

If you want BATV addresses to be stable over time you may want to use a
different secret for each address. My (admittedly very limited)
experience with blowbacks is that only a few addresses so are affected.
I assume these were harvested from mailing-list archives, address-books,
mailfolders, etc. So it is likely that when you need to switch to the
next value of D because a BATV address is used by a spammer, the next
version of the address will soon be used, too. OTOH, another user of the
same domain won't be affected at all and will want to continue using his
old BATV address. 

Now if you have a mailing list manager that recognizes senders by bounce 
address, it works fine, because each sender always has the same bounce 
address.  (The bounce address won't match the From: address, but it is my 
impression that software that keys on bounce address is unlikely to be 
picky about From: addresses.)  There will be a one-time issue when a 
sending site starts using BATV, but that's a whole lot less pain than when 
your bounce address changes every day.

I think most people these days use web interface to subscribe to
mailing-lists. People probably don't know their current BATV address, so
a user will enter 'john(_dot_)doe(_at_)example(_dot_)com' into the web form. He 
will get
the confirmation mail to this address, click on the confirmation url,
and get all the mails delivered to this address. So it appears to work
fine. Until he actually tries to send mail to the list - the mail comes
from prv=53638f9=john(_dot_)doe(_at_)example(_dot_)com, which doesn't match the 
he's subscribed with, so it will be rejected. (Most mailinglists allow
additional poster addresses. But users often have trouble doing this
right and mailing-list admins vary in their willingness to accommodate

What you lose is the ability to reject bounces to mail sent a long time 

Rather: Reject bounces to mail sent with a sender address which was
harvested a long time ago. 


   _  | Peter J. Holzer    | It took a genius to create [TeX],
|_|_) | Sysadmin WSR       | and it takes a genius to maintain it.
| |   | hjp(_at_)hjp(_dot_)at         | That's not engineering, that's art.
__/   | |    -- David Kastrup in comp.text.tex

Attachment: signature.asc
Description: Digital signature

<Prev in Thread] Current Thread [Next in Thread>