Meng Weng Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
On Mon, Oct 06, 2003 at 12:02:48PM -0700, Ted Cabeen wrote:
|
| Would something like a identd for mail work? When a mail is received,
| you connect to the DNS-identified server of the sender, submit a
| messageid and a sender, and get a response as to whether that message
| id was sent by that sender?
mjd has proposed something like this.
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200309/0017.html
Problem is, you don't get the Message-ID until DATA.
Even more radical is djb's Internet Mail 2000.
http://cr.yp.to/im2000.html
The logical extreme is to modify 2821 to insert Habeas-style cookies!
And even then there's the spoofing problem --- a bad guy just reads off
the secret from some incoming mail, and forges using that secret.
True enough. Ahh well.
DJBs thing is quite radical indeed. Hmmm. Must think more.
--
Ted Cabeen http://www.pobox.com/~secabeen
ted(_at_)impulse(_dot_)net
Check Website or Keyserver for PGP/GPG Key BA0349D2
secabeen(_at_)pobox(_dot_)com
"I have taken all knowledge to be my province." -F. Bacon
secabeen(_at_)cabeen(_dot_)org
"Human kind cannot bear very much reality."-T.S.Eliot
cabeen(_at_)netcom(_dot_)com
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡