spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: the inevitability of SRS

2004-01-13 19:21:32
from [Philip Gladstone] [Permanent Link] 
Meng Weng Wong wrote:


I would be happy to release a Mail::SRS::DBI subclass that performs the
rewrite to a 32 char HMAC plus 32 char DB key or something like that.

The point of publishing an SRS standard was so that an intermediary
could replace   A-B(_at_)C   with   A-D(_at_)E  instead of having to do
A-B-C-D(_at_)E(_dot_)  If the whole thing gets shoved into a DB there's no need 
for
a standard syntax with delimiters and whatnot.
I'm not sure that you can do this. In particular, E cannot know whether the previous entry had the correct hash or not. I think that the only solution is to use a database to perform the mapping. I'd be inclined to HMAC the sender using a secret key. Then just send the message on with bounce-<hash> as the sender. You need to store the mapping from hash to sender in a database, along with some timeouts. I'm not entirely certain why we should use an HMAC rather than a hash, but it seems to provide a little extra security for very little extra cost. 

Philip

--
Philip Gladstone
* Check out the live pondcam at http://pond.gladstonefamily.net

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  MX and TXT, Marc Alaia
Next by Date:  Re: Lawsuits, angry business users, and SPF stupidity., Bob Tanner
Previous by Thread:  Re: the inevitability of SRS, Roy Badami
Next by Thread:  Re: the inevitability of SRS, Ask Bjørn Hansen
Indexes:  [Date] [Thread] [Top] [All Lists]