On Tue, Jan 13, 2004 at 06:44:09PM -0800, Ask Bj?rn Hansen wrote:
|
| >I'm not sure that you can do this. In particular, E cannot know
| >whether the previous entry had the correct hash or not. I think that
| >the only solution is to use a database to perform the mapping. I'd be
| >inclined to HMAC the sender using a secret key. Then just send the
| >message on with bounce-<hash> as the sender. You need to store the
| >mapping from hash to sender in a database, along with some timeouts.
| >I'm not entirely certain why we should use an HMAC rather than a hash,
| >but it seems to provide a little extra security for very little extra
| >cost.
|
| I am considering how to implement SRS in my forwarder as well. The
| disadvantage of not including the original sender is that you make it
| impossible for the recipient to usefully filter on the envelope sender.
|
Personally I think the 64 char limit is ridiculously short. Who
actually uses that limit?
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡