On Wed, 11 Feb 2004, Meng Weng Wong wrote:
On Wed, Feb 11, 2004 at 06:36:38PM +0000, Roy Badami wrote:
| >>>>> "Meng" == Meng Weng Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>
writes:
| Meng> What do you think of the new Mail::SRS algorithm?
|
| Only skimmed it, but it looks good.
|
| I'm uneasy about the 11-year wrap around of the timestamp, though.
| Are we confident that these won't get archived anywhere? I can't see
| any reason why they should end up in list archives and the like, but
| if they do then come 2015 spammers might start using old archives.
|
| Most of these addresses will no longer be valid, of course, but a few
| will be, and this will probably make SRS (and those hosts running it)
| rather unpopular amongst long-time Internet users.
|
I expect Mail::SRS to contain a series of secrets:
my @secrets = ("recent", "older", "oldest");
The validity period is, what, 1 month? Then we can rotate through
secrets on a monthly basis.
Indeed it does. If you replace your secret once every year, and remove the
old secret after one further year (to deal with the overlap period), then
you will be fine.
Old secrets will be honoured, but new messages will only be generated
with the first secret on the list.
This is what is done.
S.
--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/