spf-discuss
[Top] [All Lists]

Re: SRS and the 11 year period

2004-02-18 10:31:14
On Wed, Feb 11, 2004 at 02:12:41PM -0500, Meng Weng Wong wrote:
On Wed, Feb 11, 2004 at 06:36:38PM +0000, Roy Badami wrote:
| >>>>> "Meng" == Meng Weng Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> 
writes:
|     Meng> What do you think of the new Mail::SRS algorithm?
| 
| Only skimmed it, but it looks good.
| 
| I'm uneasy about the 11-year wrap around of the timestamp, though.
| Are we confident that these won't get archived anywhere?  I can't see
| any reason why they should end up in list archives and the like, but
| if they do then come 2015 spammers might start using old archives.
| 
| Most of these addresses will no longer be valid, of course, but a few
| will be, and this will probably make SRS (and those hosts running it)
| rather unpopular amongst long-time Internet users.
| 

I expect Mail::SRS to contain a series of secrets:

  my @secrets = ("recent", "older", "oldest");

The validity period is, what, 1 month?  Then we can rotate through
secrets on a monthly basis.

Old secrets will be honoured, but new messages will only be generated
with the first secret on the list.

So the proposal is for one secret per server or per domain (as it was
suggested in an earlier message)?

What if two different companies are MX's for the same domain?  What do
they do about the common secrets?  Are they willing to take the risk
that the secrets on the other server might be  exposed?
  
Mate
-- 
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis  
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html