On Wed, 18 Feb 2004, Daniel Roethlisberger wrote:
Shevek <spf(_at_)anarres(_dot_)org> [2004-02-18/15:33]:
Each user will handle (know?) the secrets?
In this particular instantiation, yes. It may be possible to create an
SRS wrapper which knows the secret, but which is not readable to the
user. The user generally gains nothing from either knowing or selling
the secret, so this probably isn't important. (Since it's inevitably
going to be asked:) If the user is a spammer, then ... why do you have
a spammer as a user? Throw him off.
There's one problem with this reasoning: you might not know that he is a
spammer. When a local user spams from his account, it can be tracked
back to him. If a local user abuses the SRS secret for spamming, it
cannot be tracked back to him. This is a huge difference. Schemes in
which the user knows the SRS secret can only be used on small servers
with a very limited user base, but never for "real world" systems where
you arguably must not trust local users.
Surely large systems which don't trust their users will keep the SMTP
server on a separate system, and just share the .forward files
appropriately?
It strikes me that this is a problem for a "middle bracket" of systems.
Small systems trust the users. Large ones can keep the secret on a
separate system and just say "Use this formula".
There is a middle bracket of systems which only have one host, but don't
trust the users.
I would not like to be responsible for such a system.
In theory, the MTA's mechanism for reading and processing .forward files
should be handling SRS anyway. As I understand it, this question is only
even an issue for the "minimum interference" implementation of SRS. Is
that right?
S.
--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/