On Wed, Feb 18, 2004 at 06:19:35PM +0000, Shevek wrote:
On Wed, 18 Feb 2004, Daniel Roethlisberger wrote:
Shevek <spf(_at_)anarres(_dot_)org> [2004-02-18/15:33]:
Each user will handle (know?) the secrets?
In this particular instantiation, yes. It may be possible to create an
SRS wrapper which knows the secret, but which is not readable to the
user. The user generally gains nothing from either knowing or selling
the secret, so this probably isn't important. (Since it's inevitably
going to be asked:) If the user is a spammer, then ... why do you have
a spammer as a user? Throw him off.
There's one problem with this reasoning: you might not know that he is a
spammer. When a local user spams from his account, it can be tracked
back to him. If a local user abuses the SRS secret for spamming, it
cannot be tracked back to him. This is a huge difference. Schemes in
which the user knows the SRS secret can only be used on small servers
with a very limited user base, but never for "real world" systems where
you arguably must not trust local users.
Surely large systems which don't trust their users will keep the SMTP
server on a separate system, and just share the .forward files
appropriately?
What makes you think this the case? In case of qmail, virtualdomains
are handled by .qmail files (.forward version of qmail), and these
files are edited via a web interface, say, by the virtualdomain
postmaster.
It strikes me that this is a problem for a "middle bracket" of systems.
Small systems trust the users. Large ones can keep the secret on a
separate system and just say "Use this formula".
You are still trusting the user with manipulating the file containing
the secrets. You need only one malicious (or just careless) user, the
whole server is an open relay through the user's account.
There is a middle bracket of systems which only have one host, but don't
trust the users.
I would not like to be responsible for such a system.
Are you bailing out? We need a system that can be simply implemented
on every possible system.
In theory, the MTA's mechanism for reading and processing .forward files
should be handling SRS anyway.
Which would be qmail-local in case of qmail, and it usually does run
on the same box where the users' inboxes and .qmail files are.
As I understand it, this question is only
even an issue for the "minimum interference" implementation of SRS.
Which question? What is the "minimum interference" implementation of SRS?
Mate
--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html