On Wed, Feb 11, 2004 at 09:36:49AM -0600, wayne wrote:
You shouldn't leak what crypto system you have chosen to use in your
SRS system any more than you should leak any of your private key.
On the contrary, it should not be left up to users/admins what to use.
Specify one crypto system which is considered secure by the experts,
and demand that.
Perhaps Chapter 6 of "Secure programming cookbook" is an appropriate
reading. The comparison table on page 256 shows that SHA-1 is only
20% slower than MD5.
MD5 is strongly advised against here or in other books (like
"Practical cryptography").
But again, the much more important problem is the exact specification
of SRS. At this point, it seems to be changing all the time, and does
not address key questions like
At which point is an MTA supposed to implement SRS (smtp, local
delivery)? For example, people always talk about SRS, but it is not
clear at all when, how, who and what will take care of checking an
_incoming_ message's recipient address. How are bounces to be
recognized? In particular, how can one avoid Eve to use an SRS-ed
envelope sender address as a return address to send spam?
And then please talk about a generic implementation of cryptography:
why do you think hashes are fine to use here; then talk about secret
distribution and accessibility, etc.
It is not very useful to produce dozens of versions of the SRS script.
Instead, give a clear description of the forward and backward
transformation. Then the actual string transformation script is
trivial to implement for experimentation.
Once the transformation is described, explain what each part of the
transformed address should mean for an MTA, and what to do with them.
Mate
--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html