On Thu, Feb 19, 2004 at 12:17:37AM +0000, Brian Candler wrote:
On Wed, Feb 18, 2004 at 04:03:44PM -0600,
mw-list-spf-discuss(_at_)csi(_dot_)hu wrote:
In particular, how can one avoid Eve to use an SRS-ed
envelope sender address as a return address to send spam?
Because Eve doesn't know the secret value used to generate the hash.
Bounces with invalid hashes are discarded. This is the whole point of the
cryptographic component.
Alice sends message to Bob. The message arrives to Bob with the
envelope sender address
srs0=hkjhkjhk=5J=alice(_dot_)com=alice(_at_)forward
Eve gets hold of this address, and sends a message to it (say, with <>
as envelope sender). Is there anything that prevents her from doing
this? How is it prevented that Alice receives Eve's message?
And then please talk about a generic implementation of cryptography:
why do you think hashes are fine to use here; then talk about secret
distribution and accessibility, etc.
Hashes are much simpler and faster to implement than public key
cryptography, but sufficient for the purpose here. The same secret key used
to sign a hash is used to verify it (but the systems which forward a message
and receive a bounce in reply to a forwarded message are either the same
system, or two systems under the same administrative control). The keys are
not distributed elsewhere.
I meant to see a threat analysis. It is suggested that secrets are
changed on a monthly basis, that each user has his own secrets. What
threats are dealt with here?
Mate
--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html