On Fri, Feb 27, 2004 at 11:14:38PM +0000, David Woodhouse wrote:
|
| I'm currently experimenting, as I believe I already mentioned, with SRS
| on my _own_ outgoing mail, coupled with rejecting bounces to my 'raw'
| email address.
I'm calling this SES, for Signed Envelope Sender.
If you take a step back you'll see it's the logical extension of a
pattern that goes like this:
signature in the message body, unstructured: PGP mark 1
signature in the message, structured in MIME: S/MIME
signature in the message headers: Domainkeys
signature in the envelope: SES
It's a little bit like VERP and and TitanKeys and TMDA, except that the
tags aren't just plaintext but are cryptographically generated with a
secret.
So you don't have to worry about forgery; you just have to keep the
secret safe.
But you do have to worry about replay attacks.
If a spammer gets their hands on your SES address, they can forge that
address in spam, and implicate you, and we're back where we started.
Except, of course, that if your MTA possess some alacrity, and if
receiver MTAs are dutifully holding up their end by doing CBV, then you
have some chance of invalidating the address before it gets used too
widely.
So the pros and cons can be debated; it requires more adoption by a
different sector, the sender MTAs and ISPs; but that may not be so bad.