spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Signed Envelope Sender: SRS on steroids

2004-02-27 17:08:25
from [David Woodhouse] [Permanent Link] 
On Fri, 2004-02-27 at 18:40 -0500, Meng Weng Wong wrote:

So you don't have to worry about forgery; you just have to keep the
secret safe.

But you do have to worry about replay attacks.


As with SRS, we include a timestamp in the address. The replay attack
_does_ exist, but is severely limited by that.

You're right that a specific address could theoretically be invalidated
_before_ its time has expired, but I suspect that would normally be
impractical.

-- 
dwmw2
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Signed Envelope Sender: SRS on steroids, Meng Weng Wong
Next by Date:  Re: Re: Possible SPF machine-domain loophole???, Hector Santos
Previous by Thread:  Signed Envelope Sender: SRS on steroids, Meng Weng Wong
Next by Thread:  Re: Signed Envelope Sender: SRS on steroids, Mark
Indexes:  [Date] [Thread] [Top] [All Lists]