Re: Signed Envelope Sender: SRS on steroids2004-02-27 17:08:25On Fri, 2004-02-27 at 18:40 -0500, Meng Weng Wong wrote: So you don't have to worry about forgery; you just have to keep the secret safe. But you do have to worry about replay attacks. As with SRS, we include a timestamp in the address. The replay attack _does_ exist, but is severely limited by that. You're right that a specific address could theoretically be invalidated _before_ its time has expired, but I suspect that would normally be impractical. -- dwmw2
|
|