On Fri, 4 Jun 2004, Stuart D. Gathman wrote:
On Thu, 3 Jun 2004, Michael R. Brumm wrote:
Finally, I've thought a lot about SRS vs. SUBMITTER in the past few days.
SRS:
ugly
not exploitable
requires upgrading only the MTAs which forward
SUBMITTER:
pretty
bounce forgery is exploitable
requires upgrading ALL MTA which wants to receive a forward (much larger
pool)
You forgot:
Resurrecting Deprecated Reverse Source Path:
pretty
bounce forgery is exploitable (fixable with SES, btw. See suggestion for
validating SES via DNS instead of CBV.)
requires upgrading (or downgrading :-) only the MTAs which forward
You forgot:
exploitable.
--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/