On Sun, 6 Jun 2004, Roger Moser wrote:
In the thread "ENVID to prevent forged bounces with SUBMITTER?"
Stuart D. Gathman wrote:
I could use:
SES0=FEPOFORF=I6=user(_at_)foo(_dot_)com
Is that already some standard for SES?
An extract from a mail I sent to Stuart last night explaining why I am
reluctant to also standardise SES unnecessarily:
[Stuart writes:]
My next addition will be using SES0 as an optimization when the
incoming and outgoing domains are the same. I would like to see the
reference implementation standardize this.
[I reply:]
There is no advantage to doing this, since it doesn't actually create a
useful protocol which is different to SRS signing at the originator. It's
just another format to deal with in all the parsers.
Remember that there is the database forwarding system, SRS0 and SRS1, all
of which are truly required for the coherent operation of the world. Each
of these has to deal with the formats produced by each of the others. Thus
the introduction of any new format means that a large number of new cases
have to be written where any type of forwarder might receive a mail
generated by any other type of forwarder. It is therefore in our interests
to keep the number of formats as low as possible (3 is already large), and
thus the codebase as small as possible, unless there is a good reason to
do otherwise. With 3 formats, there are 9 cases (realistically, about 5).
With 4 formats, there are 16 (realistically about 8 or 9?).
[End quotation]
[Back to Roger Moser:]
Since only the original sender has to know the format used for the
signature, he could use any format.
This is true. However, there is some overall saving to using the SRS0
format since it informs any secondary forwarder that there is at least one
cryptographic stage before the user's inbox. The SRS design requires that
certain forwarders are preserved in the forwarding chain, and the rest may
be shortcut. The full explanation is at http://www.libsrs2.org/srs/srs.pdf
but a brief summary is:
* You can't shortcut the first hop.
* You can't shortcut the last hop.
* You can't shortcut any public forwarders[0] (they must use a database).
By disallowing the shortcutting of these stages, it becomes impossible for
a spammer to perform a joe job. If any one of these stages is shortcut, it
becomes immediately possible.
This is the reason for two SRS formats. SRS0 marks the first hop. SRS1
marks the last hop. Public forwarders will use something like
Mail::SRS::DB and may pretend to be an SRS0 hop.
(Currently my mail server signs the sender as follows:
localpart_i7a32kvp(_at_)example(_dot_)com
Since on my mail system the local part can be up to 55 characters, maximum 9
characters can be added.)
Please let me know what your mail system is, since I am maintaining a list
of systems which enforce the 64 character limit, and there is currently
only 1 (relatively rare) system on the list.
S.
--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/