And including the private key in the auto-response sounds a bit daft too
AccuSpam wrote:
I agree. It should be changed to request mechanism, where the MUA does
a request over secure channel such as HTTPS. Will modify the specification.
I wrote too quickly. On further thought, this can not be changed, because the
access to the mailbox is the only assurance of trust SenderKeys has that the
MUA is the sender's MUA.
This is one of the weaknesses of SenderKeys. However, what is the potential
for abuse? The necessary security precautions are partially addressed in the
"Mailbox Passwords" section:
http://accuspam.com/senderkeys.php#passwords
Of course as long as the transmission over SMTP is not secure, then private keys
could be sniffed, but the authority can update (change) the private key any
time,
and should probably do so periodically as both a security precaution and part
and
parcel to the escalating enticement mechanism:
http://accuspam.com/senderkeys.php#enticement
that works to insure that affected sender upgrades all of his MUA to SenderKeys.
A MUA should read the mailbox before sending to avoid sending with an old key.
Thanks,
Shelby