Hello!
On Wed, Dec 01, 2004 at 05:43:50PM +0000, Mark wrote:
[...]
AFAIR, you're using the SRS format for what amounts to something
equivalent to non-digest SES,
That would be a correct assessment.
Okay.
just with more overhead (you encode your
domain twice IIRC, once in the real domain position, once in the
original-domain part of the SRS additions).
I.e. you use
SRS0+aaaa=bb=asarian-host(_dot_)net=user(_at_)asarian-host(_dot_)net,
if I'm right (aaaa and bb being the "signature" and timestamp).
I'm not sure what you mean by encoding 'twice', though. The RHS of the
address is essentially just slapped on as the name of the forwarding
domain, so as to form a real email address.
But it is a little known fact, that, as far as encoding/decoding is
concerned, the RHS domain name of an SRS address is totally irrelevant!
"SRS0=GVNzlx65=OR=asarian-host(_dot_)net=admin(_at_)example(_dot_)com" will
'reverse' just
the same as something with my real domain (if you have the secret, of
course). The encoding is all in the LHS of the address. But you cannot
send out LHS parts-only, of course. :)
Yes, I understand this.
I wanted to refer to the redundancy of your specific usage of SRS
for non-forwarding (i.e. the hostname in the SRS part equals the
"forwarder" hostname after the @).
Compare e.g. the SES format of "unique signatures":
S=XXXXXXX=admin(_at_)asarian-host(_dot_)net
(According to Working SES Format Definition 06, which is not current,
but I don't expect really *substantial* changes pertaining to this
argument. ok, it'd be =VXXXXXXX=local-part(_at_)domain, with X being some
time dependant "signature" and V an identifier for the exact validation
method used; not having a marker that it's SES is still under discussion
on the SES list as far as I see.)
Kind regards,
Hannah.