On Friday 03 November 2006 16:08, Julian Mehnle wrote:
Scott Kitterman wrote:
Julian Mehnle wrote:
Oh, in fact it's pretty simple. Just have the "downstream" (to-be-
configured) MTA generate a one-time password and have the user enter it
into the "upstream" MTA's "hand-over-configuration-details" interface.
The upstream MTA then includes the one-time password when sending its
configuration mail to the downstream MTA, which can then verify that it
is really the user who authorized the white-listing of the upstream
MTA.
I think you and I have different definitions of simple.
Now I have some basis to believe you aren't lying about who you are, but
I don't see how that translates into I believe you when you promise you
already checked SPF and I needn't bother?
I think this needs reputation and/or accreditation to work. Not simple.
Remember that we're (or at least, I am) talking just about automating the
white-listing of one's own forwarders. If you say you don't trust them to
be doing SPF checks when they say they are, then that's a problem that the
market will have to solve. Don't use a forwarding service you don't
trust. After all, they could do _anything_ with your personal mail...
OK. I thought we were discussing a more general inter-ESP protocol to
minimize the DoS risk associated with multiple queries for the same message
in a chain of forwarders set up by the attacker.
Agreed. That is simpler than what I was thinking it would be.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735