On Sat, 6 Dec 2003, Will Rodger wrote:
> Steve Bellovin wrote:
> >http://edition.cnn.com/2003/TECH/internet/12/05/spam.yahoo.reut/
>
>
> Does anyone have details? How much overhead would this entail?
>
To avoid replay attacks one needs to sign a string that is tied to a
specific message or time period and is invariant under forwarding through
various relays and gateways. The header and envelope sender and recipients
are often subject to rewriting, the Message-Id can be cloned. What exactly
would they have the sender domain sign.
I am skeptical that such a proposal can acquire any traction. Also curious
to see the details...
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
