On 7/26/2018 9:19 PM, Stephen J. Turnbull wrote: > Jordan Brown writes: > > > Well, yeah, but to provide such a service in a way that has any > > resemblance to being secure, Intuit *must* have some secret that allows > > it to send mail "from" those subdomains. If Intuit doesn't need such a > > secret, then anybody could send mail like that. > > Sure, but (1) anyone can send mail like that anyway (and they do),
Wasn't this in the context of signature-checking schemes that detect forged origin metadata? > (2) the customers will (well, should) be checking invoices against their > own purchasing records before they pay, and (3) after the vendor > identifies Intuit as its billing agent, Intuit's own signature will do > the trick. So the vendor has to notify their customers who they use to do their billing, and every time that they change billing vendors? Ofttimes, the goal is that the billing vendor is completely invisible to the end customer. I'm buying something from FrobozzCo; I should see e-mail that comes from FrobozzCo (in a verifiable way), web pages that say FrobozzCo and frobozzco.com, and the entry on my credit card statement should say FROBOZZCO. The fact that FrobozzCo uses Intuit is none of my business and should be totally hidden from me. Having your billing vendor be visible is, like having your company e-mail address be @gmail.com, a mark of a tiny company that hasn't really figured out how to make its business work. > Securing a small number of own keys that get rotated on a schedule is > one thing, securing a database of others' keys that regularly gets > updated and multiple regular employees need access to is going to be > quite another. Not anywhere near as hard as it is for a full-scale e-mail vendor. Google secures a database of millions of users' secrets, and must have internal and external controls that keep the wrong people from sending mail that pretends to come from those users. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
