The only time it's a security issue is if more than one email account shares the same crypt_key. The only reason you would want to share the same crypt key amoung email accounts would be to enable this very feature.
I definitely don't see it as a defect. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Brian > Sent: Thursday, October 21, 2004 3:01 PM > To: [EMAIL PROTECTED] > Subject: Re: Using TMDA to protect my son's email? > > > Mark-- > > I stand corrected. Seems like a security issue that should be > addressed in dated address generation. > > --Brian > > On Thu, Oct 21, 2004 at 04:32:52PM -0400, Mark Horn wrote: > > On Thu, Oct 21, 2004 at 02:10:02PM -0500, Brian wrote: > > > I believe dated addresses contain a hash generated using your > > > crypt_key, as well as the sender e-mail address and date. > > > > No, they don't. The hash in a dated adress is calculated using > > crypt_key and the dated portion of the address only. Everything else > > is ignored. E.g.: > > > > $ tmda-address -d > > [EMAIL PROTECTED] > > $ tmda-check-address [EMAIL PROTECTED] > > STATUS: VALID > > EXPIRES: Thu Oct 21 20:29:29 2004 UTC > > $ tmda-check-address [EMAIL PROTECTED] > > STATUS: VALID > > EXPIRES: Thu Oct 21 20:29:29 2004 UTC > > > > So if I share my crypt_key with my son, the first example > > demonstrates how you'd use one of my dated addresses to send > > email to my son. (Assuming of course, that his email address is > > [EMAIL PROTECTED] - which it isn't.) > > > > The second example is simply there to demonstrate that the only > > portion of the email address that the hash uses is the date. > > > > Cheers, > > - Mark > > _____________________________________________ > > tmda-users mailing list ([EMAIL PROTECTED]) > > http://tmda.net/lists/listinfo/tmda-users > > > _____________________________________________ > tmda-users mailing list ([EMAIL PROTECTED]) > http://tmda.net/lists/listinfo/tmda-users > _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
