Loren Wilton wrote:
It occurs to me to wonder how C/R is supposed to establish
communications between two users of C/R systems.
You send a message to X. His C/R system, not knowing you, doesn't
deliver the mail to X, it sends a challenge back to you.
Your C/R system, not knowing X, sends him a C/R message, demanding he
jump through hoops to send YOU a C/R message.
His system recieves the C/R message from your system. Not knowing you,
it sends you a C/R message...
While this is good for bandwidth providers that charge by the bit, it
isn't clear to me how you establish communications.
Perhaps the original sender calls the recipient on the phone and asks to
be pre-authorized to break the loop?
Not that I'm defending C/R systems, as I dislike them, but, I believe
the above is solved by C/R systems that whitelist outbound messages.
So:
1) you send message to X, and your C/R system whitelists X.
2) X's C/R system gets the message, holds it, and sends you a Challenge
3) your C/R system lets the Challenge through because you whitelisted X.
4) you handle the challenge however you want to.
Of course, this depends on X using the a sender address for his
Challenges that matches the recipient address, and that said recipient
address wasn't munged along the path. Any kind of modification due to
masquerading, non-transparent forwarding, etc., will keep that from working.
