Re: return-path security
Chris Newman <Chris.Newman@innosoft.com> Tue, 05 August 1997 21:53 UTC
Received: from cnri by ietf.org id aa01824; 5 Aug 97 17:53 EDT
Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by cnri.reston.va.us (8.8.5/8.7.3) with ESMTPid RAA14578; Tue, 5 Aug 1997 17:51:21 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.5/8.7.3) id OAA12653 for ietf-822-bks; Tue, 5 Aug 1997 14:31:27 -0700 (PDT)
Received: from THOR.INNOSOFT.COM (SYSTEM@THOR.INNOSOFT.COM [192.160.253.66]) by mail.proper.com (8.8.5/8.7.3) with ESMTP id OAA12649 for <ietf-822@imc.org>; Tue, 5 Aug 1997 14:31:23 -0700 (PDT)
Received: from eleanor.innosoft.com ("port 55360"@ELEANOR.INNOSOFT.COM) by INNOSOFT.COM (PMDF V5.1-8 #8694) with SMTP id <01IM319RWZQC8Y4WTL@INNOSOFT.COM> for ietf-822@imc.org; Tue, 5 Aug 1997 14:34:34 PDT
Date: Tue, 05 Aug 1997 14:36:24 -0700
From: Chris Newman <Chris.Newman@innosoft.com>
Subject: Re: return-path security
In-reply-to: <19970805202814.28694.qmail@koobera.math.uic.edu>
To: ietf-822@imc.org
Message-id: <Pine.SOL.3.95.970805134857.21746B-100000@eleanor.innosoft.com>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset="US-ASCII"
Originator-Info: login-id=chris; server=thor.innosoft.com
Sender: owner-ietf-822@imc.org
Precedence: bulk
On Tue, 5 Aug 1997, D. J. Bernstein wrote: > The mailing list hides the return path, so the cookie isn't broadcasted > to the mailing list. Of course, it's available in mail logs, but logs > aren't public on well-run hosts. It's available to sniffers, but in any > case the number of possible attackers has been drastically reduced. This > is one of the most effective low-cost security mechanisms. If the cookie is constant, this provides a mechanism with slightly worse security than plaintext password logins, which are discouraged by the IESG/IAB currently. If the cookie is something like an HMAC-SHA1 computed over a timestamp in the message and a secret, this is pretty cool but worthless without interoperability between the MUA and MLM (thus requiring a standard). > The main problem in practice is that, for many people, putting extra > information into the return path is not as trivial as you claim. Most modern MUAs have a text box in a preferences dialog to enter the return path/sender/default from. This does make it trivial to generate a single message with any given return path, but is too cumbersome to routinely change the return path. A subaddress standard would encourage MUA authors to allow subaddresses to be specified on a per-message basis or, even better, get the subaddress from the personal address book for list postings. So I conclude that a subaddress standard could make your technique more usable down the road. - Chris
- return-path security D. J. Bernstein
- Re: return-path security Chris Newman