[14880] in cryptography@c2.net mail archive
Re: yahoo to use public key technology for anti-spam
daemon@ATHENA.MIT.EDU (Victor.Duchovni@morganstanley.com)
Sun Dec 7 14:37:25 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 7 Dec 2003 12:00:38 -0500 (EST)
From: Victor.Duchovni@morganstanley.com
Reply-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
In-Reply-To: <5.1.0.14.2.20031206215537.00a20aa0@mail.comcast.net>
On Sat, 6 Dec 2003, Will Rodger wrote:
> Steve Bellovin wrote:
> >http://edition.cnn.com/2003/TECH/internet/12/05/spam.yahoo.reut/
>
>
> Does anyone have details? How much overhead would this entail?
>
To avoid replay attacks one needs to sign a string that is tied to a
specific message or time period and is invariant under forwarding through
various relays and gateways. The header and envelope sender and recipients
are often subject to rewriting, the Message-Id can be cloned. What exactly
would they have the sender domain sign.
I am skeptical that such a proposal can acquire any traction. Also curious
to see the details...
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
