On Sat, Feb 21, 2004 at 01:52:13AM +0000, Mark wrote:
> We have been talking about the SRS secret of late. I am many things, but not
> a cryptographic hero. :) So, feel free to correct my thinking. But I was
> wondering the following:
>
> Let's say "MaxAge" is set at 4 days. If the secret is to be changed, at
> intervals, would that not imply that ALL returned SRS addresses, from that
> moment on, are immediately invalid? Or do they remain valid until their
> initial expiration time? In concreto, would a "reverse ()" on an address
> with the old secret still be valid?
I can't comment on any specific implementation of SRS, but in general, if
you are changing the secret on a system like this you need a parallel
running period where both old and new secrets are accepted.
e.g. if you are stamping messages with a 7-day expiry, and you change the
secret from X to Y for outgoing messages, then for the next 7 days you need
to accept incoming bounces signed with either X or Y. After that you can
forget about X.
> If not, then there is, of course, a slight problem, in that changing the
> secret effectively nullifies the expiration date on all addresses that were
> already sent out.
Absolutely.
> Though I have no immediate need to change the secret (why
> would I?), still, I wonder how to deal with this should it become necessary.
Yep. Changing it when a sysadmin who knows the secret has left the company,
or once a year anyway to be on the safe side, would be a wise precaution.
Regards,
Brian.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com
> We have been talking about the SRS secret of late. I am many things, but not
> a cryptographic hero. :) So, feel free to correct my thinking. But I was
> wondering the following:
>
> Let's say "MaxAge" is set at 4 days. If the secret is to be changed, at
> intervals, would that not imply that ALL returned SRS addresses, from that
> moment on, are immediately invalid? Or do they remain valid until their
> initial expiration time? In concreto, would a "reverse ()" on an address
> with the old secret still be valid?
I can't comment on any specific implementation of SRS, but in general, if
you are changing the secret on a system like this you need a parallel
running period where both old and new secrets are accepted.
e.g. if you are stamping messages with a 7-day expiry, and you change the
secret from X to Y for outgoing messages, then for the next 7 days you need
to accept incoming bounces signed with either X or Y. After that you can
forget about X.
> If not, then there is, of course, a slight problem, in that changing the
> secret effectively nullifies the expiration date on all addresses that were
> already sent out.
Absolutely.
> Though I have no immediate need to change the secret (why
> would I?), still, I wonder how to deal with this should it become necessary.
Yep. Changing it when a sysadmin who knows the secret has left the company,
or once a year anyway to be on the safe side, would be a wise precaution.
Regards,
Brian.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com