On Mon, 2004-02-23 at 17:23 -0600, Seth Goodman wrote:
> Here is a revised approach for fixing the open-relay problem that has
> been pointed out,
I think you may have hit on a better answer in another forum, where you
suggested private/public key encryption could be used to generate
one-time addresses.
If an SRS0+... address contains a hash which is signed by a private key,
and the corresponding public key is in the DNS, then a third party can
_easily_ verify that it's a real SRS0+ address from a domain which is
really doing SRS, and not an attempted attack.
If you mandate that SRS1+... addresses should only be rewritten back to
SRS0+... addresses if the hash is verified against the pubkey in DNS,
you've basically fixed the relaying problem, haven't you?
--
dwmw2
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com
> Here is a revised approach for fixing the open-relay problem that has
> been pointed out,
I think you may have hit on a better answer in another forum, where you
suggested private/public key encryption could be used to generate
one-time addresses.
If an SRS0+... address contains a hash which is signed by a private key,
and the corresponding public key is in the DNS, then a third party can
_easily_ verify that it's a real SRS0+ address from a domain which is
really doing SRS, and not an attempted attack.
If you mandate that SRS1+... addresses should only be rewritten back to
SRS0+... addresses if the hash is verified against the pubkey in DNS,
you've basically fixed the relaying problem, haven't you?
--
dwmw2
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com