Mailing List Archive: Sender Rewriting Scheme and open relays.

Sender Rewriting Scheme and open relays.

Feb 25, 2004, 6:29 AM

Post #1 of 3 (3283 views)

On Mon, 2004-02-23 at 17:23 -0600, Seth Goodman wrote:
> Here is a revised approach for fixing the open-relay problem that has
> been pointed out,

I think you may have hit on a better answer in another forum, where you
suggested private/public key encryption could be used to generate
one-time addresses.

If an SRS0+... address contains a hash which is signed by a private key,
and the corresponding public key is in the DNS, then a third party can
_easily_ verify that it's a real SRS0+ address from a domain which is
really doing SRS, and not an attempted attack.

If you mandate that SRS1+... addresses should only be rewritten back to
SRS0+... addresses if the hash is verified against the pubkey in DNS,
you've basically fixed the relaying problem, haven't you?

--
dwmw2

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

Re: Sender Rewriting Scheme and open relays. [ In reply to ]

daniel at roe

Feb 25, 2004, 6:50 AM

Post #2 of 3 (3142 views)

Permalink

David Woodhouse <dwmw2@infradead.org> [2004-02-25/13:29]:
> If an SRS0+... address contains a hash which is signed by a private
> key, and the corresponding public key is in the DNS, then a third
> party can _easily_ verify that it's a real SRS0+ address from a domain
> which is really doing SRS, and not an attempted attack.

There might be some potential practical problems with this approach.

First, a signature is significantly larger than a hash (HMAC), and I see
no way you could shorten the signatures the way you can HMACs. It'll be
difficult to get a rewritten address with signature to fit into a 64
chars case insignificant local part.

Second, public key crypto is rather expensive in terms of CPU cycles.

Cheers,
Dan

--
Daniel Roethlisberger <daniel@roe.ch>
GnuPG key ID 0x804A06B1 (DSA/ElGamal)

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

Re: Sender Rewriting Scheme and open relays. [ In reply to ]

dwmw2 at infradead

Feb 25, 2004, 6:56 AM

Post #3 of 3 (3156 views)

Permalink

On Wed, 2004-02-25 at 14:50 +0100, Daniel Roethlisberger wrote:
> David Woodhouse <dwmw2@infradead.org> [2004-02-25/13:29]:
> > If an SRS0+... address contains a hash which is signed by a private
> > key, and the corresponding public key is in the DNS, then a third
> > party can _easily_ verify that it's a real SRS0+ address from a domain
> > which is really doing SRS, and not an attempted attack.
>
> There might be some potential practical problems with this approach.
>
> First, a signature is significantly larger than a hash (HMAC), and I see
> no way you could shorten the signatures the way you can HMACs. It'll be
> difficult to get a rewritten address with signature to fit into a 64
> chars case insignificant local part.
>
> Second, public key crypto is rather expensive in terms of CPU cycles.

Both true. Such a scheme allows brute force attacks too, without any
need for an oracle.

--
dwmw2

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com