dwmw2 at infradead
Feb 25, 2004, 6:56 AM
Post #3 of 3
On Wed, 2004-02-25 at 14:50 +0100, Daniel Roethlisberger wrote:
Re: Sender Rewriting Scheme and open relays.
[In reply to]
> David Woodhouse <dwmw2 [at] infradead> [2004-02-25/13:29]:
> > If an SRS0+... address contains a hash which is signed by a private
> > key, and the corresponding public key is in the DNS, then a third
> > party can _easily_ verify that it's a real SRS0+ address from a domain
> > which is really doing SRS, and not an attempted attack.
> There might be some potential practical problems with this approach.
> First, a signature is significantly larger than a hash (HMAC), and I see
> no way you could shorten the signatures the way you can HMACs. It'll be
> difficult to get a rewritten address with signature to fit into a 64
> chars case insignificant local part.
> Second, public key crypto is rather expensive in terms of CPU cycles.
Both true. Such a scheme allows brute force attacks too, without any
need for an oracle.
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2