Re: forged bounces, was [Asrg] A CAPTCHA that automatically

[Dave Crocker <dhc at dcrocker.net>]

> >  That's exactly the point.  DK, or any other signature system, puts
> >  all of the message's state in the message itself, so the sending
> >  host can then forget about it.  Anything that requires that the
> >  sending host remember all the mail it's sent adds vast complication.
> >
>  This is exactly the problem with SES and why I told them its not workable
>  large-scale, although otherwise its good idea.
>
>  BTW - the same is also true for BATV (in fact the technologies are really
>  identical except SES allows for public dns verification server and BATV
>  its all private).


Even with John's posting to correct this mis-statement, it appears the
point was missed:  BATV places the state information into the message.  It
does NOT require the BATV creator or interpretor to retain state
externally.

(BATV allows alternative algorithms.  If someone wants to go use the BATV
syntax and design a scheme that DOES require external state retention,
then, well, yes that scheme would require external state retention.
However the documented scheme does not, nor does the one envisioned using
public keys.)

Therefore, the statement: "the same is also true for BATV" is incorrect.

  d/
  ---
  Dave Crocker
  Brandenburg InternetWorking
  +1.408.246.8253
  dcrocker  a t ...
  WE'VE MOVED to:  www.bbiw.net



_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg