Re: tmda: Challenge-response is fundamentally broken
On Wed, Aug 27, 2003 at 04:07:58PM +0300, Kalle Kivimaa wrote:
> Mark Brown <broonie@sirena.org.uk> writes:
> > You do realise that all parts of SMTP are generally completely
> > unauthenticated and can be trivially forged? A system like this has no
> > option but to work with unauthenticated data.
>
> Why cannot the C-R system issue the challenge during the SMTP session
> (respond with a reject containing the challenge)?
Read SMTP 2821, and find out for yourself. Hint: SMTP is intended to be
noninteractive, while this thing tries to get confirmation from a human
being.
--
Wouter Verhelst
Debian GNU/Linux -- http://www.debian.org
Nederlandstalige Linux-documentatie -- http://nl.linux.org
"Stop breathing down my neck." "My breathing is merely a simulation."
"So is my neck, stop it anyway!"
-- Voyager's EMH versus the Prometheus' EMH, stardate 51462.
Reply to: