[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tmda: Challenge-response is fundamentally broken

Mark Brown <broonie@sirena.org.uk> writes:
> The part where SMTP is completely unauthenticated means that this
> doesn't help - the SMTP envelope sender can be forged just as easily as
> the From: inside the message.

You're right, I forgot to say that the idea only applies to
non-relayed mail where the other end is the originator. Forging the
TCP connection is more difficult than simple header forgery.

-- 
*        A man's only as old as the woman he feels. (Groucho Marx)        *
*           PGP public key available @ http://www.iki.fi/killer           *
Reply to: