Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Thu, 4 Sep 2003 18:32, david nicol wrote:
> I've been trying to popularize a centralized challenge-response
> database since last fall. It seems to me that becoming a debian
> package maintainer for the software to use it would make sense.
>
> Unlike TMDA's distributed profusion of extended addresses, a
> central RAPNAP (return address, peer network address pair) database
> only needs to send out a challenge when you change your outgoing
> SMTP server. In effect, a central server caches challenge responses,
> so individual challenges are no required all the time.
Interesting idea. A spammer then only has to respond to a challenge once and
they can then spam thousands of people.
For challenge response to work it has to be annoying to lots of people.
Anything that stops it being annoying will stop it working. That's why it is
broken.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: