[cap-talk] Mailkey works! (was: mailkey: transfer of accountability. Is this broken ?? should I start from scratch/horton ?)
Dean Tribble
tribble at e-dean.com
Fri Jun 1 20:59:14 EDT 2007
On 6/1/07, Mark Miller <erights at gmail.com> wrote:
>
> There was one critical fact about email that I hadn't known, that was
> preventing me from understanding your protocol. You are implicitly
> making use of the ability of Bob to compare
>
> alice+3a66fo at op.nu
>
> to
>
> alice+4d7fb1 at op.nu
>
> and conclude that they both communicate to the "same" entity, for some
> meaning of same. The comparison here needs the security properties of
> an authenticating grant-matching equality primitive (EQ), even though
> these represent two different capabilities which grant different
> authority.
Just a note: I think this is not a property of email and email addresses,
per se. The two alices above are two different recipients. It is a
feature/hack that is implemented by *destination* servers (and
not necessarily all of them). A receiving sendmail server tries the address,
and then tries the address without the part after the "+". This may
actually be important for the protocol: an *intermediate* MTA server is
buggy if it treats those two addresses as anything but simply distinct
addresses to the same domain.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20070601/03463d20/attachment.html
More information about the cap-talk
mailing list