[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Conflict between spec's



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The current E2E spec (Sections 3.1.2 and 3.2.3) states that only partial
'From' headers are (optionally) allowed.  'Reply-To' headers are not
included in the allowed headers list.

In the nym spec (Section 1.3):-
 - Receiving mail from nyms and sending mail to nyms should be
   completely transparent to a non-anonymous user; mail from a
   nym to a recipient should appear to originate from a standard
   mailbox, and mail to a nym should be deliverable with standard
   MUAs.

Because mixminion doesn't allow 'From' or 'Reply-To' headers, the
recipient of a nym message is unable to reply to it using conventional
means.  They must copy the originating address from the message body and
paste it into the headers of their reply.  If the user neglects to do
this by just hitting "Reply", then the message will be sent to an
invalid address.

This seems a tricky conflict to resolve.  Nym messages *should* be
replyable to, but allowing freely configurable 'From' or 'Reply-To'
headers in non-nym messages is often used to forge the addresses of
other people.

One solution would be to allow mixminion servers to whitelist certain
domains in the 'From' header, where those domains are nymservers,
although this may introduce partition problems if all servers don't
maintain a common whitelist.  Perhaps this could be resolved by
directory sources supplying the list of current nym domains?  This would
reduce the abuse issue to one nym user forging the address of another
nym user.

In a perfect world, the servers would ensure that the 'From' address in
the message is really that of the nymuser.  I'm not sure if this is
possible.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFECDaItHGA1SKHYecRAl5SAJ9zepYNPsJWyYrTctvTGuJaILOeLgCgyCOf
o3TVDt/L/5IRfMoSpk1F5k0=
=ozE3
-----END PGP SIGNATURE-----