[Mimedefang] Reputation Reporting Protocol submitted to IETF as an I-D

David F. Skoll dfs at roaringpenguin.com
Sat Jun 19 09:59:54 EDT 2010

- wrote:

> I can say this right off: Encoding the timestamp as an integer with
> an anchor year is going to be a problem (e.g in 2038 or 2106)
> requiring a future version upgrade.

No, it's not.

We are not encoding the timestamp.  If you read the RFC carefully, you'll
see that we're encoding the low-order 32 bits of the timestamp.  The *only*
purpose of that field is to help detect and fend off replay attacks.

If an attacker wants to hold onto a packet for 2^32 seconds (~136
years) and then reinject it... well yeah, we don't protect against

> Maybe you don't care about the 27-year timebomb you're giving yourself.

Absolutely we don't care; see above.

> IP-address-types: Consider adding as a separate value "spamtrap"
> that occurs as a result of delivery to a spamtrap address.

IMO, that's the same as AUTO-SPAM, but I suppose we could add another TYPE

> Section 8 - Example Report: Should use an IPv6 address from the
> documentation prefix (2001:DB8::/32) instead of a live address.

OK; I'll fix that in the next version.

-- David.

More information about the MIMEDefang mailing list