On Tue, 13 Nov 2007 18:32:49 PST, Douglas Otis said: > Message content offers little assurance of its origination. Where to > reach for the message is more significant. The TBR extension offers > both an assured last hop IP address and a domain of origination. > Often the origination of content is more important than the results > of a scanning process. Receivers would be foolish to trust the > results of content scanning alone.
OK. Let me get this straight. We get an inbound connection from a possibly dodgy source address, like a probably compromised cablemodem box, and we then take the address *they provide us* and use that as some sort of "verification"? What's wrong with this picture? (Hint - what are the chances that a hypothetical connection from said abused cablemodem, if it uses TBR, will point at either the *same* address, or yet another abused cablemodem? Consider the use of fast-flux DNS changers when you ponder this - there's no reason why you won't find that tbr-server.fast-flux-r-us.com *won't* point at a cablemodem.)
pgpzFvg8MpJWq.pgp
Description: PGP signature
