--- Comment #10 from Chris Steipp <> ---
(In reply to Faidon Liambotis from comment #5)
> The way to avoid fake bounces DoSing a user would be to use a
> bounce-<hash> return path address with <hash> either being a
> random, stored token or one that is the output of a symmetrical encryption
> function, encrypt(email, secret). I'm sure Chris Steipp will have multiple
> good ideas about that :)

You would need a random IV, nonce/timestamp (prevent replay), and some sort of
checksum (prevent tampering), but yeah, it's doable.

(In reply to Nemo from comment #6)
> Sounds like an endorsement/proposal for Chris to be a (co-)mentor? ;-)
> Chris, are you interested in soliciting students work in this area? If yes,
> who could be interested mentoring?

Sadly, I probably don't have time to co-mentor this year. I'm fine advising of
the design for security, but I've got too many things going on right now.

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to