https://bugzilla.wikimedia.org/show_bug.cgi?id=46640

--- Comment #10 from Chris Steipp <cste...@wikimedia.org> ---
(In reply to Faidon Liambotis from comment #5)
> The way to avoid fake bounces DoSing a user would be to use a
> bounce-<hash>@wikimedia.org return path address with <hash> either being a
> random, stored token or one that is the output of a symmetrical encryption
> function, encrypt(email, secret). I'm sure Chris Steipp will have multiple
> good ideas about that :)

You would need a random IV, nonce/timestamp (prevent replay), and some sort of
checksum (prevent tampering), but yeah, it's doable.


(In reply to Nemo from comment #6)
> Sounds like an endorsement/proposal for Chris to be a (co-)mentor? ;-)
> Chris, are you interested in soliciting students work in this area? If yes,
> who could be interested mentoring?

Sadly, I probably don't have time to co-mentor this year. I'm fine advising of
the design for security, but I've got too many things going on right now.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to