https://bugzilla.wikimedia.org/show_bug.cgi?id=46640
--- Comment #10 from Chris Steipp <[email protected]> --- (In reply to Faidon Liambotis from comment #5) > The way to avoid fake bounces DoSing a user would be to use a > bounce-<hash>@wikimedia.org return path address with <hash> either being a > random, stored token or one that is the output of a symmetrical encryption > function, encrypt(email, secret). I'm sure Chris Steipp will have multiple > good ideas about that :) You would need a random IV, nonce/timestamp (prevent replay), and some sort of checksum (prevent tampering), but yeah, it's doable. (In reply to Nemo from comment #6) > Sounds like an endorsement/proposal for Chris to be a (co-)mentor? ;-) > Chris, are you interested in soliciting students work in this area? If yes, > who could be interested mentoring? Sadly, I probably don't have time to co-mentor this year. I'm fine advising of the design for security, but I've got too many things going on right now. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
