[ On Tue, June 17, 1997 at 10:40:47 (+0100), Philip Hazel wrote: ]
> Subject: Dates and expiring addresses
>
> considered irresponsible. I am at the moment leaning towards cutting out
> this code from the next release, but would like to know what others
> think about this. Views?
I'd lean towards the opaque cookie idea. Open use of a date is an
invitation for trouble, and no ammount of simple obfuscation will be of
any benefit. Unfortunately a cryptographically secure cookie might
need to be quite long and completely un-typable. A very short key, no
matter how well encrypted, will be easy to break, esp. if it's used by a
bunch of people with the same algorithm. In any case this seems like a
solution crying out for a problem. Better filters would seem to be a
much better solution to the real problem.
--
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>
