Re: [exim] batv expiry time

On Mon, 2007-07-30 at 14:39 +0100, Mike Cardwell wrote:
> Mike Cardwell wrote:
>
> > Is my understanding correct? If so, what is the amount of time until
> > expiry? I can't see anywhere to configure this so I'm guessing I've
> > either misunderstood how it works, or the value is hardcoded and
> > unchangable?
>
> Ok. I dug through expand.c and found what looked like the right place.
> Seems to be hardcoded to 7 days. I just skipped my system date forward 6
> days and 8 days respectively to test this, and it is confirmed.

That's where I found it too, and the same number I discovered.

> I think this information belongs in the documentation somewhere?
>
> > Also, in the examples I've seen in the documentation and on the wiki
> > there are different, "secrets", for each sender address. Is that
> > necessary? I don't see the logic behind it...
>
> I'd still like an answer on this one if possible?

I always thought that the example in the spec.txt was over-kill.
Something that would be deployed on a server that allowed each user to
individually enable BATV for their self, and select their own hash key.

I just went with a single macro defined secret in my conf and enabled
BATV for one entire domain.

I suppose having the same one-way hash performed for all users could
possible provide more information to someone wanting to forge your BATV
return-path. But what would that gain them? The ability to send your
users bounces? BATV is not externally verifiable so forging it does not
allow someone to impersonate your server to anyone but your own server.
That coupled with the time it would take to brute force the secret from
the hash (even with multiple samples) really makes it seem pretty safe
to use the same secret domain-wide.