Re: [hylafax-users] Routing faxes to other fax servers based on phone number

[Joe Phillips <jaiger@acm.org>]

I wasn't only talking about the broken-ness of email-to-fax systems but
also email as a whole.  SMTP has little to no authentication built in.
It's a store and forward system where the relays basically accept email
from just about any other relay, headers can be easily forged, an open
relay is easy to configure and exploit.

In designing a HylaFAX least-cost-routing solution, we should be aware
of these problems and try to learn from them.

I wonder if we should consider integrating crypto into such a solution.
Say for example, we only allow signed fax jobs to enter the network.  Servers
have public/private keys assigned, etc.

it can get complicated.

-joe

On Thu, Mar 21, 2002 at 09:18:08PM -0800, Lee Howard wrote:
> On 2002.03.21 18:46 Joe Phillips wrote:
> > 
> > There would be a trust and authentication problem.  I've been thinking
> > about this for a while.  Basically, if we have servers forwarding
> > fax jobs around you get something like the email model.  We all know
> > how broken that is.
> 
> The e-mail models which allow the submitting client to define the job 
> owner are all broken, as you've said, because they open the door wide-open 
> for abuse of that capability, such that the system superuser must delete 
> the actual queue files unless he has an unrequired admin account.  For 
> those who develop web faxing or email-to-fax mechanisms we've suggested 
> building forward and reverse authentication into the client application.  
> Again, I tend to think that this networked-HylaFAX-server scenario is 
> something that is the client's responsibility again.

-- 
     Innovation Software Group, LLC - http://www.innovationsw.com
               Custom Internet and Computer Solutions
                   Linux, UNIX, Java Training

____________________ HylaFAX(tm) Users Mailing List _______________________
 To unsub: mail -s unsubscribe hylafax-users-request@hylafax.org < /dev/null