Address->Mail signing, multiple signatures
David Woodhouse
dwmw2 at infradead.org
Sat Feb 28 00:12:37 GMT 2004
On Fri, 2004-02-27 at 12:40 -0500, Brian Candler wrote:
> Why not? Those are headers added by the MUA.
Generally by the _sender_ not the author. See the example in RFC2822.
> Why would you put a pubkey identifier in? I thought the point was that you
> would have to refer back to the DNS to find the public key.
Which DNS? There can be multiple signatures by multiple pubkeys.
> I remain to be convinced; I think unless an MUA is aware of this signing
> protocol, and is prepared to highlight the signed part in green and the
> unsigned part in flashing red, then it's a weakness which is far too easy to
> exploit.
The MTA can reject if there's too much, and many MTAs are quite capable
of the flashing red bit.
> S/MIME probably has something to say about how to handle MIME parts. The
> only transformations you can expect to have occured is likely
> Content-Transfer-Encoding (some MTAs do this, e.g. courier); I wonder if any
> MTA would attempt a character set transformation? Sounds like a dubious
> thing to do.
True, but that doesn't meant it would _surprise_ me :)
--
dwmw2
More information about the sender-auth
mailing list