From: SM <sm...@re...> - 2004-07-06 03:20:53
|
Hi Jose, At 09:10 05-07-2004, Jose Marcio Martins da Cruz wrote: >But what's the logic about re-signing ? I was thinking about and it seems >to me If the headers are modified, the message has to be re-signed, else the signature verification will fail. >that some server decides to re-sign a message, it shall : >- replace the "From" header That can only happen in a border scenario where mail is leaving the originator's network. This does not apply to mailing lists (MLM). For MLM, the List-Id: header might be used instead of the From: header. >- remove all previous signature as, original signer may not agree to > maintain it's signature after the message being re-signed. The draft specifications mention having only one signature IIRC. >Also, I was thinking on how to deploy DomainKeys here. dk-filter >is enough as a final solution - some years from now. But now, DomainKeys >may be used only : >- to whitelist some messages signed by friends DK provides a way to ensure a level of "trust". >- to charge messages with bad signatures. The average user see the From: header only and assumes that the email was sent from the domain part of the sender's address. DK can foil some of the usual scams where the From: header is forged. Regards, -sm |