(I lurk for an education, and occasionally ask questions to help learn)
Tony Hansen wrote:
Person A sends the message to Person B. A's server AS does not sign the
message. Person B decides to resend the message to Person C, and B's
server BS duly adds a Resent-From: header and does signing.
As far as BS is concerned, the Resent-From: header is the one that
*should* be signed, not the From: header.
Assume that this "new system" you are creating is to be used by
people with current MUAs. Every MUA I am familiar with (the MS series
and the Netscape/Mozilla series) does the same thing when your "Person B
decides to resend": they create a new message, allowing B to put
whatever he/she/it wants to put in it, and appends the original message
(optionally allowing B to add, subtract, fold, spindle, and mutilate the
This is not a transparent retransmittal of the original message from
A as an MTA would do. Anyone who views this message from B has no way
of determining what, if any, modifications B has made to the original
Server BS _MUST_ treat this as a new message, from B, and sign as
From. How am I wrong, here?
Unable to locate coffee.
NOTE WELL: This list operates according to