Re: The cost of choices


On July 31, 2005 at 14:37, Dave Crocker wrote:

 Since the i= tag does not have to equal From, how
 does the verifier know exactly what the signature is bound to?


Why does the verifier have to know exactly what the signature is bound to?


Spoofing.  See my previous posts about this.

Why does the signature have to be bound to the address in any other field?


Mailing list usage scenarios.

How is the sigature to be used, so that such binding is required?


See previous posts and threads discussing this.

--ewh

<Prev in Thread]	Current Thread	[Next in Thread>
Re: The cost of choices, (continued) Re: The cost of choices, Arvel Hathcock Re: The cost of choices, Jim Fenton Re: The cost of choices, Earl Hood Re: The cost of choices, Earl Hood Re: The cost of choices, Michael Thomas Re: The cost of choices, Earl Hood Re: The cost of choices, Michael Thomas Re: The cost of choices, Earl Hood Re: The cost of choices, Michael Thomas Re: The cost of choices, Dave Crocker Re: The cost of choices, Earl Hood <= RE: The cost of choices, Dave Crocker RE: The cost of choices, James Scott

Previous by Date:	PEM and mail signature DNS public key verification, william(at)elan.net
Next by Date:	Re: Comments on draft-allman-dkim-base-00.txt, Earl Hood
Previous by Thread:	Re: The cost of choices, Dave Crocker
Next by Thread:	RE: The cost of choices, Dave Crocker
Indexes:	[Date] [Thread] [Top] [All Lists]