On Tue, 2005-07-05 at 23:40 +0200, Julian Mehnle wrote:
Receivers _must_ know "their" forwarders in order to trust them, otherwise
everybody could just claim to be a forwarder and abuse the e-mail system.
No. This is only true if you take a hop-by-hop method of authentication,
where you validate only a single mail host.
The end-to-end methods, such as DK, IIM, Meta Signature, BATV, SES, or
even just GPG, don't require this at all.
You don't need to trust your postman when he delivers the sealed letter
which I signed, do you?
--
dwmw2