ietf-822
[Top] [All Lists]

Re: Signed headers in email (was Re: Draft for signed headers)

1999-03-25 12:23:51
On Thu, Mar 25, 1999 at 12:51:19AM -0800, Chris Newman wrote:
(2) MTAs are supposed to ignore headers anyway, so signed toplevel headers
    have no value to mail transport systems.

This creates a problem.  One of the most fundamental things people want
to verify at first is that a message comes from who it says it comes from.

This means verifying the From line and related lines at the very least.

However, mail user agents are not well suited to verify digital signatures
on mail from strangers.  They can handle people they know, but for strangers
they must rely on certificates signed by certification authorities.

But user agents, which are often offline when the process mail, have no
way to know if a certificate has been revoked.   It is not practical for
them to maintain a complete revocation database.   MTAs, which operate on
larger servers and which are also normally online, can handle
certificate revocation.

(4) Any attempt at a canonicalization algorithm for mail header signing is
    doomed to failure from the outset.  It will be ambiguous, too complex,
    or inadequate.

While I agree it's risky, I think there are simple algorithms that can work.
The drafted algorithm is unlikley, as it attempts to understand the headers.

(D) If signed headers are done only in netnews, they will be removed by
    the news->mail gateway, tunnelled through (1), or they likely won't
    work in the gateway case at all.

They probably won't be removed.  If they are kept the message can be
re-gatewayed into news so long as it is intact.  If it has been modified
the re-gateway will fail or need to re-sign with its own key.

<Prev in Thread] Current Thread [Next in Thread>