Re: Signed headers in email (was Re: Draft for signed headers)

On Thu, 25 Mar 1999 11:30:44 PST, Brad Templeton said:
> On Thu, Mar 25, 1999 at 12:51:19AM -0800, Chris Newman wrote:
> > (D) If signed headers are done only in netnews, they will be removed by
> >     the news->mail gateway, tunnelled through (1), or they likely won't
> >     work in the gateway case at all.
> They probably won't be removed.  If they are kept the message can be
> re-gatewayed into news so long as it is intact.  If it has been modified
> the re-gateway will fail or need to re-sign with its own key.
OK.. I'll bite.  What does the fact that a piece of news is signed by
the re-entry gateway tell me?  Somewhere near zero, since the gateway
is in no position to verify that nothing untoward happened.  In fact,
if the gateway is signing it, then we *know* the original signature
is broken - if it was intact the gateway wouldn't need to sign it.

So what this *really* says is "If it has been modified, the re-gateway
will fail or need to be flagged as corrupted/modified".  A new signature
isn't needed - only a header added ('X-mangled-in-transit: maybe?).  This
seems to be the only header field that needs to be signed by the gateway,
as nothing else is really trustable at that point.

-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

pgpjEDbPrfi6e.pgp
Description: PGP signature