ietf-822
[Top] [All Lists]

Re: Signed headers in email (was Re: Draft for signed headers)

1999-03-25 16:07:08
On Thu, Mar 25, 1999 at 05:03:01PM -0500, 
Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
OK.. I'll bite.  What does the fact that a piece of news is signed by
the re-entry gateway tell me?  Somewhere near zero, since the gateway
is in no position to verify that nothing untoward happened.  In fact,
if the gateway is signing it, then we *know* the original signature
is broken - if it was intact the gateway wouldn't need to sign it.

Indeed, it is unlikely that people would want to certify a re-entry
gateway.  However, if they wanted to certify one, they could, and it
could sign messages for re-insertion.   But I wouldn't advise it without
a lot of scrutiny.

Now some mail to news gateways will get certified, no doubt, but generally
their certificates will run only to the particular newsgroup they are
gatewaying into.   A general news to mail gateway that handles all groups
is unlikely.

Also possible is a news to mail gateway that works just for a site.  Since
it might well have (since it is operated by the site) a certificate letting
it sign messages as coming from that site, it could indeed handle any
newsgroup.  But it wouldn't handle messages from outside the site.

In general, going news -> mail -> news without preserving all news headers
and any news signature would be wrong, so it is not likely to get
certified as an activity.

<Prev in Thread] Current Thread [Next in Thread>