In <19990325120129(_dot_)50852(_at_)main(_dot_)templetons(_dot_)com> Brad
Templeton <brad(_at_)templetons(_dot_)com> writes:
There are not two lists. There are two ways to do things. They are:
a) I list which headers I have signed (or decided not to include).
Other programs can now add other headers. We hope remote sites
will realize they are not to be trusted.
b) I declare all headers MUST be signed, except ones I list.
Other programs can only add headers on the exception list, or they
must generate their own list (ie. they must understand signatures)
But the problem with method (b) is that injection agents (especially those
at big ISPs, or those in mail2news gateways) regard it as their absolute
right to add headers (Injected-By:, X-Trace:, NNTP-Posting-Host: and much
more), and to invent extra such headers whenever they feel like it. They
are not going to surrender that privilege easily.
Which is why (a) is much better. You can still easily tell which headers
were not covered by the signature. It is unlikely that they will include
anything that could seriously damage the integrity of the message
(especially if the poster uses the standard macro which carefully includes
all the critical ones).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl(_at_)clw(_dot_)cs(_dot_)man(_dot_)ac(_dot_)uk Web:
http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5