In <199903252152(_dot_)NAA21112(_at_)astro(_dot_)cs(_dot_)utk(_dot_)edu> Keith
Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:
MTAs, which operate on larger servers and which are also normally
online, can handle certificate revocation.
MTAs have no business making decisions on users' behalf.
It could be done at the message store, perhaps, but not in the MTA.
Absolutely so. If some bogus persons send me a message, I would still like
to know what is going on, even if I choose to disbelieve what is said.
But, OTOH, it could be a useful service for an MTA to spot that a signature
was bogus, and to inform me as it delivered the message. It could, for
example, do so by adding a header that says so (my draft even provides a
suitable header for the purpose, as it happens).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl(_at_)clw(_dot_)cs(_dot_)man(_dot_)ac(_dot_)uk Web:
http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5