ietf-822
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Signed headers in email (was Re: Draft for signed headers)

1999-03-30 09:12:52
from [Charles Lindsey] [Permanent Link] 
In <199903291656(_dot_)LAA29949(_at_)astro(_dot_)cs(_dot_)utk(_dot_)edu> Keith 
Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:


The problem with this discussion is that it has been hijacked by those who
want to discuss all sorts of bells and whistles that go beyond what I was
proposing. 



net discussions have a way of doing this, especially when the participants
don't first have agreement on what problem they're trying to solve.


Indeed. My immediate objective is clear - to provide a basic technology
for signing headers on top of which which various applications (e.g.
signing newgroup and cancel messages) can then be built.



mail systems, and mail to news gateways, mung headers in so many ways
that this may be asking too much.


Well I claim my draft makes it possible, but the details need to be
examined to see if it holds up.



I think the real point is that signing only the headers is not very useful
for email, for various reasons.  Trying to make it useful for email is
probably a rathole.



Actually, if you sign headers (to prove they have not been significantly
altered en route, or that they originated where claimed) then you also
have to show that they are accompanied by the same body as they started
out with. I do that by having a Content-MD5 header and then including that
in the headers that are signed.

As to whether the feature is useful in mail in its own right, time will
tell. There might be applications where people wanted to send
authenticated datagrams using the mail transport mechanisms, but I leave
it to somebody else to invent that if they feel the urge. My real concern
for making it work in mail is that news articles sometimes find themselves
in the mail system (e.g. on the way to or from mailing lists).

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email:     chl(_at_)clw(_dot_)cs(_dot_)man(_dot_)ac(_dot_)uk  Web:   
http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9     Fingerprint: 73 6D C2 51 93 A0 01 E7  65 E8 64 7E 14 A4 AB A5
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  draft-gellens-format-04.txt, Randall Gellens
Next by Date:  Re: draft-gellens-format-03.txt, Charles Lindsey
Previous by Thread:  Re: Signed headers in email (was Re: Draft for signed headers), Keith Moore
Next by Thread:  Re: Signed headers in email (was Re: Draft for signed headers), Chris Newman
Indexes:  [Date] [Thread] [Top] [All Lists]