In <20050304161151(_dot_)542a5388(_dot_)moore(_at_)cs(_dot_)utk(_dot_)edu>
Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:
X-Info: This message was accepted for relay by
smtp02.mrf.mail.rcn.net as the sender used SMTP authentication
Whoopee -- anybody with a working printf can forge such a line,
so that doesn't seem to do much.
Well, duh. Obviously you need something stronger than a header field
which doesn't contain any way of verifying what message it was attached
to. Take the input message, canonicalize it, hash that, sign the hash,
put the signature in the header field. Not rocket science (though the
canonicalization step is a bit tricky to get right)
Such as:
http://www.imc.org/ietf-usefor/drafts/draft-lindsey-usefor-signed-01.txt
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave,
CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5