On Mon, 07 Apr 2003 12:29:45 -0400
Alan DeKok <aland(_at_)freeradius(_dot_)org> wrote:
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:
Alternately, use public/private gets to do something similar. The
benefit there is that the public keys can be put into DNS, and
*anyone* can verify the validity of the Message-ID.
That would require MTAs to detect MUA added Message-IDs and remove them
or to share the secret with the MUAs so they can correctly generate the
tokens.
There are two basic questions for such IDs:
Who generated them and can that be shown?
Was that ID generated for this specific message or some other (ie
possibly re-used)?
Not a trivial problem.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw(_at_)kanga(_dot_)nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg