From: "Kee Hinckley" <nazgul(_at_)somewhere(_dot_)com>
Anyone can type in forged headers. Sending a message where it's not
possible to detect the forgery is theoretically possible, but I've
never seen a documented case. (Which is not to say that I think that
signing isn't a good idea, or that I agree with Vernon's claim that
figuring out those headers is something that can easily be done by
the people who need to do it--but it can be done.)
If people are going to be fined, be kicked off nets, certificates revoked, etc.,
then the evidence that they violated a contract should hold up offline. Signed
messages have this property.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg