At 11:18 PM 6/14/2003 -0400, you wrote:
On Monday, June 09, 2003 6:21 PM, Art Pollard [SMTP:pollarda(_at_)lextek(_dot_)com]
wrote:
8<...>8
> ... The CR system would filter based in the digital signature rather
> than the FROM address.
A signature that signs what? or do you mean a 'hash' produced using a
'senders' private key?
A digital signature uses a public / private key pair and a hash (typically
SHA). Given the public key then the signature and message could be
verified. The message would be signed with the private key as it went
out. The message's header would contain:
1) The digital signature (generated by the public/private key pair and the
message)
2) The public key.
The whitelisting would occur based not on the e-mail address but on the
public key. Thus when a new message comes in, the public key would be
looked up in the whitelist to see if it is already there. If it is there,
the message can be checked with the public key and the signature to ensure
that the proper public / private key pair actually was used to sign the
message and that the message has not been altered.
By whitelisting on the public key and not the e-mail address /
username/etc. the user can move between machines and accounts without new
challenges as long as they use the same public/private key pair to sign
their messages.
> Thus it would be quite possible for people to have
> multiple clients with the same digital signature (one for each e-mail
> address say) and they would only have to undergo the CR once -- even if
> they switched ISPs.
Same private key?
Yep.
8<...>8
> ...When whitelisting occurred, it would whitelist a
> particular person's signature rather than their e-mail address.
Caching of the public key?
Yep. The public key would be cached and would be used in the whitelisting
process.
-Art
--
Art Pollard
http://www.lextek.com/
Suppliers of High Performance Text Retrieval Engines.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg