Alan DeKok wrote:
Mark Baugher <mbaugher(_at_)cisco(_dot_)com> wrote:
It's not clear to me what Yahoo is proposing since the descriptions I have
read don't make much sense. But the first question I have with any
signature proposal is "what does the signature attest to?"
The signature is most likely done on a hash of the message body
and/or some headers from the envelope.
What it *means* is another question entirely.
The signature attests to the fact that the domain name or server from
which the message originated, is not forged.
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"And this too shall come to pass"
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg