ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] Not exactly not a threat analysis

2005-08-15 08:50:31
from [Dave Crocker] [Permanent Link] 
 This is useful, but seems to ignore the discussion that has been surrounding
 the fact the signature does not provide assurance about the source


yeah.  maybe i should have tried for different language, but folks seem more 
comfortable with that term and i wanted to see whether we could get basic 
agreement on any sort of summary description. 



- rather
 it provides assurance that a specified signing party is vouching for the
 message.  The signing party may be associated with the source, or they may
 not be.  Accepting the message on the basis of the signature implies
 accepting the relationship between the signing agent and the message
 originator.


I like your last sentence, although the signer does not have to necessarily be 
associated with the originator, since the message can be signed anywhere along 
the path.



  d/
  ---
  Dave Crocker
  Brandenburg InternetWorking
  +1.408.246.8253
  dcrocker  a t ...
  WE'VE MOVED to:  www.bbiw.net



_______________________________________________
ietf-dkim mailing list
&lt;http://dkim.org&gt;
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Scott Kitterman
Next by Date:  [ietf-dkim] dkim implementations, Dave Crocker
Previous by Thread:  RE: [ietf-dkim] Not exactly not a threat analysis, James Scott
Next by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]