Re: [ietf-dkim] Not exactly not a threat analysis

ietf-dkim

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-17 10:04:31

On Tue, 16 Aug 2005, Thomas Roessler wrote:


What does "know that a message came from a designated source" mean?

One interpretation is that the recipient knows that the sender sent
this particular instance of the message to him.  To make this
happen, one would probably want to sign

   (message-id, message-hash, envelope sender, envelope recipient)

tuples (maybe with RFC2822.from instead of SMTP.mailfrom)


You can't include the envelope recipient address in the signature because
it is lost when the message passes through a forwarder.

Tony.
-- 
f.a.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.
_______________________________________________
ietf-dkim mailing list
http://dkim.org

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] Not exactly not a threat analysis, (continued) Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, George Gross Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch rogue DNS registrars, was Re: [ietf-dkim] Not exactly not a threat analysis, George Gross Re: [ietf-dkim] Not exactly not a threat analysis, william(at)elan.net [ietf-dkim] Re: Not exactly not a threat analysis, Frank Ellermann Re: [ietf-dkim] Not exactly not a threat analysis, Miles Re: Not exactly not a threat analysis, Florian Weimer Re: [ietf-dkim] Not exactly not a threat analysis, Thomas Roessler Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch <= Re: [ietf-dkim] Not exactly not a threat analysis, Douglas Otis Re: [ietf-dkim] Not exactly not a threat analysis, Eliot Lear Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore

Previous by Date:	Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore
Next by Date:	Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch
Previous by Thread:	Re: [ietf-dkim] Not exactly not a threat analysis, Thomas Roessler
Next by Thread:	Re: [ietf-dkim] Not exactly not a threat analysis, Douglas Otis
Indexes:	[Date] [Thread] [Top] [All Lists]