ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Charter bashing...

2005-10-15 11:53:34
On October 13, 2005 at 16:24, Jim Fenton wrote:

I've brought up the issue of signer roles, but it appears
to have been rejected or gained no traction.

An attacker can easily add headers to assert that they're a mailing list 
(albeit one you haven't heard of), resender, etc. and sign them.  I 
don't think there is any way to prove what the signer role is.

There is no way to prove that a signing domain, and what it signs,
can be trusted (the reason trust systems must exist).  So how is
specifying the role any different from what else is signed?

--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org