On Fri, 2004-09-17 at 12:18 -0700, Miles Libbey wrote:
--- David Woodhouse <dwmw2(_at_)infradead(_dot_)org> wrote:
Second, it should be resilient to the common mangling which messages
may encounter in transit -- in particular the addition of text to the end
of a mail by mailing lists, by idiotic disclaimers and by self-advertising
virus checkers.
We should be careful in this requirement. Poking holes in
authentication means more chances for abusers. If we were to allow any
content at the end for instance, spammers may be able to figure out how
to replay legit messages and append their phishing information to the
end.
True. But I'd observe that the sender can happily convey the information
about precisely what was sent -- and it's up to the recipient to
determine how much mangling is acceptable.
If you don't want to accept a five-line signed message with 100 lines of
addition, you're probably right.
If you don't want to accept a 100-line signed message with two lines
added, that's probably your right.
--
dwmw2