ietf-mailsig
[Top] [All Lists]

RFC2821 vs. RFC2822 signatures.

2004-09-23 04:47:33

At what level do we want to sign mail?

Using the RFC2822 identities allows us to do the cute stuff I suggested
in 
<1095437975(_dot_)17821(_dot_)383(_dot_)camel(_at_)hades(_dot_)cambridge(_dot_)redhat(_dot_)com>
about having multiple signatures so you can authenticate any or all of
the From:, Sender:, Resent-{From,Sender}: addresses. But how often will
that actually get used in _practice_?

But using RFC2822 identities means that if you want it to actually
_work_ in today's world, you have to deal with evil stuff like mailing
lists adding extra lines to the text, etc. It's painful.

On the other hand, we could use the RFC2821 MAIL FROM address as the
entity which must sign the mail. By doing that you basically remove the
need to be permissive about signatures -- you _only_ need to
canonicalise it w.r.t charset, etc. Wouldn't that be easier to implement
and deploy?

The disadvantage of using the RFC2821 reverse-path is that it's not
always displayed to the _recipient_ by their MUA. But then the Sender:
and Resent-From: addresses are often not displayed _either_ -- I don't
think that's too much of a problem. It still allows automatic rejection
by the MTA; and in fact it makes it _easier_.

-- 
dwmw2


<Prev in Thread] Current Thread [Next in Thread>