On Thu, 2004-09-23 at 07:58 -0700, David Mayne wrote:
While there are advantages to having some form of encrypton in RFC2821
return path checking, I'd hate to see that as the only thing this group
focuses on, just because it is perceived to be easier. All it buys is
some form of bounce address verification, which could have nothing to do
with the author of a message, a place where I believe crypto has very
disctinct advantages over channel based IP authentication and/or
authorization.
The address(es) in the From: header give the author(s) of the message. I
agree that it would be good to have a way to validate those.
But we have to make sure we don't choose RFC2822 identities over RFC2821
identities with that in mind and _then_ lose sight of our reasoning.
So if we accept the extra complexity of signing with the RFC2822
addresses, we need to make sure it's not easily bypassable by adding
'Sender:' or 'Resent-From:' headers. I think we really need to go all
the way and do the thing with multiple signatures. So you can verify
that it really is from the people in the From: header, that it really
was sent by the person in the Sender: header and it really was resent by
the people in the Resent-From: header etc.
--
dwmw2