On Fri, 1 Oct 2004, wayne wrote:
<william(_at_)elan(_dot_)net> writes:
> On 1 Oct 2004, John Levine wrote:
>
>> and (debatably)
>> doesn't have to survive all of the mangling that might happen to
>> messages as they pass through mailing lists and the like.
> This I STRONGLY SGRONGLY disagree. The system MUST be able to work
> within current email infrastructure and not break it. That means
> the signature must survive emails and forwarders and all other common
> email retransmision systems.
Isn't this kind of a fundemental catch-22?
If you allow someone to send from their Yahoo account to a mailing
list, allow the mailing list to add their garbage onto the end, and
still have the message verified, what is stopping a spammer from
creating a "mailing list" with all 50million "verified opt-in email
accounts" that adds their spam on the end?
To my understanding, it is a question of the purpose of the signature.
If it is for hop-by-hop protection and only needs to survive a single
transfer, then there is no conflict.
If it's for path validation, then presumably at any point you want to be
able to validate what happened at some prior "hop" in the path. This
would add certain requirements regarding the immutability of whatever is
signed, similar to but not exactly the same as the requirements both PGP
and S/MIME have to meet in order to be end-to-end.
In either case, I do not believe it is quite as bad as you describe
as long as each hop is "independent".
I think this is the reason why John said that this is debatable.
Exactly.
Jim