In the small we are talking about a signature that is valid
from an initiator to a responder, and then discarded by the
responder. It creates a new signature as an initiator for
the next responder.
i think that accurately represents the current proposals.
does anyone disagree?
Depends how you define "initiator" and "responder". I initially read it as
being a single SMTP hop, in which case we already have TLS and it's
useless for our purposes (given the expensive unweildy PKI and lack of
routine certificate checking in the deployed base).
An alternative would be outgoing border MTA to recipient MX, or perhaps
MSA to MDA. The former case implies discarding the signature and
re-signing the message in the event of alias-forwarding -- but the
forwarding site cannot sign the message on behalf of the RFC822.Sender.
In the latter case, discarding the signature implies that MUA verification
isn't possible.
I don't think we should be discarding signatures anywhere.
In the event of resending (in the sense of RFC(2)822.Resent- headers)
there should perhaps be N+1 signatures, one for the 822.Sender: and one
for each of the N resendings.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
SHANNON: NORTHWEST VEERING NORTH 4 OR 5, OCCASIONALLY 6 AT FIRST. SHOWERS.
GOOD.