ietf-mailsig
[Top] [All Lists]

RE: semantics of the signature

2004-10-07 11:01:49

From: Tony Finch
Sent: Thursday, October 07, 2004 12:40 PM

<...>

Say you implement verification on your border MTA, and then some internal
MDA then alias-forwards it to an external organization. You want them to
be able to authenticate the original sender of the message.

I was overly restrictive when I said MTA.  What I think is important is that
the signature be removed before the message is delivered to the MUA.  If
forwarding can be done by the MDA, then the MDA should have the
responsibility to remove the signature in the case of local delivery to an
end-user.  If an end-user system wants to automatically forward mail, it
should use re-mailing rather than alias forwarding.  The end-user system is
now the new message originator.  An MSA set up to control forgeries in a way
that would make DK useful would presumably _not_ accept a message with a
foreign return-path, so alias forwarding by end-user systems would be
prevented.

--

Seth Goodman


<Prev in Thread] Current Thread [Next in Thread>