Jim Fenton writes:
At 11:57 PM 10/8/2004 -0400, Andrew Newton wrote:
On Oct 8, 2004, at 8:16 PM, Jim Fenton wrote:
On the other hand, someone suggested a MIME encapsulation that would be
applied at the point of signing and removed at the point of verification.
That would not work, because there is no way to know if the recipient's
MTA is MASS-aware and would actually do that.
Except it could be expressed by the recipient in a MASS-policy record or by
the existence of a MASS-public-key.
Or an ESMTP option indicating MASS policy, I suppose.
But that would mean that every mail forwarder and mailing list from
which I receive mail also would need to become MASS-aware before
messages I get would be consistently signed. This would slow
deployment considerably, and is moving in the direction of a
hop-by-hop scheme.
Right. Receivers advertising any sort of policy is
fundamentally unworkable as a sender has no clue as to what
the ultimate path from sender to receiver is. Like, for
example, this mail *right* *here* is signed by me, forwarded
through this list to all of the participants on this list,
one of which is Jim who's running this software... but my
sending MTA has no clue by sending to <ietf-mailsig(_at_)imc(_dot_)org>
that he'll be one of the recipients. And it would be
considered a horrible security breach in many cases to
insist that I could. So it's just not workable in any way
that doesn't devolve into a next hop kind of relationship
which is not what you really want.
Mike