On Wed, 03 Nov 2004 08:08:31 -0800, Jim Fenton wrote:
The lists will want to be careful about what they sign. Unless
the list limits posting privileges to list members (and perhaps
even if it does), putting a mailing list behind a mailsig-aware
MTA is likely to cause the list to sign unauthorized messages by
default.
yes!
more generally, we certainly need to have the Security Considerations
section put very strong emphasis on the limitations of the mechanism,
both in terms of what makes for a "meaningful" signature, and what a
signature does and does not mean.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
www.brandenburg.com