ietf-mailsig
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: mailing list software, was What does the mailsig mechanism mean?

2004-11-04 09:09:01
from [Dave Crocker] [Permanent Link] 

On Wed, 03 Nov 2004 08:08:31 -0800, Jim Fenton wrote:

 The lists will want to be careful about what they sign.  Unless
 the list limits posting privileges to list members (and perhaps
 even if it does), putting a mailing list behind a mailsig-aware
 MTA is likely to cause the list to sign unauthorized messages by
 default.


yes!

more generally, we certainly need to have the Security Considerations 
section put very strong emphasis on the limitations of the mechanism, 
both in terms of what makes for a "meaningful" signature, and what a 
signature does and does not mean.


d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker  a t ...
www.brandenburg.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Differences in signing, Dennis Dayman
Next by Date:  RE: mailing list software, was What does the mailsig mechanism mean?, Dan Wing
Previous by Thread:  Re: mailing list software, was What does the mailsig mechanism mean?, Jim Fenton
Next by Thread:  RE: mailing list software, was What does the mailsig mechanism mean?, Dan Wing
Indexes:  [Date] [Thread] [Top] [All Lists]