The only end points in an email security system are people.
End to end security is an intellectually bankrupt concept because outside
MIT there are no people who can perform RSA in their head, we inevitably end
up relying on mediators at a whole series of levels.
RFC 2821 identities are irrelevant when dealling with the phishing problem,
they are never seen by end users and are not intended to be seen.
-----Original Message-----
From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of David
Woodhouse
Sent: Wednesday, December 15, 2004 1:29 PM
To: Dave Crocker
Cc: ietf-mailsig
Subject: Re: mailing lists are delivery end-points
On Mon, 2004-12-13 at 15:17 -0800, Dave Crocker wrote:
Removing any attempt to transit mailing lists makes a mass
specification simpler (since it does not require adding
mechanisms to
survive that transition).
Agreed. And it means that you cannot guarantee that any of
the From:, Sender:, or Resent-From: headers will be validly
signed. If a message has all three, then either the Sender:
or Resent-From: header may be the most recent, but you don't
necessarily know which -- unless one of them matches the
RFC2821 reverse-path.
Those headers aren't always visible; for them to be reliably
visible you'd need to modify the MUA anyway, which is not
something we should be relying on.
Can you offer any reason why this mess of RFC2822 headers
should be used for verification, rather than the RFC2821
identity which is again much simpler?
--
dwmw2