ietf-mailsig
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Signing RFC 821 data in RFC 822 messages considered harmful.

2004-12-22 11:56:42
from [David Woodhouse] [Permanent Link] 

On Mon, 2004-12-20 at 07:24 -0800, Hallam-Baker, Phillip wrote:



Sorry, got distracted by watching your hands wave. Can you be 
more specific?


Take the time to learn about layered protocol design. Signing the SMTP
protocol data using an RFC 822 header is a clear layer violation.


You're right; we're signing SMTP protocol data. We're _not_ signing the
RFC822 object.

The RFC822 object is the email, with its unique Message-ID. That object
makes multiple transitions through the RFC821 transport system. But it
seems that we're not trying to authenticate the object through its
multiple transitions.

It's just a single transition through the RFC821 transport system which
we're attempting to authenticate. So I agree with you -- yes, using
RFC822 headers (such as the Sender: address) _is_ a layering violation.

-- 
dwmw2
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The end points are PEOPLE, william(at)elan.net
Next by Date:  Want a BoF at IETF 62?, Russ Housley
Previous by Thread:  RE: Signing RFC 821 data in RFC 822 messages considered harmful., Hallam-Baker, Phillip
Next by Thread:  RE: Signing RFC 821 data in RFC 822 messages considered harmful., Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]