RE: Signing RFC 821 data in RFC 822 messages considered harmful.

ietf-mailsig

RE: Signing RFC 821 data in RFC 822 messages considered harmful.

2004-12-28 12:37:05


David Woodhouse writes:

It's just a single transition through the RFC821 transport system which
we're attempting to authenticate. So I agree with you -- yes, using
RFC822 headers (such as the Sender: address) _is_ a layering violation.


What I have asked repeatedly of the people who want a crypto
identity for auth/authz the last "sender" is why STARTTLS is
not adequate (ie, get to the 80/20 rule). Nobody ever
answers that.

I think MASS solves a different problem -- one that cannot
be addressed by STARTTLS.

             Mike

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Signing RFC 821 data in RFC 822 messages considered harmful., Hallam-Baker, Phillip Re: Signing RFC 821 data in RFC 822 messages considered harmful., David Woodhouse RE: Signing RFC 821 data in RFC 822 messages considered harmful., Hallam-Baker, Phillip RE: Signing RFC 821 data in RFC 822 messages considered harmful., David Woodhouse RE: Signing RFC 821 data in RFC 822 messages considered harmful., Michael Thomas <=

Previous by Date:	Re: Want a BoF at IETF 62?, ned . freed
Next by Date:	Re: Want a BoF at IETF 62?, Michael Thomas
Previous by Thread:	RE: Signing RFC 821 data in RFC 822 messages considered harmful., David Woodhouse
Next by Thread:	Want a BoF at IETF 62?, Russ Housley
Indexes:	[Date] [Thread] [Top] [All Lists]