On Wed, 5 Jan 2005, Jim Fenton wrote:
Sure, any entity modifying a message SHOULD re-sign it. But I don't see any
reason to explicitly exclude end to end use, if all the intermediaries (and
even re-originators, like mailing lists) happen to be "nice" to the message.
Or is it that the "good enough" solution you have in mind explicitly excludes
end to end use?
What I would like to be able to do is reject any message which has a
signature that fails to verify, without false positives (which are defined
by senders and recipients of messages, not by me).
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
CULLERCOATS: THERE COULD BE A SHORT PERIOD OF STORM FORCE WINDS IN VIKING,
NORTH UTSIRE AND FAIR ISLE FOR A TIME ON FRIDAY.